[im1lkng4fun]

Logfile of HijackThis v1.99.1
Scan saved at 12:53:16 PM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NProtect.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ekfconf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Documents and Settings\goakeson\Start Menu\Programs\Startup\CST.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\goakeson\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?

LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}

&ar=home
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!

\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop

Search\dsWebAllow.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [brwdiag] C:\WINDOWS\system32\brwconf.exe
O4 - HKLM\..\Run: [ekfdiag] C:\WINDOWS\system32\ekfconf.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: CST.exe
O4 - Startup: HotSync Manager.zip
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet

v series\Bin\hpoant07.exe
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32

\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!

\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!

\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!

\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!

\Messenger\yhexbmes0819.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} -

http://www.pandasoft....com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file

missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program

Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

http://63.236.66.10/...etup1.0.0.5.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) -

http://pacificautism...uter/nshelp.dll
O16 - DPF: {5CE8C9BE-B561-4311-8C03-D6F6C1CAF7E1} (CSND_AX.ctlCSND_AX) -

http://wwss1pro.comp...ect/CSND_AX.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros...b?1170374164546
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} -

http://imgfarm.com/i...etup1.0.0.3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) -

http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -

http://us.dl1.yimg.c.../yse/ymmapi.dll
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -

http://tools.ebayimg...ntrol_v1-32.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -

http://h30043.www3.h.../qdiagh.cab?314
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} -

http://pdf.forbes.co...oaderSigned.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -

http://us.dl1.yimg.c...ebio5_1_4_0.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) -

http://www29.compaq....co/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pacificautism.org
O17 - HKLM\Software\..\Telephony: DomainName = pacificautism.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB2346B5-6625-4087-8321-32BD9C0EEAEB}: NameServer =

192.168.1.150,66.80.130.23,66.80.131.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pacificautism.org
O20 - AppInit_DLLs: e1.dll wuapsecu.dll diagekf.dll confbrw.dll statekf.dll brwstat.dll
O20 - Winlogon Notify: brwmgr - C:\WINDOWS\SYSTEM32\brwmgr32.dll
O20 - Winlogon Notify: ekfconf - C:\WINDOWS\SYSTEM32\cfgekf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec

AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton

SystemWorks\Norton Utilities\NProtect.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\Security Center\SymWSC.exe

[Advertisements]

Hi im1lkng4fun

Welcome to GTG!

* Please repost your HijackThis log. This one is too mixed up to read because of Word Wrap. Before you post the next log, open it in notepad and go to Format then remove the check by Word Wrap.

** Before you post that new log, please do the following:

* Post an uninstall list for me using the HijackThis Uninstall Manager:

• Open HijackThis and click on the Open the Misc Tools section button.
• Click on the Open Uninstall Manager button.
• Click the Save List button.
• After you click the "Save List" button, you will be asked where to save the file.
• Pick a place to save it then the list should open in notepad.
• Copy and paste that list in your next reply to this thread.

* Click here to download Combofix.

• Save the comofix.exe file to your desktop.
• Doubleclick on the combofix file to begin the removal.
• At the first prompt press the Y key on your keyboard then press Enter to continue.
• Follow the prompts until the fix is complete
• Do not mouse click combofix's window while it is running. This may cause it to stall.
• When the fix is finished it will produce a log file.
• Come back here to this thread and post the folowing logs:
• Combofix log
• A new Hijack This log
• The Uninstall List

[Flrman1]

Hi im1lkng4fun

Welcome to GTG!

* Please repost your HijackThis log. This one is too mixed up to read because of Word Wrap. Before you post the next log, open it in notepad and go to Format then remove the check by Word Wrap.

** Before you post that new log, please do the following:

* Post an uninstall list for me using the HijackThis Uninstall Manager:

• Open HijackThis and click on the Open the Misc Tools section button.
• Click on the Open Uninstall Manager button.
• Click the Save List button.
• After you click the "Save List" button, you will be asked where to save the file.
• Pick a place to save it then the list should open in notepad.
• Copy and paste that list in your next reply to this thread.

* Click here to download Combofix.

• Save the comofix.exe file to your desktop.
• Doubleclick on the combofix file to begin the removal.
• At the first prompt press the Y key on your keyboard then press Enter to continue.
• Follow the prompts until the fix is complete
• Do not mouse click combofix's window while it is running. This may cause it to stall.
• When the fix is finished it will produce a log file.
• Come back here to this thread and post the folowing logs:
• Combofix log
• A new Hijack This log
• The Uninstall List

[im1lkng4fun]

combofix.....

"goakeson" - 07-02-13 9:47:24 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-07 16:10 <DIR> d-------- C:\Program Files\viewsonic
2007-02-07 16:10 <DIR> d-------- C:\DOCUME~1\goakeson\Application Data\Leadertech
2007-02-05 15:55 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-02-05 10:15 <DIR> d-------- C:\WINDOWS\hijackthis
2007-02-02 16:08 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-02-01 09:50 <DIR> d-------- C:\Program Files\RegCure
2007-01-24 01:11 0 --a------ C:\WINDOWS\eba2h6cc.dat
2007-01-22 19:09 16 --a------ C:\WINDOWS\sqhost.dat
2007-01-18 03:15 16 --a------ C:\WINDOWS\shost.dat
2007-01-16 10:40 0 --a------ C:\WINDOWS\ftg71cj1qx.dat
2007-01-16 10:39 16 --a------ C:\WINDOWS\tpup.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-13 09:47 -------- d-------- C:\Program Files\mozilla firefox
2007-02-13 09:39 5493 --a------ C:\WINDOWS\compaq.reg
2007-02-07 16:13 -------- d--h----- C:\Program Files\installshield installation information
2007-02-05 16:01 -------- d-------- C:\Program Files\google
2007-02-01 09:38 -------- d-------- C:\DOCUME~1\goakeson\Application Data\adobeum
2007-01-30 10:45 -------- d-------- C:\DOCUME~1\goakeson\Application Data\wsinspector
2007-01-26 13:51 -------- d-------- C:\Program Files\messenger
2007-01-12 13:14 103936 --a------ C:\WINDOWS\system32\osunuxth.exe
2007-01-11 11:30 -------- d-------- C:\Program Files\imtoo
2007-01-06 15:20 -------- d-------- C:\Program Files\symantec antivirus
2007-01-06 14:23 -------- d-------- C:\Program Files\lavasoft
2007-01-03 10:50 53248 --ah----- C:\WINDOWS\system32\confbrw.dll
2007-01-03 10:50 49152 --ah----- C:\WINDOWS\system32\brwprf32.dll
2007-01-03 10:50 40960 --ah----- C:\WINDOWS\system32\brwperf.exe
2007-01-03 10:50 335872 --ah----- C:\WINDOWS\system32\brwmgr32.dll
2007-01-03 10:50 126976 --ah----- C:\WINDOWS\system32\brwstat.dll
2006-12-29 11:10 32768 --a------ C:\WINDOWS\system32\wuapsecu.dll
2006-12-29 11:10 24576 --a------ C:\WINDOWS\system32\wmpssdpb.dll
2006-12-13 11:03 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-05 23:29 0 --a------ C:\WINDOWS\b60b8d6a.dat
2006-12-05 04:58 90624 --a------ C:\Program Files\Common Files\kbdb32.dll
2006-12-05 04:27 37347 --a------ C:\WINDOWS\i115.exe
2006-12-04 18:32 16 --a------ C:\WINDOWS\srserv.dat
2006-11-30 22:09 16 --a------ C:\WINDOWS\reggserv.dat
2006-11-25 11:37 53248 --ah----- C:\WINDOWS\system32\ekfprf32.dll
2006-11-25 11:37 49152 --ah----- C:\WINDOWS\system32\ekfconf.exe
2006-11-25 11:37 49152 --ah----- C:\WINDOWS\system32\diagekf.dll
2006-11-25 11:37 40960 --ah----- C:\WINDOWS\system32\ekfprov.exe
2006-11-25 11:37 389128 --ah----- C:\WINDOWS\system32\cfgekf.dll
2006-11-25 11:37 180224 --ah----- C:\WINDOWS\system32\statekf.dll
2006-11-22 10:19 16 --a------ C:\WINDOWS\cservv32.dat
2006-11-21 20:10 20480 --a------ C:\WINDOWS\system32\e1.dll
2006-11-21 17:10 0 --a------ C:\WINDOWS\f8or9s.exe
2006-11-20 00:42 33280 --a------ C:\WINDOWS\system32\snmp.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"srmclean"="C:\\Cpqs\\Scom\\srmclean.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"brwdiag"="C:\\WINDOWS\\system32\\brwconf.exe"
"ekfdiag"="C:\\WINDOWS\\system32\\ekfconf.exe"
"Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\
73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\
00
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup"
"CPQEASYACC"="C:\\Program Files\\COMPAQ\\Easy Access Button Support\\StartEAK.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"WFXSwtch"="C:\\PROGRA~1\\NORTON~2\\WinFax\\WFXSWTCH.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"Synchronization Manager"="%SystemRoot%\\system32\\mobsync.exe /logon"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"DataLayer"="C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"audiag"="C:\\WINDOWS\\system32\\audconf.exe"
"OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""
"ekfdiag"="C:\\WINDOWS\\system32\\ekfconf.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="e1.dll wuapsecu.dll diagekf.dll confbrw.dll statekf.dll brwstat.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
"NoWelcomeScreen"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\brwmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ekfconf

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\GregOakeson.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\RECYCLER\NPROTECT
C:\RECYCLER\NPROTECT\05640159. 1724416 bytes
C:\RECYCLER\NPROTECT\05640170. 16384 bytes
C:\RECYCLER\NPROTECT\05640219. 36864 bytes
C:\RECYCLER\NPROTECT\05640226. 851968 bytes
C:\RECYCLER\NPROTECT\05640228. 815104 bytes
C:\RECYCLER\NPROTECT\05640229. 1265664 bytes
C:\RECYCLER\NPROTECT\05640264. 114688 bytes
C:\RECYCLER\NPROTECT\05640342. 45056 bytes
C:\RECYCLER\NPROTECT\05640349. 176128 bytes
C:\RECYCLER\NPROTECT\05640356. 1744896 bytes
C:\RECYCLER\NPROTECT\05640361. 532480 bytes
C:\RECYCLER\NPROTECT\05640382. 1757184 bytes
C:\RECYCLER\NPROTECT\05640388. 323584 bytes
C:\RECYCLER\NPROTECT\05640423. 16384 bytes
C:\RECYCLER\NPROTECT\05640429. 20480 bytes
C:\RECYCLER\NPROTECT\05640461. 69632 bytes
C:\RECYCLER\NPROTECT\05640464. 1736704 bytes
C:\RECYCLER\NPROTECT\05640482. 24576 bytes
C:\RECYCLER\NPROTECT\05640484. 16384 bytes
C:\RECYCLER\NPROTECT\05640493. 20480 bytes
C:\RECYCLER\NPROTECT\05640505. 110592 bytes
C:\RECYCLER\NPROTECT\05640543. 106496 bytes
C:\RECYCLER\NPROTECT\05640558. 98304 bytes
C:\RECYCLER\NPROTECT\05640610. 118784 bytes
C:\RECYCLER\NPROTECT\05640618. 118784 bytes
C:\RECYCLER\NPROTECT\05640619. 118784 bytes
C:\RECYCLER\NPROTECT\05640620. 118784 bytes
C:\RECYCLER\NPROTECT\05640621. 114688 bytes
C:\RECYCLER\NPROTECT\05640622. 114688 bytes
C:\RECYCLER\NPROTECT\05640623. 118784 bytes
C:\RECYCLER\NPROTECT\05640624. 114688 bytes
C:\RECYCLER\NPROTECT\05640664. 20480 bytes
C:\RECYCLER\NPROTECT\05640700. 262144 bytes
C:\RECYCLER\NPROTECT\05640703. 122880 bytes
C:\RECYCLER\NPROTECT\05640705. 122880 bytes
C:\RECYCLER\NPROTECT\05640706. 258048 bytes
C:\RECYCLER\NPROTECT\05640708. 258048 bytes
C:\RECYCLER\NPROTECT\05640710. 258048 bytes
C:\RECYCLER\NPROTECT\05640711. 262144 bytes
C:\RECYCLER\NPROTECT\05640716. 122880 bytes
C:\RECYCLER\NPROTECT\05640717. 262144 bytes
C:\RECYCLER\NPROTECT\05640719. 122880 bytes
C:\RECYCLER\NPROTECT\05640721. 122880 bytes
C:\RECYCLER\NPROTECT\05640722. 262144 bytes
C:\RECYCLER\NPROTECT\05640725. 122880 bytes
C:\RECYCLER\NPROTECT\05640726. 262144 bytes
C:\RECYCLER\NPROTECT\05640730. 262144 bytes
C:\RECYCLER\NPROTECT\05640733. 118784 bytes
C:\RECYCLER\NPROTECT\05640734. 262144 bytes
C:\RECYCLER\NPROTECT\05640737. 258048 bytes
C:\RECYCLER\NPROTECT\05640738. 262144 bytes
C:\RECYCLER\NPROTECT\05640745. 262144 bytes
C:\RECYCLER\NPROTECT\05640748. 118784 bytes
C:\RECYCLER\NPROTECT\05640761. 8192 bytes
C:\RECYCLER\NPROTECT\05640775. 200704 bytes
C:\RECYCLER\NPROTECT\05640779. 118784 bytes
C:\RECYCLER\NPROTECT\05640788. 118784 bytes
C:\RECYCLER\NPROTECT\05640789. 118784 bytes
C:\RECYCLER\NPROTECT\05640790. 155648 bytes
C:\RECYCLER\NPROTECT\05640792. 114688 bytes
C:\RECYCLER\NPROTECT\05640793. 155648 bytes
C:\RECYCLER\NPROTECT\05640794. 114688 bytes
C:\RECYCLER\NPROTECT\05640796. 155648 bytes
C:\RECYCLER\NPROTECT\05640797. 114688 bytes
C:\RECYCLER\NPROTECT\05640798. 155648 bytes
C:\RECYCLER\NPROTECT\05640799. 118784 bytes
C:\RECYCLER\NPROTECT\05640802. 114688 bytes
C:\RECYCLER\NPROTECT\05640804. 114688 bytes
C:\RECYCLER\NPROTECT\05640805. 118784 bytes
C:\RECYCLER\NPROTECT\05640806. 155648 bytes
C:\RECYCLER\NPROTECT\05640811. 118784 bytes
C:\RECYCLER\NPROTECT\05982500.04lunc 114688 bytes
C:\RECYCLER\NPROTECT\05982501.04lunc 114688 bytes
C:\RECYCLER\NPROTECT\05982502.04lunc 114688 bytes
C:\RECYCLER\NPROTECT\05982503.04lunc 114688 bytes
C:\RECYCLER\NPROTECT\05982504.04lunc 118784 bytes
C:\RECYCLER\NPROTECT\05982505.04lunc 118784 bytes
C:\RECYCLER\NPROTECT\05982506.04lunc 118784 bytes
C:\RECYCLER\NPROTECT\05982507.04lunc 114688 bytes
C:\RECYCLER\NPROTECT\05982508.04lunc 114688 bytes
C:\RECYCLER\NPROTECT\05982509.04lunc 114688 bytes
C:\RECYCLER\NPROTECT\05982510.04lunc 114688 bytes
C:\RECYCLER\NPROTECT\05982511.04lunc 114688 bytes
C:\RECYCLER\NPROTECT\05982520. 24576 bytes
C:\RECYCLER\NPROTECT\05982563. Gould fo 20480 bytes
C:\RECYCLER\NPROTECT\05982564. 24576 bytes
C:\RECYCLER\NPROTECT\05982571. 20480 bytes
C:\RECYCLER\NPROTECT\05982582. Paul CupU 24576 bytes
C:\RECYCLER\NPROTECT\05982583.Matranga l 20480 bytes
C:\RECYCLER\NPROTECT\05982589. 20480 bytes
C:\RECYCLER\NPROTECT\05982594. 20480 bytes
C:\RECYCLER\NPROTECT\05982640. 24576 bytes
C:\RECYCLER\NPROTECT\26890849 448 bytes
C:\RECYCLER\NPROTECT\26890863.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26890913.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26890918.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26890919.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26890920.edb 65536 bytes
C:\RECYCLER\NPROTECT\26890927.TXT 12288 bytes
C:\RECYCLER\NPROTECT\26890930.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26891168.box 376 bytes
C:\RECYCLER\NPROTECT\26891169.exe 159744 bytes
C:\RECYCLER\NPROTECT\26891170.mfl 925696 bytes
C:\RECYCLER\NPROTECT\26891171.HTM 36864 bytes
C:\RECYCLER\NPROTECT\26891174.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891176.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891177.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26891178.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891181.box 376 bytes
C:\RECYCLER\NPROTECT\26891182.nub 28672 bytes
C:\RECYCLER\NPROTECT\26891183.ini 432 bytes
C:\RECYCLER\NPROTECT\26891184.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891185.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891187.TXT 32768 bytes
C:\RECYCLER\NPROTECT\26891188.TXT 544 bytes
C:\RECYCLER\NPROTECT\26891192.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891195.DIC 168 bytes
C:\RECYCLER\NPROTECT\26891200.cab 16384 bytes
C:\RECYCLER\NPROTECT\26891208.cab 16384 bytes
C:\RECYCLER\NPROTECT\26891217.dom 4096 bytes
C:\RECYCLER\NPROTECT\26891218.dom 312 bytes
C:\RECYCLER\NPROTECT\26891219.dom 392 bytes
C:\RECYCLER\NPROTECT\26891220.inf 224 bytes
C:\RECYCLER\NPROTECT\26891221.inf 4096 bytes
C:\RECYCLER\NPROTECT\26891222.inf 152 bytes
C:\RECYCLER\NPROTECT\26891245.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26891290.box 376 bytes
C:\RECYCLER\NPROTECT\26891291.exe 159744 bytes
C:\RECYCLER\NPROTECT\26891299.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26891302 448 bytes
C:\RECYCLER\NPROTECT\26891303.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891305.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891306.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891308.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891309.edb 1056768 bytes
C:\RECYCLER\NPROTECT\26891311.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891313.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891314.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891317.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891319.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891321.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891322.edb 65536 bytes
C:\RECYCLER\NPROTECT\26891323.TXT 8192 bytes
C:\RECYCLER\NPROTECT\26891324.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26891325.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891326.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26891331.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26891332 448 bytes
C:\RECYCLER\NPROTECT\26891354.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26891401.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26891403.edb 65536 bytes
C:\RECYCLER\NPROTECT\26891405.edb 1056768 bytes
C:\RECYCLER\NPROTECT\26891414.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26891415.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26891419.edb 65536 bytes
C:\RECYCLER\NPROTECT\26891420 448 bytes
C:\RECYCLER\NPROTECT\26891423.edb 65536 bytes
C:\RECYCLER\NPROTECT\26891424 448 bytes
C:\RECYCLER\NPROTECT\26891427.edb 65536 bytes
C:\RECYCLER\NPROTECT\26891454.AVA 4096 bytes
C:\RECYCLER\NPROTECT\26891456.AVA 12288 bytes
C:\RECYCLER\NPROTECT\26891457.AVA 4096 bytes
C:\RECYCLER\NPROTECT\26891458.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26891459.AVA 4096 bytes
C:\RECYCLER\NPROTECT\26891460.AVA 20480 bytes
C:\RECYCLER\NPROTECT\26891461.AVA 12288 bytes
C:\RECYCLER\NPROTECT\26891502.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26891503.box 376 bytes
C:\RECYCLER\NPROTECT\26891504.exe 159744 bytes
C:\RECYCLER\NPROTECT\26891507.mfl 1011712 bytes
C:\RECYCLER\NPROTECT\26891509 448 bytes
C:\RECYCLER\NPROTECT\26891535.AVA 8192 bytes
C:\RECYCLER\NPROTECT\26891578.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26891580.edb 65536 bytes
C:\RECYCLER\NPROTECT\26891584.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26891585.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26891586 448 bytes
C:\RECYCLER\NPROTECT\26891611.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26891615.edb 65536 bytes
C:\RECYCLER\NPROTECT\26891656.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26891659.LNK 4096 bytes
C:\RECYCLER\NPROTECT\26891660.LNK 4096 bytes
C:\RECYCLER\NPROTECT\26891661.LNK 4096 bytes
C:\RECYCLER\NPROTECT\26891662.LNK 4096 bytes
C:\RECYCLER\NPROTECT\26891663.LNK 4096 bytes
C:\RECYCLER\NPROTECT\26891664.LNK 4096 bytes
C:\RECYCLER\NPROTECT\26891665.LNK 4096 bytes
C:\RECYCLER\NPROTECT\26891666.LNK 4096 bytes
C:\RECYCLER\NPROTECT\26891667.LNK 4096 bytes
C:\RECYCLER\NPROTECT\26891668.LNK 4096 bytes
C:\RECYCLER\NPROTECT\26891670.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26891671.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26891673.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26891674 448 bytes
C:\RECYCLER\NPROTECT\26891676.edb 65536 bytes
C:\RECYCLER\NPROTECT\26891700.AVA 4096 bytes
C:\RECYCLER\NPROTECT\26891701.AVA 20480 bytes
C:\RECYCLER\NPROTECT\26891702.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26891747.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26891748 448 bytes
C:\RECYCLER\NPROTECT\26891773.AVA 4096 bytes
C:\RECYCLER\NPROTECT\26891774.AVA 12288 bytes
C:\RECYCLER\NPROTECT\26891775.AVA 4096 bytes
C:\RECYCLER\NPROTECT\26891776.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26891777.AVA 12288 bytes
C:\RECYCLER\NPROTECT\26891817.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26891818.edb 65536 bytes
C:\RECYCLER\NPROTECT\26891822 4096 bytes
C:\RECYCLER\NPROTECT\26891823 4096 bytes
C:\RECYCLER\NPROTECT\26891824 4096 bytes
C:\RECYCLER\NPROTECT\26891825 4096 bytes
C:\RECYCLER\NPROTECT\26891826 4096 bytes
C:\RECYCLER\NPROTECT\26891827 4096 bytes
C:\RECYCLER\NPROTECT\26891828 4096 bytes
C:\RECYCLER\NPROTECT\26891829 4096 bytes
C:\RECYCLER\NPROTECT\26891830 4096 bytes
C:\RECYCLER\NPROTECT\26891831 4096 bytes
C:\RECYCLER\NPROTECT\26891832 448 bytes
C:\RECYCLER\NPROTECT\26891834.edb 65536 bytes
C:\RECYCLER\NPROTECT\26891860.AVA 12288 bytes
C:\RECYCLER\NPROTECT\26891906.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26891912.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26891913.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26891914 448 bytes
C:\RECYCLER\NPROTECT\26891916.edb 65536 bytes
C:\RECYCLER\NPROTECT\26891938.AVA 12288 bytes
C:\RECYCLER\NPROTECT\26891982.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26891986.THE 8192 bytes
C:\RECYCLER\NPROTECT\26891990.BMP 245760 bytes
C:\RECYCLER\NPROTECT\26891991 448 bytes
C:\RECYCLER\NPROTECT\26892022.AVA 12288 bytes
C:\RECYCLER\NPROTECT\26892060.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26892070.edb 65536 bytes
C:\RECYCLER\NPROTECT\26892072.TXT 20480 bytes
C:\RECYCLER\NPROTECT\26892073.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26892075.sol 56 bytes
C:\RECYCLER\NPROTECT\26892076.EX_ 192512 bytes
C:\RECYCLER\NPROTECT\26892078.EXE 389120 bytes
C:\RECYCLER\NPROTECT\26892082.box 376 bytes
C:\RECYCLER\NPROTECT\26892083.exe 159744 bytes
C:\RECYCLER\NPROTECT\26892087.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26892097.MOZ 40960 bytes
C:\RECYCLER\NPROTECT\26892100.MOZ 40960 bytes
C:\RECYCLER\NPROTECT\26892101.exe 159744 bytes
C:\RECYCLER\NPROTECT\26892103.MOZ 20480 bytes
C:\RECYCLER\NPROTECT\26892105.box 376 bytes
C:\RECYCLER\NPROTECT\26892110.TXT 8192 bytes
C:\RECYCLER\NPROTECT\26892153.box 376 bytes
C:\RECYCLER\NPROTECT\26892155.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892158.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892162.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26892163.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892171.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892173.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892174.TXT 8192 bytes
C:\RECYCLER\NPROTECT\26892175.edb 1056768 bytes
C:\RECYCLER\NPROTECT\26892176 448 bytes
C:\RECYCLER\NPROTECT\26892205.AVA 20480 bytes
C:\RECYCLER\NPROTECT\26892243.THE 8192 bytes
C:\RECYCLER\NPROTECT\26892245.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26892251.edb 65536 bytes
C:\RECYCLER\NPROTECT\26892254.exe 614400 bytes
C:\RECYCLER\NPROTECT\26892258.box 376 bytes
C:\RECYCLER\NPROTECT\26892259.exe 159744 bytes
C:\RECYCLER\NPROTECT\26892267.exe 307200 bytes
C:\RECYCLER\NPROTECT\26892268.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892270.FOT 4096 bytes
C:\RECYCLER\NPROTECT\26892271.FOT 4096 bytes
C:\RECYCLER\NPROTECT\26892275.ilg 131072 bytes
C:\RECYCLER\NPROTECT\26892276.inx 139264 bytes
C:\RECYCLER\NPROTECT\26892277.ini 144 bytes
C:\RECYCLER\NPROTECT\26892278.exe 57344 bytes
C:\RECYCLER\NPROTECT\26892279.cab 626688 bytes
C:\RECYCLER\NPROTECT\26892280.hdr 12288 bytes
C:\RECYCLER\NPROTECT\26892281.bin 424 bytes
C:\RECYCLER\NPROTECT\26892295.ICM 512 bytes
C:\RECYCLER\NPROTECT\26892296.inf 53248 bytes
C:\RECYCLER\NPROTECT\26892297.PNF 110592 bytes
C:\RECYCLER\NPROTECT\26892304.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892310.MOZ 40960 bytes
C:\RECYCLER\NPROTECT\26892312.MOZ 40960 bytes
C:\RECYCLER\NPROTECT\26892314.exe 159744 bytes
C:\RECYCLER\NPROTECT\26892316.MOZ 20480 bytes
C:\RECYCLER\NPROTECT\26892318.box 376 bytes
C:\RECYCLER\NPROTECT\26892323.exe 307200 bytes
C:\RECYCLER\NPROTECT\26892324 448 bytes
C:\RECYCLER\NPROTECT\26892326.edb 65536 bytes
C:\RECYCLER\NPROTECT\26892327 448 bytes
C:\RECYCLER\NPROTECT\26892329.edb 65536 bytes
C:\RECYCLER\NPROTECT\26892330 448 bytes
C:\RECYCLER\NPROTECT\26892360.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26892392.box 376 bytes
C:\RECYCLER\NPROTECT\26892400.mfl 1089536 bytes
C:\RECYCLER\NPROTECT\26892406.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26892409.THE 8192 bytes
C:\RECYCLER\NPROTECT\26892410.edb 65536 bytes
C:\RECYCLER\NPROTECT\26892414.BMP 245760 bytes
C:\RECYCLER\NPROTECT\26892416.BMP 245760 bytes
C:\RECYCLER\NPROTECT\26892418.BMP 245760 bytes
C:\RECYCLER\NPROTECT\26892420.BMP 245760 bytes
C:\RECYCLER\NPROTECT\26892422.BMP 245760 bytes
C:\RECYCLER\NPROTECT\26892424.BMP 245760 bytes
C:\RECYCLER\NPROTECT\26892429.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892430.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892432.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892434.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892435.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892437.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892439.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892441.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892443.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892451.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892453.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892455.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892456.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892458.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892460.TXT 20480 bytes
C:\RECYCLER\NPROTECT\26892461.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26892463.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892465.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892467.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26892468 448 bytes
C:\RECYCLER\NPROTECT\26892499.AVA 8192 bytes
C:\RECYCLER\NPROTECT\26892540.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26892541.box 376 bytes
C:\RECYCLER\NPROTECT\26892542.exe 159744 bytes
C:\RECYCLER\NPROTECT\26892545.mfl 925696 bytes
C:\RECYCLER\NPROTECT\26892549.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892550.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892552.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892554.edb 65536 bytes
C:\RECYCLER\NPROTECT\26892555.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892557.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892560.TXT 8192 bytes
C:\RECYCLER\NPROTECT\26892561.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26892568.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26892572.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26892573 448 bytes
C:\RECYCLER\NPROTECT\26892604.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26892643.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26892646.sol 56 bytes
C:\RECYCLER\NPROTECT\26892649.box 376 bytes
C:\RECYCLER\NPROTECT\26892650.exe 159744 bytes
C:\RECYCLER\NPROTECT\26892653.edb 65536 bytes
C:\RECYCLER\NPROTECT\26892674.TXT 12288 bytes
C:\RECYCLER\NPROTECT\26892675.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26892720.box 376 bytes
C:\RECYCLER\NPROTECT\26892721.nub 28672 bytes
C:\RECYCLER\NPROTECT\26893358.ini 432 bytes
C:\RECYCLER\NPROTECT\26893359.ini 432 bytes
C:\RECYCLER\NPROTECT\26893360.db 320 bytes
C:\RECYCLER\NPROTECT\26893361.ini 432 bytes
C:\RECYCLER\NPROTECT\26893362.box 376 bytes
C:\RECYCLER\NPROTECT\26893363.exe 159744 bytes
C:\RECYCLER\NPROTECT\26893364.ini 432 bytes
C:\RECYCLER\NPROTECT\26893365.HTM 36864 bytes
C:\RECYCLER\NPROTECT\26893367.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26893368.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893371.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893372.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893373.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893374.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893375.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893376.MOZ 20480 bytes
C:\RECYCLER\NPROTECT\26893379.MOZ 40960 bytes
C:\RECYCLER\NPROTECT\26893380.box 376 bytes
C:\RECYCLER\NPROTECT\26893381.exe 159744 bytes
C:\RECYCLER\NPROTECT\26893382.ini 432 bytes
C:\RECYCLER\NPROTECT\26893384.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893388.MOZ 36864 bytes
C:\RECYCLER\NPROTECT\26893389.exe 159744 bytes
C:\RECYCLER\NPROTECT\26893392.box 376 bytes
C:\RECYCLER\NPROTECT\26893393.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893395.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893397.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893399.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893401.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893403.sol 4096 bytes
C:\RECYCLER\NPROTECT\26893404.TXT 20480 bytes
C:\RECYCLER\NPROTECT\26893411.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893413.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893416.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893418.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893420.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893422.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893424.TXT 8192 bytes
C:\RECYCLER\NPROTECT\26893427.box 376 bytes
C:\RECYCLER\NPROTECT\26893428.nub 28672 bytes
C:\RECYCLER\NPROTECT\26893429.ini 432 bytes
C:\RECYCLER\NPROTECT\26893430.dom 4096 bytes
C:\RECYCLER\NPROTECT\26893431.dom 312 bytes
C:\RECYCLER\NPROTECT\26893432.dom 392 bytes
C:\RECYCLER\NPROTECT\26893433.inf 224 bytes
C:\RECYCLER\NPROTECT\26893434.inf 4096 bytes
C:\RECYCLER\NPROTECT\26893435.inf 152 bytes
C:\RECYCLER\NPROTECT\26893441.cab 16384 bytes
C:\RECYCLER\NPROTECT\26893449.cab 16384 bytes
C:\RECYCLER\NPROTECT\26893479.AVA 28672 bytes
C:\RECYCLER\NPROTECT\26893498.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26893501.edb 1056768 bytes
C:\RECYCLER\NPROTECT\26893502 448 bytes
C:\RECYCLER\NPROTECT\26893503.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26893504.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26893510.edb 65536 bytes
C:\RECYCLER\NPROTECT\26893511.box 376 bytes
C:\RECYCLER\NPROTECT\26893512.ini 432 bytes
C:\RECYCLER\NPROTECT\26893516.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893518.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893521.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893532.TXT 16384 bytes
C:\RECYCLER\NPROTECT\26893535.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893537.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893539.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893540.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893544.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893547.TXT 8192 bytes
C:\RECYCLER\NPROTECT\26893551.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26893555.MOZ 36864 bytes
C:\RECYCLER\NPROTECT\26893558.MOZ 36864 bytes
C:\RECYCLER\NPROTECT\26893559.exe 159744 bytes
C:\RECYCLER\NPROTECT\26893560.MOZ 20480 bytes
C:\RECYCLER\NPROTECT\26893562.box 376 bytes
C:\RECYCLER\NPROTECT\26893564.lo_ 69632 bytes
C:\RECYCLER\NPROTECT\26893566 448 bytes
C:\RECYCLER\NPROTECT\26893585.AVA 4096 bytes
C:\RECYCLER\NPROTECT\26893586.AVA 28672 bytes
C:\RECYCLER\NPROTECT\26893587.AVA 4096 bytes
C:\RECYCLER\NPROTECT\26893588.AVA 12288 bytes
C:\RECYCLER\NPROTECT\26893589.AVA 4096 bytes
C:\RECYCLER\NPROTECT\26893590.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26893591.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26893631.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26893632.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26893633.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26893634.edb 65536 bytes
C:\RECYCLER\NPROTECT\26893636.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26893637.box 376 bytes
C:\RECYCLER\NPROTECT\26893638.ini 432 bytes
C:\RECYCLER\NPROTECT\26893642.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893644.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26893645.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26893649.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893663.MOZ 36864 bytes
C:\RECYCLER\NPROTECT\26893665.MOZ 40960 bytes
C:\RECYCLER\NPROTECT\26893667.exe 159744 bytes
C:\RECYCLER\NPROTECT\26893669.MOZ 20480 bytes
C:\RECYCLER\NPROTECT\26893670.box 376 bytes
C:\RECYCLER\NPROTECT\26893672 448 bytes
C:\RECYCLER\NPROTECT\26893693.AVA 12288 bytes
C:\RECYCLER\NPROTECT\26893720.GTH 1183744 bytes
C:\RECYCLER\NPROTECT\26893738.log 131072 bytes
C:\RECYCLER\NPROTECT\26893741.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26893744.edb 2113536 bytes
C:\RECYCLER\NPROTECT\26893745.edb 2113536 bytes
C:\RECYCLER\NPROTECT\26893747.edb 2113536 bytes
C:\RECYCLER\NPROTECT\26893785.edb 65536 bytes
C:\RECYCLER\NPROTECT\26893790.dat 32768 bytes
C:\RECYCLER\NPROTECT\26893792.box 376 bytes
C:\RECYCLER\NPROTECT\26893795.ini 432 bytes
C:\RECYCLER\NPROTECT\26893798.mfl 1081344 bytes
C:\RECYCLER\NPROTECT\26893802.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893805.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893809.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893810 448 bytes
C:\RECYCLER\NPROTECT\26893812.edb 65536 bytes
C:\RECYCLER\NPROTECT\26893813 448 bytes
C:\RECYCLER\NPROTECT\26893816.edb 65536 bytes
C:\RECYCLER\NPROTECT\26893841.AVA 4096 bytes
C:\RECYCLER\NPROTECT\26893842.AVA 28672 bytes
C:\RECYCLER\NPROTECT\26893844.AVA 28672 bytes
C:\RECYCLER\NPROTECT\26893887.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26893895.box 376 bytes
C:\RECYCLER\NPROTECT\26893898.exe 159744 bytes
C:\RECYCLER\NPROTECT\26893899.ini 432 bytes
C:\RECYCLER\NPROTECT\26893904.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893906.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893907.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893908.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893910.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893912.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893914.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893916.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893918.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893920.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893921.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893923.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893926.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26893927 448 bytes
C:\RECYCLER\NPROTECT\26893929.edb 65536 bytes
C:\RECYCLER\NPROTECT\26893930 448 bytes
C:\RECYCLER\NPROTECT\26893957.AVA 12288 bytes
C:\RECYCLER\NPROTECT\26893996.edb 65536 bytes
C:\RECYCLER\NPROTECT\26894003.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26894004 448 bytes
C:\RECYCLER\NPROTECT\26894030.AVA 12288 bytes
C:\RECYCLER\NPROTECT\26894074.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26894078.edb 65536 bytes
C:\RECYCLER\NPROTECT\26894080.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26894081.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26894082 448 bytes
C:\RECYCLER\NPROTECT\26894084.edb 65536 bytes
C:\RECYCLER\NPROTECT\26894111.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26894113 448 bytes
C:\RECYCLER\NPROTECT\26894178.box 376 bytes
C:\RECYCLER\NPROTECT\26894180.ini 432 bytes
C:\RECYCLER\NPROTECT\26894183.exe 159744 bytes
C:\RECYCLER\NPROTECT\26894187.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26894190.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26894192.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26894194.edb 65536 bytes
C:\RECYCLER\NPROTECT\26894197.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26894203.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26894209.MOZ 40960 bytes
C:\RECYCLER\NPROTECT\26894212.MOZ 40960 bytes
C:\RECYCLER\NPROTECT\26894213.exe 159744 bytes
C:\RECYCLER\NPROTECT\26894215.MOZ 20480 bytes
C:\RECYCLER\NPROTECT\26894217.box 376 bytes
C:\RECYCLER\NPROTECT\26894218 448 bytes
C:\RECYCLER\NPROTECT\26894220.edb 65536 bytes
C:\RECYCLER\NPROTECT\26894254.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26894255 448 bytes
C:\RECYCLER\NPROTECT\26894258.edb 65536 bytes
C:\RECYCLER\NPROTECT\26894326.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26894329.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26894344.TXT 8192 bytes
C:\RECYCLER\NPROTECT\26894345 448 bytes
C:\RECYCLER\NPROTECT\26894347.edb 65536 bytes
C:\RECYCLER\NPROTECT\26894376.AVA 20480 bytes
C:\RECYCLER\NPROTECT\26894417.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26894427.box 376 bytes
C:\RECYCLER\NPROTECT\26894429.ini 432 bytes
C:\RECYCLER\NPROTECT\26894434.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26894436.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26894437.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26894442.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26894446 448 bytes
C:\RECYCLER\NPROTECT\26894468.AVA 12288 bytes
C:\RECYCLER\NPROTECT\26894512.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26894516.box 376 bytes
C:\RECYCLER\NPROTECT\26894518.exe 159744 bytes
C:\RECYCLER\NPROTECT\26894519.ini 432 bytes
C:\RECYCLER\NPROTECT\26894530.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26894531.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26894537.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26894538.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26894540.edb 65536 bytes
C:\RECYCLER\NPROTECT\26894541.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26894547.MOZ 40960 bytes
C:\RECYCLER\NPROTECT\26894549.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26894551.MOZ 40960 bytes
C:\RECYCLER\NPROTECT\26894552.exe 159744 bytes
C:\RECYCLER\NPROTECT\26894554.MOZ 20480 bytes
C:\RECYCLER\NPROTECT\26894556.box 376 bytes
C:\RECYCLER\NPROTECT\26894557 448 bytes
C:\RECYCLER\NPROTECT\26894579.edb 65536 bytes
C:\RECYCLER\NPROTECT\26894583.AVA 12288 bytes
C:\RECYCLER\NPROTECT\26894628.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26894635.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26894636.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26894637.dom 4096 bytes
C:\RECYCLER\NPROTECT\26894638.dom 312 bytes
C:\RECYCLER\NPROTECT\26894639.dom 392 bytes
C:\RECYCLER\NPROTECT\26894640.inf 224 bytes
C:\RECYCLER\NPROTECT\26894641.inf 4096 bytes
C:\RECYCLER\NPROTECT\26894642.inf 152 bytes
C:\RECYCLER\NPROTECT\26894644 448 bytes
C:\RECYCLER\NPROTECT\26894645.CAB 3334144 bytes
C:\RECYCLER\NPROTECT\26894646.CAB 233472 bytes
C:\RECYCLER\NPROTECT\26894651.cab 16384 bytes
C:\RECYCLER\NPROTECT\26894670.cab 16384 bytes
C:\RECYCLER\NPROTECT\26894686.AVA 4096 bytes
C:\RECYCLER\NPROTECT\26894687.AVA 28672 bytes
C:\RECYCLER\NPROTECT\26894688.AVA 4096 bytes
C:\RECYCLER\NPROTECT\26894689.AVA 12288 bytes
C:\RECYCLER\NPROTECT\26894690.AVA 4096 bytes
C:\RECYCLER\NPROTECT\26894691.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26894692.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26894711.box 376 bytes
C:\RECYCLER\NPROTECT\26894720.ini 432 bytes
C:\RECYCLER\NPROTECT\26894744.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26894747.HTM 36864 bytes
C:\RECYCLER\NPROTECT\26894751.TXT 4096 bytes
C:\RECYCLER\NPROTECT\26894752.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26894753.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26894755.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26894756.edb 1056768 bytes
C:\RECYCLER\NPROTECT\26894757.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26894765.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26894767.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26894769.edb 65536 bytes
C:\RECYCLER\NPROTECT\26894770.MOZ 114688 bytes
C:\RECYCLER\NPROTECT\26894772.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26894774.box 376 bytes
C:\RECYCLER\NPROTECT\26894775.exe 159744 bytes
C:\RECYCLER\NPROTECT\26894776.ini 432 bytes
C:\RECYCLER\NPROTECT\26894780.mfl 925696 bytes
C:\RECYCLER\NPROTECT\26894783.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26894786.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26894790.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26894791.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26894793.MOZ 40960 bytes
C:\RECYCLER\NPROTECT\26894795.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26894797.MOZ 40960 bytes
C:\RECYCLER\NPROTECT\26894798 448 bytes
C:\RECYCLER\NPROTECT\26894822.AVA 4096 bytes
C:\RECYCLER\NPROTECT\26894823.AVA 20480 bytes
C:\RECYCLER\NPROTECT\26894824.AVA 16384 bytes
C:\RECYCLER\NPROTECT\26894843.box 376 bytes
C:\RECYCLER\NPROTECT\26894845.ini 432 bytes
C:\RECYCLER\NPROTECT\26894848.exe 159744 bytes
C:\RECYCLER\NPROTECT\26894850.EVM 4096 bytes
C:\RECYCLER\NPROTECT\26894852.mfl 1003520 bytes
C:\RECYCLER\NPROTECT\26894856.MOZ 118784 bytes
C:\RECYCLER\NPROTECT\26894859.edb 65536 bytes
C:\RECYCLER\NPROTECT\26894861.dat 32768 bytes
C:\RECYCLER\NPROTECT\26894879 88 bytes
C:\RECYCLER\NPROTECT\26894882 216 bytes
C:\RECYCLER\NPROTECT\26894921.SYS 8192 bytes
C:\RECYCLER\NPROTECT\26894923.TXT 8192 bytes
C:\RECYCLER\NPROTECT\26894924.TXT 36864 bytes
C:\RECYCLER\NPROTECT\26894936 696 bytes
C:\RECYCLER\NPROTECT\26894937.txt 4096 bytes
C:\RECYCLER\NPROTECT\26894958.txt 4096 bytes
C:\RECYCLER\NPROTECT\26894959.txt 8192 bytes
C:\RECYCLER\NPROTECT\26894960.txt 4096 bytes
C:\RECYCLER\NPROTECT\26894961.txt 4096 bytes
C:\RECYCLER\NPROTECT\26894962.txt 57344 bytes
C:\RECYCLER\NPROTECT\26894963.txt 8192 bytes
C:\RECYCLER\NPROTECT\26894965 16 bytes
C:\RECYCLER\NPROTECT\26894967.txt 104 bytes
C:\RECYCLER\NPROTECT\26894969.txt 104 bytes
C:\RECYCLER\NPROTECT\26894971.txt 104 bytes
C:\RECYCLER\NPROTECT\26894974.bat 4096 bytes
C:\RECYCLER\NPROTECT\26894989 4096 bytes
C:\RECYCLER\NPROTECT\26894991.txt 384 bytes
C:\RECYCLER\NPROTECT\26894992.txt 88 bytes
C:\RECYCLER\NPROTECT\26894993.txt 88 bytes
C:\RECYCLER\NPROTECT\26894994.txt 96 bytes
C:\RECYCLER\NPROTECT\26894995.txt 4096 bytes
C:\RECYCLER\NPROTECT\26894996.txt 88 bytes
C:\RECYCLER\NPROTECT\26894997.txt 88 bytes
C:\RECYCLER\NPROTECT\26894998.txt 96 bytes
C:\RECYCLER\NPROTECT\26894999.txt 88 bytes
C:\RECYCLER\NPROTECT\26895000.txt 88 bytes
C:\RECYCLER\NPROTECT\26895001.txt 96 bytes
C:\RECYCLER\NPROTECT\26895002.txt 96 bytes
C:\RECYCLER\NPROTECT\26895003.txt 88 bytes
C:\RECYCLER\NPROTECT\26895004.txt 96 bytes
C:\RECYCLER\NPROTECT\26895005.txt 96 bytes
C:\RECYCLER\NPROTECT\26895006.txt 432 bytes
C:\RECYCLER\NPROTECT\26895007.txt 4096 bytes
C:\RECYCLER\NPROTECT\26895008.txt 88 bytes
C:\RECYCLER\NPROTECT\26895009.txt 96 bytes
C:\RECYCLER\NPROTECT\26895010.txt 104 bytes
C:\RECYCLER\NPROTECT\26895011.txt 96 bytes
C:\RECYCLER\NPROTECT\26895012.txt 96 bytes
C:\RECYCLER\NPROTECT\26895013.txt 96 bytes
C:\RECYCLER\NPROTECT\26895014.txt 96 bytes
C:\RECYCLER\NPROTECT\26895015.txt 96 bytes
C:\RECYCLER\NPROTECT\26895016.txt 88 bytes
C:\RECYCLER\NPROTECT\26895017.txt 88 bytes
C:\RECYCLER\NPROTECT\26895018.txt 96 bytes
C:\RECYCLER\NPROTECT\26895019.txt 248 bytes
C:\RECYCLER\NPROTECT\26895020.txt 96 bytes
C:\RECYCLER\NPROTECT\26895021.txt 200 bytes
C:\RECYCLER\NPROTECT\26895022.txt 144 bytes
C:\RECYCLER\NPROTECT\26895023.txt 440 bytes
C:\RECYCLER\NPROTECT\26895024.txt 216 bytes
C:\RECYCLER\NPROTECT\26895025.txt 168 bytes
C:\RECYCLER\NPROTECT\26895026.txt 160 bytes
C:\RECYCLER\NPROTECT\26895027.txt 168 bytes
C:\RECYCLER\NPROTECT\26895028.txt 160 bytes
C:\RECYCLER\NPROTECT\26895029.txt 264 bytes
C:\RECYCLER\NPROTECT\26895030.txt 88 bytes
C:\RECYCLER\NPROTECT\26895031.txt 96 bytes
C:\RECYCLER\NPROTECT\26895032.txt 88 bytes
C:\RECYCLER\NPROTECT\26895033.txt 96 bytes
C:\RECYCLER\NPROTECT\26895034.txt 88 bytes
C:\RECYCLER\NPROTECT\26895035.txt 96 bytes
C:\RECYCLER\NPROTECT\26895036.txt 88 bytes
C:\RECYCLER\NPROTECT\26895037.txt 248 bytes
C:\RECYCLER\NPROTECT\26895038.txt 240 bytes
C:\RECYCLER\NPROTECT\26895039.txt 224 bytes
C:\RECYCLER\NPROTECT\26895040.txt 176 bytes
C:\RECYCLER\NPROTECT\26895041.txt 224 bytes
C:\RECYCLER\NPROTECT\26895042.txt 176 bytes
C:\RECYCLER\NPROTECT\26895043.txt 224 bytes
C:\RECYCLER\NPROTECT\26895044.txt 176 bytes
C:\RECYCLER\NPROTECT\26895045.txt 8192 bytes
C:\RECYCLER\NPROTECT\26895046 464 bytes
C:\RECYCLER\NPROTECT\26895047.log 232 bytes
C:\RECYCLER\NPROTECT\NPROTECT.LOG 647168 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 693

********************************************************************

Completion time: 07-02-13 9:53:34


here is hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 09:56, on 07-02-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NProtect.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Documents and Settings\goakeson\Start Menu\Programs\Startup\CST.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Documents and Settings\goakeson\Desktop\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [brwdiag] C:\WINDOWS\system32\brwconf.exe
O4 - HKLM\..\Run: [ekfdiag] C:\WINDOWS\system32\ekfconf.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: CST.exe
O4 - Startup: HotSync Manager.zip
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

[im1lkng4fun]

here is hijackthis again. don't think it copied it all........

Logfile of HijackThis v1.99.1
Scan saved at 09:56, on 07-02-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NProtect.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Documents and Settings\goakeson\Start Menu\Programs\Startup\CST.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Documents and Settings\goakeson\Desktop\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [brwdiag] C:\WINDOWS\system32\brwconf.exe
O4 - HKLM\..\Run: [ekfdiag] C:\WINDOWS\system32\ekfconf.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: CST.exe
O4 - Startup: HotSync Manager.zip
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://63.236.66.10/...etup1.0.0.5.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://pacificautism...uter/nshelp.dll
O16 - DPF: {5CE8C9BE-B561-4311-8C03-D6F6C1CAF7E1} (CSND_AX.ctlCSND_AX) - http://wwss1pro.comp...ect/CSND_AX.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1170374164546
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://imgfarm.com/i...etup1.0.0.3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../yse/ymmapi.dll
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?314
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.co...oaderSigned.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_4_0.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pacificautism.org
O17 - HKLM\Software\..\Telephony: DomainName = pacificautism.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB2346B5-6625-4087-8321-32BD9C0EEAEB}: NameServer = 192.168.1.150,66.80.130.23,66.80.131.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pacificautism.org
O20 - AppInit_DLLs: e1.dll wuapsecu.dll diagekf.dll confbrw.dll statekf.dll brwstat.dll
O20 - Winlogon Notify: brwmgr - C:\WINDOWS\SYSTEM32\brwmgr32.dll
O20 - Winlogon Notify: ekfconf - C:\WINDOWS\SYSTEM32\cfgekf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NProtect.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[im1lkng4fun]

here is the uninstall log you requestedAcoustica MP3 Audio Mixer
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.9
Adobe Shockwave Player
ArcSoft PhotoImpression
Boomerang Stationery
ClickStream Survey
CLIE SCSI Driver
Compaq Advisor
Dark River Stationery
Data Export
Depreciation Works
DESI Labeling System
DFX for Windows Media Player
DLA
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.14
Easy Access Button Support
Fax Machine 4.22
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
hp officejet v series
Image Converter 1.1
Inactive HP Printer Drivers (Remove only)
Intel® 845G Chipset Graphics Driver Software
Intellisync Lite
InterActual Player
InterVideo WinDVD
Java 2 Runtime Environment, SE v1.4.2_03
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Professional Edition 2003
Microsoft Outlook Personal Folders Backup
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Mozilla Firefox (1.5.0.9)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
My DSC
Nero Media Player
Nero OEM
NeroVision Express 2
Netscape 6 (6.2.1)
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton SystemWorks 2002
Norton WMI Update
NVIDIA Windows 2000/XP Display Drivers
Palm Desktop
Panda ActiveScan
Picasa 2
powerOne Personal v2.1.1 for Handhelds
QuickBooks Online Backup (remove only)
QuickBooks Pro Edition 2004
RecordNow
RecordNow Update Manager
RegCure 1.0.0.43
Remove Boly Media Digital Camera
S3Display
S3Gamma2
S3Info2
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
Serif DrawPlus 5.0
Serif DrawPlus 5.0 Design CD-ROM
Serif DrawPlus 6.0
Serif DrawPlus 7.0
Serif DrawPlus 7.0 Design CD
Shockwave
SimpleTech USB FlashLink
Symantec AntiVirus
Twill Stationery
Uninstall Startup Inspector for Windows
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
viaWARP
ViewSonic Monitor Drivers
Wallpaper Stationery
Windows Defender Signatures
Windows Desktop Search
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Series TweakMP PowerToy
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
Yahoo! Essentials
Yahoo! Internet Mail
Yahoo! Login
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar

...

[Flrman1]

* Go to Add/Remove programs and uninstall the following:

ClickStream Survey <------>Not sure about this one. Do you know what it is?
Java 2 Runtime Environment, SE v1.4.2_03


* Click here to download ATF Cleaner by Atribune and save it to your desktop.


* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [brwdiag] C:\WINDOWS\system32\brwconf.exe

O4 - HKLM\..\Run: [ekfdiag] C:\WINDOWS\system32\ekfconf.exe

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - Startup: CST.exe

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://63.236.66.10/...etup1.0.0.5.cab

O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.co...oaderSigned.cab

O20 - AppInit_DLLs: e1.dll wuapsecu.dll diagekf.dll confbrw.dll statekf.dll brwstat.dll

O20 - Winlogon Notify: brwmgr - C:\WINDOWS\SYSTEM32\brwmgr32.dll

O20 - Winlogon Notify: ekfconf - C:\WINDOWS\SYSTEM32\cfgekf.dll


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.

• Put a tick by Standard File Kill.
• In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:
  
  C:\WINDOWS\system32\brwconf.exe
  
  C:\WINDOWS\system32\ekfconf.exe
  
  C:\Program Files\Ebates_MoeMoneyMaker
  
  C:\WINDOWS\SYSTEM32\e1.dll
  
  C:\WINDOWS\SYSTEM32\wuapsecu.dll
  
  C:\WINDOWS\SYSTEM32\diagekf.dll
  
  C:\WINDOWS\SYSTEM32\confbrw.dll
  
  C:\WINDOWS\SYSTEM32\statekf.dll
  
  C:\WINDOWS\SYSTEM32\brwstat.dll
  
  C:\WINDOWS\SYSTEM32\brwmgr32.dll
  
  C:\WINDOWS\SYSTEM32\cfgekf.dll
  
  
• Click on the button that has the red circle with the X in the middle after you enter each file.
• It will ask for confimation to delete the file.
• Click Yes.
• Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
• Killbox may tell you that one or more files do not exist.
• If that happens, just continue on with all the files. Be sure you don't miss any.
• Exit the Killbox.

* Run ATF Cleaner:

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.
• If you use Firefox:
• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

• If you use Opera:
• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

[*]Click Exit on the Main menu to close the program.
[/list]
* Restart back into Windows normally now.


* Go here and do the BitDefender online virus scan.

• Click "I Agree" to agree to the EULA.
• Allow the ActiveX control to install when prompted.
• Click "Click here to scan" to begin the scan.
• Please refrain from using the computer until the scan is finished.
• When the scan is finished, click on "Click here to export the scan results"
• Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

[im1lkng4fun]

Hi there,

I really appreciate all the assisitance. I will of course be doing these items tommorrow on my work computer. I wanted to advise you of what the click stream appliction is. I am part of a panel for a microsoft user study and the clickstream appliction records my computer usage and send it to Microsoft. I will be getting a bramd new version of the new microsoft office release compliments of Microsoft and also entererd in a drawing for a chance to win some cash. So I hope you don't mind that I don't delete anything related to clickstream on my computer. I'll be posting again tommorrow evertythng as requested. Good night and thanks again ; )

[Flrman1]

So I hope you don't mind that I don't delete anything related to clickstream on my computer.

Not at all. I wasn't sure what it was. I knew I had heard of it and I was thinking it was a baddie. That is why I asked you about it first before giving a difinitive recommendation. I remember now that I read about it in one of the hundreds of emails I get from Microsoft!

[im1lkng4fun]

ok, so i has been tw o days since my last post..... that is because the simple task you asked me to carry out and then post the log files for did not go as smoothly as I had hoped. I've been trying for two days at work to run theBit Defender virus scan but never get to the end of it without my system counting down for 60 seconds an shutting down. This seems to be occurring more often and the time between the shut downs doewnt allow for me to do awhole lot. Anyway, I'm going to go get my notes and I will post again shortly describing some of the difficulties or unexpected actions I encountered while doing what you had asked from your last post. be back shortly....

[Flrman1]

I'll be here on and off all weekend.