Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

ISSUES: windows security alert pop up, home page changed to softwarere

Started by Jessikuh , Jun 09 2008 02:58 PM

This topic is locked

#1
Jessikuh

Posted 09 June 2008 - 02:58 PM

Member

Member
52 posts

first off thank you for taking the time to look at (and hopefully help with) my malware problem.
The computer was infected while my boyfriend was using it and he doesnt remember seeing anything out of the ordinary.

THE PROBLEMS:

softwarerefferal.com is now my home page

fake windows security alert pop up

VIRUS ALERT! next to clock and where ever system time is shown
(like error logs and stuff)

start menu missing my programs, help and support, control panel, documents, search, run, and my computer

task manager is gray when i right click the task bar and pressing ctrl alt del opens a box saying "task manager has been disabled by sytem administrator" (but i am the administrator)

when computer ran disk check it was verifying files it showed
three things that were cross linked on allocation unit
my infected hard drive is not connected cant read my notes but they are all in local settings temporary internet files
the first ends in 4T3GTL1R\HH WRAPPER [1].HTM on allocation unit 2298
the second ends in BEHAVIORS.CSS on allocation unit 74917
the third ends in ~DFD61E.TMP on allocationm unit 3706

problems seemed to get worse each time i turned it on so i tried fixing it myself i deleted active x controls i also used Asquared to change a few auto runs and My boyfriend tried to fix it a little before that then we switched out the hard drive and last night i put the other one back on now an error pops up saying NO DISK but if i move it out of the way im able to work on other things but the desktop and taskbar will be gone until i click the x box then i have desktop and task bar for 10 or 15 sec before next pop up. last night i was able to get the HJT LOG saved to my yahoo notebook.

here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:37: VIRUS ALERT!, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Windows folder: C:\WINDOWS
System folder: C:\WINDOWS\system
Hosts file: C:\WINDOWS\System32\drivers\etc\hosts

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com/br...H...RR&d=homerr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com/br...H...RR&d=homerr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/br...H...RR&d=homerr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Road Runner High Speed Online
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (filesize 2403392 bytes, MD5 6319F2D4708DBCAE37CFA03DA10782C0)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\MYDOWN~1\Companion\Installs\cpn\yt.dll (filesize 817936 bytes, MD5 5A9E77C71D6D7030BC170DD7CF04CF5D)
O3 - Toolbar: (no name) - {EC2B736E-2B50-4709-A63E-F69855335854} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (filesize 53248 bytes, MD5 91C0436BD6CB73370895EF33C1C9CB47)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (filesize 83360 bytes, MD5 5BC65464354A9FD3BEAA28E18839734A)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (filesize 509328 bytes, MD5 CA1E733B9B003530C38390EDF7E05B61)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (filesize 509328 bytes, MD5 CA1E733B9B003530C38390EDF7E05B61)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll (filesize 158504 bytes, MD5 F24D3D66C7E3F29485B14BEED91BE9E8)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll (filesize 158504 bytes, MD5 F24D3D66C7E3F29485B14BEED91BE9E8)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll (filesize 158504 bytes, MD5 F24D3D66C7E3F29485B14BEED91BE9E8)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll (filesize 1498112 bytes, MD5 62137AD7EBB6C3AE9C23D2700FA3ABAC)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 557568 bytes, MD5 CEBED017C4965FC4407CCD986AE0A528)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 557568 bytes, MD5 CEBED017C4965FC4407CCD986AE0A528)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1694208 bytes, MD5 74E6E96C6F0E2ECA4EDBB7F7A468F259)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1694208 bytes, MD5 74E6E96C6F0E2ECA4EDBB7F7A468F259)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-9c40c2bfe...ad/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace...ronGameHost.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.c...oad/XUpload.ocx
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - http://zone.msn.com/...rp.cab56961.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC664F3C-1181-421E-AED6-268E3B3D15BF}: Domain = extremities.com
O21 - SSODL: vltdfabw - {A432D9EC-4A92-4F88-B77C-3B5BB07B9A79} - C:\WINDOWS\vltdfabw.dll (filesize 348160 bytes, MD5 CF0398A73130D64EF84A42CF20167A2B)
O21 - SSODL: vregfwlx - {3B5D658A-965D-40E9-8F97-0CD0BD244449} - C:\WINDOWS\vregfwlx.dll (filesize 258048 bytes, MD5 32A32250488132AFC6E39C0B7A69EB5F)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exeC:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exeC:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exeC:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exec:\windows\system32\mssrv32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeC:\WINDOWS\wanmpsvc.exe

--
End of file - 9553 bytes

#2
RatHat

Posted 09 June 2008 - 09:37 PM

Ex Malware Expert

Expert
7,829 posts

Hi there,

OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with. Please ensure you turn off word wrap in Notepad. To do this, open Notepad, choose Format, then Un-check Word Wrap. (Word Wrap makes reading your log difficult).

Next, I would like to make sure that you can view hidden files and folders;

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Under the Hidden files and folders heading SELECT Show hidden files and folders.
UNCHECK the Hide protected operating system files (recommended) option.
UNCHECK the Hide extensions for known file types option.
Click Yes to confirm.
Click OK.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
O3 - Toolbar: (no name) - {EC2B736E-2B50-4709-A63E-F69855335854} - (no file)
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O21 - SSODL: vltdfabw - {A432D9EC-4A92-4F88-B77C-3B5BB07B9A79} - C:\WINDOWS\vltdfabw.dll (filesize 348160 bytes, MD5 CF0398A73130D64EF84A42CF20167A2B)
O21 - SSODL: vregfwlx - {3B5D658A-965D-40E9-8F97-0CD0BD244449} - C:\WINDOWS\vregfwlx.dll (filesize 258048 bytes, MD5 32A32250488132AFC6E39C0B7A69EB5F)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please read this Combofix tutorial before continuing, then follow the instructions below.

Please ensure you read this guide carefully and install the Recovery Console first.

Next, download ComboFix from Here or Here to your Desktop.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.

Posted Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Posted Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you. Save this log to your desktop as Combofix.txt and post it in your next reply.

(Note: Combofix will also save the report to C:\Combofix.txt)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display the results if your system has been infected.
- Now click on the Save Report As Text button:
Under Save as type, choose Text file (*.txt)
Save the file to your desktop as Kaspersky.txt
Copy and paste that information in your next post.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

So in your next reply, please include the following logs:

The contents of the SDFix report
The contents of the Combofix log
The contents of Kaspersky.txt
A fresh HijackThis log

Note that you will probably need to split the logs into 3 or 4 posts to ensure they are complete.

Regards,
RatHat

#3
Jessikuh

Posted 10 June 2008 - 03:35 PM

Member

Topic Starter
Member
52 posts

Thank you and sorry about the word wrap I will print this out and switch the hard drives right now.

again thank you so much

#4
Jessikuh

Posted 11 June 2008 - 01:39 AM

Member

Topic Starter
Member
52 posts

I could not access control panel to view hidden files and folders but i continued to the next step.
I had HJT fix the entries you told me to.

I was able to download the SDFix but it would not run
so I went to the next step.

I was able to download and run the combofix.

I could not run the kaspersky online scan because the accept button was not clickable.

i was able to change the settings to view hidden files and folders and did another HJT scan.

The combofix and hjt log will be posted next

Edited by just change the hard drive, 11 June 2008 - 01:47 AM.

#5
Jessikuh

Posted 11 June 2008 - 01:50 AM

Member

Topic Starter
Member
52 posts

ComboFix 08-06-10.1 - Jaycia 2008-06-10 22:05:44.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.662 [GMT -7:00]
Running from: C:\Documents and Settings\Jaycia\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jaycia\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\All Users\Application Data\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\Jaycia\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\Jaycia\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\Jaycia\Desktop\Error Cleaner.url
C:\Documents and Settings\Jaycia\Desktop\Privacy Protector.url
C:\Documents and Settings\Jaycia\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Jaycia\err.log
C:\Documents and Settings\Jaycia\Favorites\Error Cleaner.url
C:\Documents and Settings\Jaycia\Favorites\Privacy Protector.url
C:\Documents and Settings\Jaycia\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Jaycia\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Jaycia\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Jaycia\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\LocalService\Application Data\Starware
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Reference\ReferenceOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\SitePager\SitePagerOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\SitePager\SitePagerOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\SmileyTown\SmileyTownOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Weather\AlertArchive.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Weather\WeatherOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Weather\WeatherOptions.xml.backup
C:\Program Files\asks~1
C:\Program Files\autorun.inf
C:\Program Files\Common Files\stem32~1
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\FunWebProducts
C:\Program Files\inetget2
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.htm
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\winantispyware 2007
C:\Program Files\winantispyware 2007\Activate.dat
C:\Program Files\winantispyware 2007\appupdate.dat
C:\Program Files\winantispyware 2007\AsAgents.xml
C:\Program Files\winantispyware 2007\atl71.dll
C:\Program Files\winantispyware 2007\AutoProcess.dat
C:\Program Files\winantispyware 2007\bnlink.dat
C:\Program Files\winantispyware 2007\database\enemies.dat
C:\Program Files\winantispyware 2007\database\knownfiles.dat
C:\Program Files\winantispyware 2007\database\TEBase.dat
C:\Program Files\winantispyware 2007\database\vbpv.dat
C:\Program Files\winantispyware 2007\dbupdate.dat
C:\Program Files\winantispyware 2007\diagnosis.dat
C:\Program Files\winantispyware 2007\fopnl.dll
C:\Program Files\winantispyware 2007\InstHelp.exe
C:\Program Files\winantispyware 2007\InstUp.exe
C:\Program Files\winantispyware 2007\lapv.dat
C:\Program Files\winantispyware 2007\license.rtf
C:\Program Files\winantispyware 2007\manual.pdf
C:\Program Files\winantispyware 2007\manual.url
C:\Program Files\winantispyware 2007\mfc71.dll
C:\Program Files\winantispyware 2007\monstate.dat
C:\Program Files\winantispyware 2007\msvcp71.dll
C:\Program Files\winantispyware 2007\msvcr71.dll
C:\Program Files\winantispyware 2007\ps.dat
C:\Program Files\winantispyware 2007\pv.dat
C:\Program Files\winantispyware 2007\quaratine.dat\#post_quarantine
C:\Program Files\winantispyware 2007\readme.rtf
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\048707a5656d4da2a7f89484\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\048707a5656d4da2a7f89484\11d2408d521a455f6619ad8f\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\048707a5656d4da2a7f89484\11d2408d521a455f6619ad8f\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\048707a5656d4da2a7f89484\11d2408d521a455f6619ad8f\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\048707a5656d4da2a7f89484\3220b5d630ce45e8d777daa7\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\048707a5656d4da2a7f89484\3220b5d630ce45e8d777daa7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\048707a5656d4da2a7f89484\3220b5d630ce45e8d777daa7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\048707a5656d4da2a7f89484\8049c007948f463b0c2b8d8e\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\048707a5656d4da2a7f89484\8049c007948f463b0c2b8d8e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\048707a5656d4da2a7f89484\8049c007948f463b0c2b8d8e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\048707a5656d4da2a7f89484\d2dd8edab00c49dd3da87193\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\048707a5656d4da2a7f89484\d2dd8edab00c49dd3da87193\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\048707a5656d4da2a7f89484\d2dd8edab00c49dd3da87193\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\06f834ebf9244bc743808d80\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\06f834ebf9244bc743808d80\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\06f834ebf9244bc743808d80\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\06f834ebf9244bc743808d80\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\07946a58b7f04d582dcb129b\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\07946a58b7f04d582dcb129b\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\07946a58b7f04d582dcb129b\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\07946a58b7f04d582dcb129b\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\081c1e6f60194c3923020686\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\081c1e6f60194c3923020686\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\081c1e6f60194c3923020686\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\0893c7d54f2f4f022d8bbfa7\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\0893c7d54f2f4f022d8bbfa7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\0893c7d54f2f4f022d8bbfa7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\0d6d75019d644b416358839d\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\0d6d75019d644b416358839d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\0d6d75019d644b416358839d\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\0d6d75019d644b416358839d\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\1778026dee34437dc97b97b6\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\1778026dee34437dc97b97b6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\1778026dee34437dc97b97b6\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\182d3de13b4e4b0de396e29d\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\182d3de13b4e4b0de396e29d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\182d3de13b4e4b0de396e29d\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\18e09b5a3b844f9e5cb17ab8\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\18e09b5a3b844f9e5cb17ab8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\18e09b5a3b844f9e5cb17ab8\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\1ba702dd2bc64eda570eb0ab\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\1ba702dd2bc64eda570eb0ab\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\1ba702dd2bc64eda570eb0ab\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\1ec40509ebc842450ac55988\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\1ec40509ebc842450ac55988\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\1ec40509ebc842450ac55988\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\23e33a49d4f448cb36eae9a1\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\23e33a49d4f448cb36eae9a1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\23e33a49d4f448cb36eae9a1\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\252b55de63664581ea97cf87\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\252b55de63664581ea97cf87\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\252b55de63664581ea97cf87\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\257da364c0434a474cf29ba3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\257da364c0434a474cf29ba3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\257da364c0434a474cf29ba3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\30401d3cde0442b3fe3668b5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\30401d3cde0442b3fe3668b5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\30401d3cde0442b3fe3668b5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\317d853c6ff6427bac5d2985\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\317d853c6ff6427bac5d2985\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\317d853c6ff6427bac5d2985\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\32758882772d4f8320c6a690\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\32758882772d4f8320c6a690\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\32758882772d4f8320c6a690\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\3641cd0f30554b21912cc5b9\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\3641cd0f30554b21912cc5b9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\3641cd0f30554b21912cc5b9\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\3641cd0f30554b21912cc5b9\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\3eef450891e148582236df89\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\3eef450891e148582236df89\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\3eef450891e148582236df89\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\42bc2b0a434b431463bf1c8c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\42bc2b0a434b431463bf1c8c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\42bc2b0a434b431463bf1c8c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\42bc2b0a434b431463bf1c8c\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\47deea64135c4df93959a4bb\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\47deea64135c4df93959a4bb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\47deea64135c4df93959a4bb\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\4fa0c34cd0374e33e00502a9\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\4fa0c34cd0374e33e00502a9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\4fa0c34cd0374e33e00502a9\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\519feaf5bffa49c0705beaa0\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\519feaf5bffa49c0705beaa0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\519feaf5bffa49c0705beaa0\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\57ee89ce5e17478ed29295bc\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\57ee89ce5e17478ed29295bc\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\57ee89ce5e17478ed29295bc\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\57ee89ce5e17478ed29295bc\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\5e28b1fcd16d4e7780346db9\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\5e28b1fcd16d4e7780346db9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\5e28b1fcd16d4e7780346db9\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\624bb0af2d9d4c570b9ed4ac\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\624bb0af2d9d4c570b9ed4ac\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\624bb0af2d9d4c570b9ed4ac\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\63e28ad5c6124dff8726a1b6\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\63e28ad5c6124dff8726a1b6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\63e28ad5c6124dff8726a1b6\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\63e28ad5c6124dff8726a1b6\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\6b365d329cd74e4ffd7596b8\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\6b365d329cd74e4ffd7596b8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\6b365d329cd74e4ffd7596b8\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\6b365d329cd74e4ffd7596b8\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\6be2568f4fd545876329879f\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\6be2568f4fd545876329879f\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\6be2568f4fd545876329879f\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\6be2568f4fd545876329879f\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\72d2a78aaccc478dffca3d9a\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\72d2a78aaccc478dffca3d9a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\72d2a78aaccc478dffca3d9a\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\767f0af6760d48e5e6e50c8e\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\767f0af6760d48e5e6e50c8e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\767f0af6760d48e5e6e50c8e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\780d3c9dd48c4abeb8f2da8d\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\780d3c9dd48c4abeb8f2da8d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\780d3c9dd48c4abeb8f2da8d\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\780d3c9dd48c4abeb8f2da8d\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7832bc25ac3e4430707baca1\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7832bc25ac3e4430707baca1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7832bc25ac3e4430707baca1\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7c1742f9eb6a43e28ed3fb83\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7c1742f9eb6a43e28ed3fb83\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7c1742f9eb6a43e28ed3fb83\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7c1742f9eb6a43e28ed3fb83\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7de117cb342340534b11f9b9\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7de117cb342340534b11f9b9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7de117cb342340534b11f9b9\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7de117cb342340534b11f9b9\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7ec14489d77b440c78d42d95\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7ec14489d77b440c78d42d95\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7ec14489d77b440c78d42d95\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7ec14489d77b440c78d42d95\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7eed64a0703c457f6f7dffa3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7eed64a0703c457f6f7dffa3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\7eed64a0703c457f6f7dffa3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\82af8e0c2f314f4e82029182\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\82af8e0c2f314f4e82029182\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\82af8e0c2f314f4e82029182\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\82af8e0c2f314f4e82029182\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\8ddca8bbd75d4f21455533bb\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\8ddca8bbd75d4f21455533bb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\8ddca8bbd75d4f21455533bb\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\8f56ee2b899745a8a4f8898e\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\8f56ee2b899745a8a4f8898e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\8f56ee2b899745a8a4f8898e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\8f56ee2b899745a8a4f8898e\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\91309d4abcf74bc8f0a97b9e\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\91309d4abcf74bc8f0a97b9e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\91309d4abcf74bc8f0a97b9e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\92089de51fb74e978bc58cb1\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\92089de51fb74e978bc58cb1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\92089de51fb74e978bc58cb1\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\937b73d2ebb8402ee52b4cb3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\937b73d2ebb8402ee52b4cb3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\937b73d2ebb8402ee52b4cb3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\952a283302e344f122be9396\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\952a283302e344f122be9396\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\952a283302e344f122be9396\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\971faba5a60a4cb2cef28ba2\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\971faba5a60a4cb2cef28ba2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\971faba5a60a4cb2cef28ba2\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\971faba5a60a4cb2cef28ba2\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\98a7c9f157cb4041725bda8c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\98a7c9f157cb4041725bda8c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\98a7c9f157cb4041725bda8c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\98a7c9f157cb4041725bda8c\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\9a0ac66fad444d571e45c782\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\9a0ac66fad444d571e45c782\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\9a0ac66fad444d571e45c782\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\9f1c9f5c9b4c44f40f6bb3a2\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\9f1c9f5c9b4c44f40f6bb3a2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\9f1c9f5c9b4c44f40f6bb3a2\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\9f1c9f5c9b4c44f40f6bb3a2\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\a4194fb367c041f0c9b4e89f\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\a4194fb367c041f0c9b4e89f\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\a4194fb367c041f0c9b4e89f\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\a4194fb367c041f0c9b4e89f\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\ae39d15560eb4f1aea9321bb\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\ae39d15560eb4f1aea9321bb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\ae39d15560eb4f1aea9321bb\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\b0de55c4cb7548c857a6cc83\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\b0de55c4cb7548c857a6cc83\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\b0de55c4cb7548c857a6cc83\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\b58a44e2b7af444627f3e8b9\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\b58a44e2b7af444627f3e8b9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\b58a44e2b7af444627f3e8b9\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\bc08819a81ff4063ed4834af\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\bc08819a81ff4063ed4834af\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\bc08819a81ff4063ed4834af\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\bc08819a81ff4063ed4834af\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\cc5cf6e125644e5e347579a5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\cc5cf6e125644e5e347579a5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\cc5cf6e125644e5e347579a5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\cc7273f448f5443a2d541082\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\cc7273f448f5443a2d541082\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\cc7273f448f5443a2d541082\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\cc7273f448f5443a2d541082\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\d33599534021471646633d84\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\d33599534021471646633d84\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\d33599534021471646633d84\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\d5402d2936ce40bef0ee17bc\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\d5402d2936ce40bef0ee17bc\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\d5402d2936ce40bef0ee17bc\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\d5402d2936ce40bef0ee17bc\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\d68195570aba40efc2d475a7\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\d68195570aba40efc2d475a7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\d68195570aba40efc2d475a7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\e08b137e155642b1ee7cfd98\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\e08b137e155642b1ee7cfd98\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\e08b137e155642b1ee7cfd98\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\e5d99926e3114697291b068e\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\e5d99926e3114697291b068e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\e5d99926e3114697291b068e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\ea1a9eca92d9482b97d26bad\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\ea1a9eca92d9482b97d26bad\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\ea1a9eca92d9482b97d26bad\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\f0c1f65c63fc458aa02cefb0\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\f0c1f65c63fc458aa02cefb0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\f0c1f65c63fc458aa02cefb0\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\fc9fd02c9cba44322e8ee3bf\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\fc9fd02c9cba44322e8ee3bf\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\fc9fd02c9cba44322e8ee3bf\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\fc9fd02c9cba44322e8ee3bf\Jaycia
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\fd8eb9f20441414e028f629e\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\fd8eb9f20441414e028f629e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\fd8eb9f20441414e028f629e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\fdc252543d7f45f12d8a7fa7\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\fdc252543d7f45f12d8a7fa7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\fdc252543d7f45f12d8a7fa7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\ff84d1dcdbd640fbc9bc12b7\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\ff84d1dcdbd640fbc9bc12b7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\2e6c2dc3dc2d44dd5d7c0b89\ff84d1dcdbd640fbc9bc12b7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\c357947034a24a6608d9bda0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\c357947034a24a6608d9bda0\35654441c77c450ff18b3595\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\c357947034a24a6608d9bda0\35654441c77c450ff18b3595\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\c357947034a24a6608d9bda0\35654441c77c450ff18b3595\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\c357947034a24a6608d9bda0\51eeea05d1c3473d2bdfabb8\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\c357947034a24a6608d9bda0\51eeea05d1c3473d2bdfabb8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\c357947034a24a6608d9bda0\51eeea05d1c3473d2bdfabb8\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\c357947034a24a6608d9bda0\8e39fbfc3be04ee072b8a1a6\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\c357947034a24a6608d9bda0\8e39fbfc3be04ee072b8a1a6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\30564830c67c4813344dcea5\c357947034a24a6608d9bda0\8e39fbfc3be04ee072b8a1a6\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\139d3da1b8aa481e6069bdaf\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\139d3da1b8aa481e6069bdaf\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\15ef1153da124f3a964804b7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\15ef1153da124f3a964804b7\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\1dcdf060bea541a946431190\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\1dcdf060bea541a946431190\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\22272e5b80074c7e970804bc\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\22272e5b80074c7e970804bc\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\24538372437f400ab66e7493\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\24538372437f400ab66e7493\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\276152eb037049ed49246e80\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\276152eb037049ed49246e80\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\2a1dcd29ffae455751af9790\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\2a1dcd29ffae455751af9790\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\2c55f75aa7124e56bf89ebb8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\2c55f75aa7124e56bf89ebb8\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\2ea1affbe4ff42d39af36481\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\2ea1affbe4ff42d39af36481\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\33647bbd1f264bc368786ab3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\33647bbd1f264bc368786ab3\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\3d14a9648c8746892a3d98b2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\3d14a9648c8746892a3d98b2\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\3f3d44dd81fe4daae8ebd090\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\3f3d44dd81fe4daae8ebd090\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\40b7ec8f3c2045a3eef0ab99\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\40b7ec8f3c2045a3eef0ab99\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\410b14573a8d4d010f20e4b0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\410b14573a8d4d010f20e4b0\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\47add8a04cb040a76e9e8ebb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\47add8a04cb040a76e9e8ebb\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\4e805f6a98334ab91d5764a8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\4e805f6a98334ab91d5764a8\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\4eb971aa4748495ff46b12bb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\4eb971aa4748495ff46b12bb\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\5347e7d5357b40768ad9c0a1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\5347e7d5357b40768ad9c0a1\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\598c0cb8ef16416af48d6fb1\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\598c0cb8ef16416af48d6fb1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\598c0cb8ef16416af48d6fb1\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\5c19627ed8e44ac1658613a9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\5c19627ed8e44ac1658613a9\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\5d22143347a04ddb3f373899\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\5d22143347a04ddb3f373899\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\60b3365b35e54810ee739a86\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\60b3365b35e54810ee739a86\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\6aa0b3d9ed6b4979becc3cb2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\6aa0b3d9ed6b4979becc3cb2\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\7aedbbd504d9499dcd669292\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\7aedbbd504d9499dcd669292\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\7ec8034d58e24e56cfe12bb3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\7ec8034d58e24e56cfe12bb3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\7ec8034d58e24e56cfe12bb3\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\81b8655f8a6d497f7650fd87\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\81b8655f8a6d497f7650fd87\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\85469a56676e4db632abe4a6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\85469a56676e4db632abe4a6\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\92033e5e7dce4d0577915e8d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\92033e5e7dce4d0577915e8d\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\97eac325a8704168611ffe96\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\97eac325a8704168611ffe96\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\98554aad14a64bc6cade7d85\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\98554aad14a64bc6cade7d85\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\9a8dc25f622543c3db5bcf8d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\9a8dc25f622543c3db5bcf8d\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\aa30f721102749fb2cf4ebac\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\aa30f721102749fb2cf4ebac\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\b7058eb04834431debece384\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\b7058eb04834431debece384\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\b9c8fe03ad3b43059a51b4b7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\b9c8fe03ad3b43059a51b4b7\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\c29f5eead65649aa14dd8780\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\c29f5eead65649aa14dd8780\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\ce4e47e722ce402cb72b56a5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\ce4e47e722ce402cb72b56a5\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\d219c50822f74b648643e690\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\d219c50822f74b648643e690\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\d2fd44b404cf44d1ea4e05bd\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\d2fd44b404cf44d1ea4e05bd\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\d3bb4d08cc0f4c91f12f2ba9\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\d3bb4d08cc0f4c91f12f2ba9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\d3bb4d08cc0f4c91f12f2ba9\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\d49ae21c6423444c4d9857b5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\d49ae21c6423444c4d9857b5\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\d864e3782dd94ff892f3f2bd\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\d864e3782dd94ff892f3f2bd\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\d936514949184c2efeba758d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\d936514949184c2efeba758d\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\6679eb06a3794d3da15691be\d9517518836

#6
Jessikuh

Posted 11 June 2008 - 01:51 AM

Member

Topic Starter
Member
52 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:28, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/br...H...RR&d=homerr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\MYDOWN~1\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\MYDOWN~1\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [a02a91f3] rundll32.exe "C:\WINDOWS\system32\hjxwsadn.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-9c40c2bfe...ad/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.c...oad/XUpload.ocx
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - http://zone.msn.com/...rp.cab56961.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC664F3C-1181-421E-AED6-268E3B3D15BF}: Domain = extremities.com
O20 - Winlogon Notify: urqrqrs - urqrqrs.dll (file missing)
O20 - Winlogon Notify: xxyyw - C:\WINDOWS\system32\xxyyw.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7502 bytes

#7
RatHat

Posted 11 June 2008 - 07:15 AM

Ex Malware Expert

Expert
7,829 posts

Hi there,

That got rid of a lot, but the Combofix log is incomplete. Could you locate it in your C:\ drive, then attach it in your next reply?

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Regards,
RatHat

#8
Jessikuh

Posted 11 June 2008 - 02:09 PM

Member

Topic Starter
Member
52 posts

as i was about to post the full combofix report my computer shut off no warning nothing i was attaching the file and then the screen said windows is shutting down. so I got a bit worried and switched off the power in the back of the computer before it could shut down all the way. I dont want to use that hard drive if it might screw everything up so if it doesnt sound like a malware issue then i will hook up that hard drive again but i dont want to unless you think its okay to try it again

Edited by just change the hard drive, 11 June 2008 - 02:10 PM.

#9
RatHat

Posted 11 June 2008 - 05:44 PM

Ex Malware Expert

Expert
7,829 posts

OK, I need to understand a bit more about your system. The hard drive that you are concerned about, is it an external drive that just contains data, or is it a second drive that contains the operating system?

All your logs point to you having problems with your C: drive. This is where Combofix removed a lot of files from, so I need to know if that is the drive that you are hooking up.

Regards,
RatHat

#10
Jessikuh

Posted 11 June 2008 - 07:29 PM

Member

Topic Starter
Member
52 posts

The hard drive that I'm concerned with contains its own operating system it has no slave drive. My computer case is open and when i say switch the hard drive i mean physically taking the infected hard drive and disconnecting the cable for power and the one that goes to the motherboard and then connecting them to the second hard drive. Both of the hard drives have individual operating systems one has XP and the other one has XP Professional.
I don't think they are technically individual computers because they use the same motherboard or is it the operating system that makes it a computer?

#11
RatHat

Posted 12 June 2008 - 08:36 AM

Ex Malware Expert

Expert
7,829 posts

They share the same hardware, which shouldn't be a problem, as long as there is no MBR rootkit involved (which is unlikely).

Could you hook it up again and attach the Combofix log for me. If you have no problems after hooking it up, then run MBAM as outlined above, and post me that log too.

Regards,
RatHat

#12
Jessikuh

Posted 12 June 2008 - 03:06 PM

Member

Topic Starter
Member
52 posts

#13
Jessikuh

Posted 12 June 2008 - 05:07 PM

Member

Topic Starter
Member
52 posts

Virus tried to return while i was using firefox but i closed it and went to internet explorer (no addons ) and i was able to continue here is the log

Malwarebytes' Anti-Malware 1.17
Database version: 851

3:19:05 PM 6/12/2008
mbam-log-6-12-2008 (15-19-05).txt

Scan type: Quick Scan
Objects scanned: 36686
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{0bc117da-b56c-4e47-99cd-f85f6e69b264} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cd0822b5-d085-40b2-a662-04d6ca11e90a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4e1a8b6a-20f4-4539-99ae-db782a598fe2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\washellext.wascontextmenu (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\washellext.wascontextmenu.1 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\washellext.shellhook (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\washellext.shellhook.1 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{_clsid_washellexecutecheck} (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\atfxqogp.bpkx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure (Rogue.Files-Secure) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\hjxwsadn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ndaswxjh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\TTC.dll (Adware.WebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2007\WinAntiSpyware 2007.lnk (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2007\WinAntiSpyware 2007 Online Manual.lnk (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2007\WinAntiSpyware 2007 on the Web.lnk (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2007\Contact customer support.lnk (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2007\Uninstall WinAntiSpyware 2007.lnk (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\secure.db3 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\secure.db4 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\secure.db5 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\license.txt (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\tcb.pmw (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\retadpu1000106.exe.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.

#14
RatHat

Posted 13 June 2008 - 04:19 AM

Ex Malware Expert

Expert
7,829 posts

Please run SDFix as outline in my first post to you. When complete, download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, DSS will open two Notepad files: main.txt and extra.txt
Use Save As to save both Notepad files to your Desktop and post them in your next reply.

Note: A copy of these files can be found in you root drive, usually C:\Deckard\System Scanner\

Next, try to run the Kaspersky scan, and post me the log. Also let me know how your computer is running now.

Regards,
RatHat

#15
Jessikuh

Posted 13 June 2008 - 03:30 PM

Member

Topic Starter
Member
52 posts

just when i thought it was almost fixed

when i tried to reeboot in safe mode for sdfix my computer would not finish booting up it would just stop before it even got to the windows screen it would have a black background and a screen full of text and it just stayed like that for 10 minutes before i turned it off. so i went about it another way using system config i selected to safe mode under boot tab and iwas able to get through but the folder was not there and i dont remember if it was before or after this but on logon screen there was a user logon named administrator this account has password but i did not set any password protected accounts any way i was able to run dss and will post results next