Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

popups and browser hijack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby tim s » June 20th, 2007, 11:22 am

Hi hdebo,

Help Tim I am stil getting norton blocks. It was fine for about 20 mnutes then I started to get norton blocks that stopped detection of adware.maxsearch, trojan.adclicker, adware.purityscan, adware.surfsidekck, and still getting intrusion to desktop. All this happened wile surfing a few car forums and I was on ebay. Sorry to keep bothering you.
I cant thank you enough for all the help. This is a real PIA.



Did norton block it from coming in or did it detect it present on your computer saying you were infected?
You may want to consider updating to IE7 Thru window update.com http://www.windowsupdate.com
That is what I have and it does take some getting use to.
Make sure your OS has all latest security updates available installed on your computer.

-------------------------------------------------------------------------


Download and install SpywareBlaster 3.5.1

------------------------------------------------------------------------

Let's delete some of the tools I had you download:

Find and delete these
SmitFraudFix.exe and SmitFraudFix Folder
SDFix.exe and C:\SDFix
combofix.exe and C:\QooBox


---------------------------------------------------------------------

Quit Internet Explorer, all browsers and quit any instances of Windows Explorer.

For Internet Explorer 4.x - 6.x
  • Click Start, click Control Panel, and then click internet and network connections
  • Double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box, and then click OK..
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.



    *Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then click Empty Recycle Bin.

Restart computer

-------------------------------------------------------------------------

Re-run online scan

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save Report As button:
    • Save the file to your desktop.
    • File Type: Text file (*.txt).
    • Name: Kav.txt for example
  • Copy and paste that information in your next post.
==========================

Please post in next reply
kaspersky scan report
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am
Advertisement
Register to Remove

Unread postby hdebo » June 20th, 2007, 5:01 pm

Norton looks like it blocks everything. I still get that script error when I open IE the first time after starting windows. Here are the requested logs

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 20, 2007 4:57:08 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 20/06/2007
Kaspersky Anti-Virus database records: 349652
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 141098
Number of viruses found: 24
Number of infected objects: 83
Number of suspicious objects: 0
Duration of the scan process: 01:06:52

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c26badc6695f53ed7e5c03b87bd6c49e_f9f6e1cd-bd97-4c4d-a7f4-970f713f0722 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D206770.dll Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22245BEC.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\222A2FE5.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C152257.chm/page.htm Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C152257.chm/SystemDoctor2006FreeInstall.cab/USDR6_0001_D08M0404NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C152257.chm/SystemDoctor2006FreeInstall.cab Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C152257.chm CHM: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C152257.chm CryptFF: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C194C53.chm/page.htm Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C194C53.chm/SystemDoctor2006FreeInstall.cab/USDR6_0001_D08M0404NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C194C53.chm/SystemDoctor2006FreeInstall.cab Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C194C53.chm CHM: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C194C53.chm CryptFF: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\300A79FD.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\301377F2.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A3064A8.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F60033A.chm/page.htm Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F60033A.chm/SystemDoctor2006FreeInstall.cab/USDR6_0001_D08M0404NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F60033A.chm/SystemDoctor2006FreeInstall.cab Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F60033A.chm CHM: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F60033A.chm CryptFF: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F642D36.chm/page.htm Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F642D36.chm/SystemDoctor2006FreeInstall.cab/USDR6_0001_D08M0404NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F642D36.chm/SystemDoctor2006FreeInstall.cab Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F642D36.chm CHM: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F642D36.chm CryptFF: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65BD049E.exe/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65BD049E.exe/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65BD049E.exe/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65BD049E.exe ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65BD049E.exe WiseSFX Dropper: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65BD049E.exe CryptFF: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72831ED6.tmp Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\728648D3.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\728648D3.tmp Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\728972CF.exe Infected: not-a-virus:AdWare.Win32.Mirar.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\728C1CCB.exe/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\728C1CCB.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\728C1CCB.exe/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\728C1CCB.exe/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\728C1CCB.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\728C1CCB.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\728C1CCB.exe RarSFX: infected - 6 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\728C1CCB.exe CryptFF: infected - 6 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B073F30.dll Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\LiveUpdate\2007-06-20_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtETmp\13B45760.TMP Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\HDebo\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HDebo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HDebo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HDebo\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HDebo\Local Settings\Temp\chdpad.exe Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\Documents and Settings\HDebo\Local Settings\Temp\wr-1-2000219.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\Documents and Settings\HDebo\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HDebo\Local Settings\Temporary Internet Files\Content.IE5\REFLPHNZ\acdt68[1].exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\HDebo\Local Settings\Temporary Internet Files\Content.IE5\REFLPHNZ\acdt68[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\HDebo\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HDebo\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\RECYCLER\NPROTECT\00362657 Object is locked skipped
C:\RECYCLER\NPROTECT\00362766.200 Object is locked skipped
C:\RECYCLER\NPROTECT\00362767.200 Object is locked skipped
C:\RECYCLER\NPROTECT\00362768.200 Object is locked skipped
C:\RECYCLER\NPROTECT\00362769.200 Object is locked skipped
C:\RECYCLER\NPROTECT\00362770.200 Object is locked skipped
C:\RECYCLER\NPROTECT\00362771.200 Object is locked skipped
C:\RECYCLER\NPROTECT\00362772.200 Object is locked skipped
C:\RECYCLER\NPROTECT\00362773.200 Object is locked skipped
C:\RECYCLER\NPROTECT\00362774.200 Object is locked skipped
C:\RECYCLER\NPROTECT\00362775.200 Object is locked skipped
C:\RECYCLER\NPROTECT\00362776.200 Object is locked skipped
C:\RECYCLER\NPROTECT\00362781.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00362782.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00362783.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00362784.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00362785.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00362786.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00362787.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00362788.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00362789.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00362790.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00362791.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00362792.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00362793.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00362799 Object is locked skipped
C:\RECYCLER\NPROTECT\00362800 Object is locked skipped
C:\RECYCLER\NPROTECT\00362801 Object is locked skipped
C:\RECYCLER\NPROTECT\00362802 Object is locked skipped
C:\RECYCLER\NPROTECT\00362803 Object is locked skipped
C:\RECYCLER\NPROTECT\00362804 Object is locked skipped
C:\RECYCLER\NPROTECT\00362805 Object is locked skipped
C:\RECYCLER\NPROTECT\00362806 Object is locked skipped
C:\RECYCLER\NPROTECT\00362807 Object is locked skipped
C:\RECYCLER\NPROTECT\00362808 Object is locked skipped
C:\RECYCLER\NPROTECT\00362809 Object is locked skipped
C:\RECYCLER\NPROTECT\00362818.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00362828.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00362832.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00362841.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00362842.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00362843 Object is locked skipped
C:\RECYCLER\NPROTECT\00362848.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00362849.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00362850 Object is locked skipped
C:\RECYCLER\NPROTECT\00362860.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00362861.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00362862 Object is locked skipped
C:\RECYCLER\NPROTECT\00362875.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00362876.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00362877 Object is locked skipped
C:\RECYCLER\NPROTECT\00362882.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00362883.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00362884 Object is locked skipped
C:\RECYCLER\NPROTECT\00362897.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00362898.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00362899 Object is locked skipped
C:\RECYCLER\NPROTECT\00362913.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00362914.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00362915 Object is locked skipped
C:\RECYCLER\NPROTECT\00362919.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00362920.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00362921 Object is locked skipped
C:\RECYCLER\NPROTECT\00362934.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00362935.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00362936 Object is locked skipped
C:\RECYCLER\NPROTECT\00362949.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00362950.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00362951 Object is locked skipped
C:\RECYCLER\NPROTECT\00362954.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00362955.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00362956 Object is locked skipped
C:\RECYCLER\NPROTECT\00362971.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00362972.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00362973 Object is locked skipped
C:\RECYCLER\NPROTECT\00362987.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00362988.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00362989 Object is locked skipped
C:\RECYCLER\NPROTECT\00363003.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00363004.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00363005 Object is locked skipped
C:\RECYCLER\NPROTECT\00363019.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00363020.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00363021 Object is locked skipped
C:\RECYCLER\NPROTECT\00363025.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00363026.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00363027 Object is locked skipped
C:\RECYCLER\NPROTECT\00363040.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00363041.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00363042 Object is locked skipped
C:\RECYCLER\NPROTECT\00363056.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00363057.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00363058 Object is locked skipped
C:\RECYCLER\NPROTECT\00363072.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00363073.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00363074 Object is locked skipped
C:\RECYCLER\NPROTECT\00363087.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00363088.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00363089 Object is locked skipped
C:\RECYCLER\NPROTECT\00363103.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00363104.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00363105 Object is locked skipped
C:\RECYCLER\NPROTECT\00363174.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363175.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00363176.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00363177.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00363178.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00363179.sys Object is locked skipped
C:\RECYCLER\NPROTECT\00363180.grd Object is locked skipped
C:\RECYCLER\NPROTECT\00363181.sig Object is locked skipped
C:\RECYCLER\NPROTECT\00363182.spm Object is locked skipped
C:\RECYCLER\NPROTECT\00363183.sys Object is locked skipped
C:\RECYCLER\NPROTECT\00363184.BIN Object is locked skipped
C:\RECYCLER\NPROTECT\00363185 Object is locked skipped
C:\RECYCLER\NPROTECT\00363186.EXP Object is locked skipped
C:\RECYCLER\NPROTECT\00363187.SYS Object is locked skipped
C:\RECYCLER\NPROTECT\00363188.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00363189.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00363190.EXP Object is locked skipped
C:\RECYCLER\NPROTECT\00363191.SYS Object is locked skipped
C:\RECYCLER\NPROTECT\00363192.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00363193.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00363194.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00363195.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363196.CAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363197.INF Object is locked skipped
C:\RECYCLER\NPROTECT\00363198.cat Object is locked skipped
C:\RECYCLER\NPROTECT\00363199.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00363200.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363201.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363202.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363203.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363204.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00363205.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363206.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363207.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363208.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363209.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363210.GRD Object is locked skipped
C:\RECYCLER\NPROTECT\00363211.SIG Object is locked skipped
C:\RECYCLER\NPROTECT\00363212.INF Object is locked skipped
C:\RECYCLER\NPROTECT\00363213.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363214.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363215.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363216.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363217.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363218.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363219.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363220.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363221.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363222.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363223.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00363224.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00363225.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00363227 Object is locked skipped
C:\RECYCLER\NPROTECT\00363236.x2 Object is locked skipped
C:\RECYCLER\NPROTECT\00363237.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00363238 Object is locked skipped
C:\RECYCLER\NPROTECT\00363243.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00363244.TOR Object is locked skipped
C:\RECYCLER\NPROTECT\00363250.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00363251.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00363252.log Object is locked skipped
C:\RECYCLER\NPROTECT\00363254.003 Object is locked skipped
C:\RECYCLER\NPROTECT\00363255.003 Object is locked skipped
C:\RECYCLER\NPROTECT\00363256.003 Object is locked skipped
C:\RECYCLER\NPROTECT\00363257.003 Object is locked skipped
C:\RECYCLER\NPROTECT\00363258.003 Object is locked skipped
C:\RECYCLER\NPROTECT\00363259.003 Object is locked skipped
C:\RECYCLER\NPROTECT\00363260.003 Object is locked skipped
C:\RECYCLER\NPROTECT\00363261.003 Object is locked skipped
C:\RECYCLER\NPROTECT\00363262.003 Object is locked skipped
C:\RECYCLER\NPROTECT\00363263.003 Object is locked skipped
C:\RECYCLER\NPROTECT\00363264.003 Object is locked skipped
C:\RECYCLER\NPROTECT\00363269.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363270.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363274.XVR Object is locked skipped
C:\RECYCLER\NPROTECT\00363275.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363276.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363277.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363278.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363279.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363280.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363281.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363282.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363283.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363284.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363285.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363286.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363287.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363288.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363289.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363290.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363291.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363292.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363293.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363294.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363295.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363296.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363297.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363298.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363299.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363300.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363301.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363302.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363303.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363304.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363305.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363306.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363307.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363308.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363309.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363310.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363311.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363312.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363313.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363314.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363315.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363316.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363317.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363318.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363319.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363320.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363322.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363323.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363325.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00363326.003 Object is locked skipped
C:\RECYCLER\NPROTECT\00363327.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363328.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363329.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363330.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363332.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00363333.003 Object is locked skipped
C:\RECYCLER\NPROTECT\00363334.004 Object is locked skipped
C:\RECYCLER\NPROTECT\00363335.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363336.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363337.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363338.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363339.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363340.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363341.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363342.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363343.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363344.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363345.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363346.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363347.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363348.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363349.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363350.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363351.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363352.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363353.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363354.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363355.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363356.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363357.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363358.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363359.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363360.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363361.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363362.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363363.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363364.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363365.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363366.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363367.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363368.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363369.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363370.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363371.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363372.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363373.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363374.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363375.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363376.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363377.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363378.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363379.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363380.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363381.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363382.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363383.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363384.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363385.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363386.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363388.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00363389.003 Object is locked skipped
C:\RECYCLER\NPROTECT\00363390.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363391.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363392.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363393.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363394.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363395.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363396.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363397.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363398.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363399.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363400.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363401.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363402.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363403.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363404.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363405.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363406.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363407.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363408.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363409.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363410.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363411.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363412.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363413.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363414.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363415.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363416.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363417.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363418.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363419.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363420.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363421.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363422.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363423.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363424.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363425.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363426.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363427.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363428.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363429.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363430.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363431.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363432.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363433.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363434.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363435.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363436.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363437.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363438.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363439.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363440.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363441.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363442.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363443.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363444.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363445.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363447.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363448.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363451.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363452.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363453.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363454.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363455.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363456.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363458.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363459.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363460.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363461.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363462.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363463.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363464.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363465.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363466.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363467.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363468.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363469.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363470.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363471.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363472.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363473.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363474.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363475.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363476.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363477.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363478.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363479.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363480.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363481.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363482.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363483.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363484.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363485.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363486.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363487.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363488.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363489.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363490.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363491.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363492.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363493.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363494.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363495.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363496.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363497.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363498.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363499.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363500.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363501.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363502.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363503.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363504.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363505.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363506.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363507.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363508.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363509.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363510.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363511.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363512.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363513.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363514.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363515.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363516.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363517.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363518.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363519.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363520.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363521.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363522.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363523.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363524.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363525.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363526.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363527.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363528.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363529.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363530.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363531.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363532.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363533.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363534.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363535.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363536.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363537.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363538.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363539.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363540.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363541.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363542.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363543.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363544.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363545.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363546.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363547.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363548.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363549.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363550.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363551.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363552.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363553.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363554.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363555.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363556.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363557.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363558.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363559.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363560.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363561.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363562.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363563.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363564.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363565.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363566.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363567.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363568.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363569.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363570.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363571.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363572.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363573.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363574.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363575.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363576.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363577.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363578.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363579.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363580.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363581.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363582.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363583.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363584.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363585.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363586.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363587.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363588.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363589.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363590.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363591.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363592.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363593.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363594.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363595.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363596.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363597.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363598.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363599.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363600.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363601.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363602.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363603.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363604.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363605.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363606.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363607.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363608.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363609.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363610.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363611.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363612.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363613.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363614.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363615.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363616.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363617.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363618.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363619.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363620.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363621.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363622.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363623.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363624.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363625.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363626.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363627.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363628.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363629.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363630.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363631.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363632.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363633.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363634.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363635.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363636.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363637.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363638.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363639.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363640.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363641.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363642.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363643.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363644.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363645.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363646.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363647.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363648.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363649.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363650.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363651.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363652.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363653.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363654.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363655.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363656.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363657.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363658.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363659.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363660.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363661.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363662.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363663.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363664.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363665.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363666.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363667.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363668.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363669.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363670.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363671.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363672.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363673.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363674.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363675.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363676.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363677.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363678.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363679.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363680.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363681.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363682.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363683.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363684.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363685.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363686.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363687.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363688.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363689.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363690.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363691.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363692.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363693.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363694.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363695.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363696.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363697.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363698.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363699.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363700.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363701.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363702.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363703.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363704.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363705.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363706.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363707.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363708.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363709.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363710.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363711.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363712.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363713.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363714.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363715.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363716.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363717.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363718.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363719.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363720.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363721.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363722.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363723.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363725.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363726.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363727.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363728.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363729.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363730.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363731.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363732.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363733.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363734.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363735.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363736.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363737.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363738.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363739.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363740.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363741.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363742.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363743.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363744.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363745.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363746.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363747.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363748.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363749.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363750.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363751.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363752.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363753.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363754.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363755.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363756.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363757.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363758.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363759.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363760.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363761.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363762.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363763.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363764.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363765.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363766.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363767.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363768.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363769.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363770.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363771.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363772.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363773.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363774.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363775.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363776.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363777.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363778.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363779.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363780.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363781.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363782.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363783.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363784.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363785.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363786.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363787.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363788.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363789.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363790.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363791.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363792.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363793.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363794.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363795.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363796.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363797.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363798.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363799.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363800.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363801.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363802.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363803.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363804.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363805.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363806.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363807.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363808.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363809.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363810.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363811.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363812.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363813.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363814.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363815.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363816.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363817.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363818.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363819.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363820.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363821.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363822.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363823.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363824.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363825.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363826.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363827.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363828.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363829.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363830.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363831.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363832.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363833.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363834.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363835.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363836.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363837.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363838.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363839.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363840.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363841.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363842.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363843.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363844.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363845.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363846.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363847.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363848.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363849.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363850.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363851.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363852.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363853.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363854.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363855.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363856.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363857.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363858.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363859.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363860.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363861.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363862.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363863.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363864.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363865.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363866.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363867.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363868.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363869.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363870.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363871.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363872.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363873.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363874.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363875.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363876.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363877.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363878.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363879.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363880.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363881.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363882.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363883.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363884.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363885.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363886.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363887.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363888.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363889.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363890.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363891.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363892.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363893.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363894.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363895.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363896.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363897.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363898.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363899.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363900.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363901.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363902.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363903.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363904.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363905.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363906.DBM Object is locked skipped
C:\RECYCLER\NPROTECT\00363912.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363913.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363914.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363915.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363916.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363917.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363918.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363919.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363920.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363921.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363922.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363923.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363925.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363926.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363927.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363928.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363929.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363930.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363931.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363932.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363933.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363934.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363935.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363936.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363937.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363938.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363939.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363940.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363941.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363942.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363943.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00363944.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00363945.log Object is locked skipped
C:\RECYCLER\NPROTECT\00363946.log Object is locked skipped
C:\RECYCLER\NPROTECT\00363949.AVI Object is locked skipped
C:\RECYCLER\NPROTECT\00363950.AVI Object is locked skipped
C:\RECYCLER\NPROTECT\00363951.AVI Object is locked skipped
C:\RECYCLER\NPROTECT\00363952.AVI Object is locked skipped
C:\RECYCLER\NPROTECT\00363953.AVI Object is locked skipped
C:\RECYCLER\NPROTECT\00363
hdebo
Regular Member
 
Posts: 26
Joined: June 13th, 2007, 8:12 pm

Unread postby hdebo » June 20th, 2007, 6:43 pm

One thing that I did today that might help is I ran the vundo tool after my last post and it removed about 5 files. I forgot to write them down but here is the HJT after the vundo removal. I dont know if this will help.
Thanks

Logfile of HijackThis v1.99.1
Scan saved at 6:43:24 PM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\retadpu2000219.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\DOCUME~1\HDebo\LOCALS~1\Temp\wiglrxpe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\analyse.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {445B35C9-CF66-4ADE-A407-B44D7C5C9648} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {C157A695-B31D-426F-9455-1801B7F0B4A0} - C:\Program Files\Online Services\sademowu43855.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\jkkhhed.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: jkkhhed - C:\WINDOWS\SYSTEM32\jkkhhed.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: DomainService - - C:\DOCUME~1\HDebo\LOCALS~1\Temp\wiglrxpe.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
hdebo
Regular Member
 
Posts: 26
Joined: June 13th, 2007, 8:12 pm

Unread postby tim s » June 20th, 2007, 7:11 pm

Hi hdebo,

Please try not to surf internet or download anything until we get computer
clean. Your computer shows infection back to the beginning. Thanks

ReRun winpfind3u

  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Change settings Under Files/Folders Created Within-----
    • Click on 60 days
  • Change settings Under Files/Folders Modified Within-----
    • Click on 60 days
  • Next on the right side of screen Under Additional Scans
    • Put a checkmark in the box next to Reg-Disabled MS Config items
    • Put a checkmark in the box next to Reg-IE CmdMapping
    • Put a checkmark in the box next to Reg-Uninstall List
    • Put a checkmark in the box next to File-Additional Folder Scan
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Use the Add Reply button and Copy/Paste the information back here.

Note* If, after posting your reply, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into separate reply post.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby hdebo » June 20th, 2007, 7:35 pm

Here is the log you asked for. I noticed even if I am not on the internet Norton stll blocks intrusions.
WinPFind3 logfile created on: 6/20/2007 7:16:14 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\HDebo\Desktop\New Folder (3)\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1022.73 Mb Total Physical Memory | 683.00 Mb Available Physical Memory | 66.78% Memory free
2.40 Gb Paging File | 2.13 Gb Available in Paging File | 88.48% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 12.43 Gb Free Space | 33.35% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 37.27 Gb Total Space | 2.39 Gb Free Space | 6.40% Space Free

Computer Name: DESKTOP
Current User Name: HDebo
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.41 | Size = 554616 bytes | Modified Date = 1/5/2007 6:04:10 PM | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 4:19:28 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 1/24/2006 11:45:24 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 1/24/2006 11:45:24 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/10/2007 1:59:52 AM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 8:31:10 AM | Attr = ]
popups~1.exe -> %ProgramFiles%\Panicware\Pop-Up Stopper Professional\POPUPS~1.EXE1158317775 -> Panicware, Inc. [Ver = 1, 80, 0, 1000 | Size = 516096 bytes | Modified Date = 6/1/2005 4:09:02 PM | Attr = ]
retadpu2000219.exe -> %SystemRoot%\retadpu2000219.exe -> [Ver = 1, 0, 0, 6 | Size = 40960 bytes | Modified Date = 6/20/2007 5:14:20 AM | Attr = ]
richvideo.exe -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/8/2005 2:54:00 PM | Attr = ]
wiglrxpe.exe -> %LocalSettings%\Temp\wiglrxpe.exe -> [Ver = 1, 0, 0, 1 | Size = 122944 bytes | Modified Date = 6/20/2007 5:19:58 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\New Folder (3)\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 1/24/2006 11:45:24 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 1/26/2006 8:57:00 AM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.41 | Size = 554616 bytes | Modified Date = 1/5/2007 6:04:10 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 8:31:10 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(DomainService) DomainService [Win32_Own | Auto | Running] -> %LocalSettings%\Temp\wiglrxpe.exe -> [Ver = 1, 0, 0, 1 | Size = 122944 bytes | Modified Date = 6/20/2007 5:19:58 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 451136 bytes | Modified Date = 9/25/2006 3:54:22 PM | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 1/14/2007 3:11:06 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.41 | Size = 2918008 bytes | Modified Date = 1/5/2007 6:04:10 PM | Attr = ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr = ]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 3/12/2007 6:30:16 PM | Attr = ]
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/8/2005 2:54:00 PM | Attr = ]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 86016 bytes | Modified Date = 8/2/2005 2:18:50 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 5/7/2004 10:41:04 AM | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 4:19:28 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/10/2007 1:59:52 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/24/2006 4:24:54 AM | Attr = ]
runner1 -> %SystemRoot%\retadpu2000219.exe -> [Ver = 1, 0, 0, 6 | Size = 40960 bytes | Modified Date = 6/20/2007 5:14:20 AM | Attr = ]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 3/12/2007 6:30:16 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PopUpStopperProfessional -> %ProgramFiles%\Panicware\Pop-Up Stopper Professional\POPUPS~1.EXE1158317775 -> Panicware, Inc. [Ver = 1, 80, 0, 1000 | Size = 516096 bytes | Modified Date = 6/1/2005 4:09:02 PM | Attr = ]
WinPop -> %ProgramFiles%\WinPop\winpop.exe -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 8:29:58 AM | Attr = ]
{DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhhed.dll [] -> [Ver = | Size = 31254 bytes | Modified Date = 6/20/2007 5:14:20 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 1/24/2006 11:46:38 PM | Attr = ]
ddabc -> %System32%\ddabc.dll -> [Ver = | Size = 266336 bytes | Modified Date = 6/20/2007 6:45:08 PM | Attr = ]
jkkhhed -> %System32%\jkkhhed.dll -> [Ver = | Size = 31254 bytes | Modified Date = 6/20/2007 5:14:20 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page -> http://my.yahoo.com/ ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 4/16/2001 4:39:02 PM | Attr = ]
{445B35C9-CF66-4ADE-A407-B44D7C5C9648} [HKLM] -> %System32%\jkkjh.dll [Reg Data - Value does not exist] -> File not found
{4D6ED517-E7D5-4FA0-95F8-358268C051A0} [HKLM] -> %System32%\ddabc.dll [Reg Data - Value does not exist] -> [Ver = | Size = 266336 bytes | Modified Date = 6/20/2007 6:45:08 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{C157A695-B31D-426F-9455-1801B7F0B4A0} [HKLM] -> %ProgramFiles%\Online Services\sademowu43855.dll [] -> [Ver = | Size = 163840 bytes | Modified Date = 6/14/2007 7:54:52 AM | Attr = ]
{DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhhed.dll [Reg Data - Value does not exist] -> [Ver = | Size = 31254 bytes | Modified Date = 6/20/2007 5:14:20 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{CB789373-04D5-4EF4-9C16-871463FD0830} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Download All Links with IDM -> %ProgramFiles%\Internet Download Manager\IEGetAll.htm -> [Ver = | Size = 283 bytes | Modified Date = 10/20/2003 6:13:14 AM | Attr = ]
Download with IDM -> %ProgramFiles%\Internet Download Manager\IEExt.htm -> [Ver = | Size = 277 bytes | Modified Date = 12/2/2004 12:31:10 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{59AD5291-8F8C-42D7-B359-60BD93EE27AE} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
{7995F828-5A70-4C71-AA51-CE344BB64C4A} -> (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/ka ... nicode.cab ->
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan ... asinst.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 8/12/2005 2:43:58 PM | Attr = ]
BitTorrent -> %ProgramFiles%\BitTorrent\bittorrent.exe -> File not found
ihsService.exe -> %ProgramFiles%\Sunbelt Software\iHateSpam\ihsService.exe -> Sunbelt Software, Inc. [Ver = 4.00.0633 | Size = 381025 bytes | Modified Date = 11/1/2006 5:00:54 PM | Attr = ]
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 229952 bytes | Modified Date = 9/25/2006 3:54:24 PM | Attr = ]
LanguageShortcut -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe -> [Ver = 1, 0, 1613, 0 | Size = 49152 bytes | Modified Date = 4/13/2006 12:09:00 PM | Attr = ]
osCheck -> %ProgramFiles%\Norton AntiVirus\osCheck.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 1/14/2007 3:11:10 AM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 12/7/2005 11:57:00 PM | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 11 | Size = 790528 bytes | Modified Date = 5/29/2003 4:28:32 PM | Attr = ]
Uniblue RegistryBooster2 -> %ProgramFiles%\Uniblue\RegistryBooster 2\RegistryBooster.exe -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8195 - Reg Data - Key not found ->
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} -> 8197 - Reg Data - Key not found ->
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} -> 8198 - Reg Data - Key not found ->
{4D0C4820-53F7-4d79-A2E1-5252683CF69C} -> 8200 - Reg Data - Key not found ->
{7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} -> 8201 - Reg Data - Key not found ->
{85d1f590-48f4-11d9-9669-0800200c9a66} -> 8199 - Reg Data - Key not found ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Data - Key not found ->
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> 8194 - Reg Data - Key not found ->
{E908B145-C847-4e85-B315-07E2E70DECF8} -> 8196 - Reg Data - Key not found ->
{F4FBA929-A891-492C-A0F6-5C79CC4F1742} -> 8202 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Reg Data - Key not found ->
NextId -> 8203 ->
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate ->
{1CB92574-96F2-467B-B793-5CEB35C40C29} -> Image Resizer Powertoy for Windows XP ->
{228F6876-A313-40A3-91C0-C3CBE6997D09} -> Symantec ->
{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4} -> Internet Worm Protection ->
{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} -> SymNet ->
{3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java(TM) SE Runtime Environment 6 Update 1 ->
{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} -> Norton AntiVirus Help ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{3CCAD2EF-CFF2-4637-82AA-AABF370282D3} -> ccCommon ->
{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE} -> QuickTime ->
{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6} -> iTunes ->
{5B433733-BB31-4B40-BCBA-DDED37626641} -> Apple Software Update ->
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD ->
{774AB137-1D3E-42E2-A125-95A00216F319} -> Symantec Real Time Storage Protection Component ->
{77772678-817F-4401-9301-ED1D01A8DA56} -> SPBBC 32bit ->
{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747} -> Ad-Aware SE Personal ->
{830D8CBD-C668-49e2-A969-C2C2106332E0} -> Norton AntiVirus ->
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 ->
{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8} -> Norton Protection Center ->
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable ->
{AB303F84-0D57-4F50-9C44-44706180505D} -> ATI Catalyst Control Center ->
{B13A7C41581B411290FBC0395694E2A9} -> DivX Converter ->
{C054279D-E66C-48BB-91B3-C89970D0061E} -> iHateSpam ->
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 ->
{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8} -> Norton AntiVirus SYMLT MSI ->
{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} -> LiveUpdate Notice (Symantec Corporation) ->
{E5EE9939-259F-4DE2-8023-5C49E16A4F43} -> Norton AntiVirus Parent MSI ->
{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} -> AppCore ->
{F4DB525F-A986-4249-B98B-42A8066251CA} -> AV ->
Adobe Acrobat 5.0 -> Adobe Acrobat 5.0 ->
All ATI Software -> ATI - Software Uninstall Utility ->
AsfTools 3.1 -> AsfTools 3.1 (remove only) ->
ATI Display Driver -> ATI Display Driver ->
AVGAntiSpyware75 -> AVG Anti-Spyware 7.5 ->
AVI Splitter_is1 -> AVI Splitter ->
BitComet -> BitComet 0.60 ->
CCleaner -> CCleaner (remove only) ->
Cool's_Codec_pack_4.12 -> Codec Pack - All In 1 6.0.3.0 ->
Cucusoft MPEG/MOV/RM/AVI to DVD/VCD/SVCD/MPEG Co~546FA5AA_is1 -> Cucusoft MPEG/MOV/RM/AVI to DVD/VCD/SVCD/MPEG Converter Pro 6.2 ->
Easy Video Joiner_is1 -> Easy Video Joiner 5.21 ->
HijackThis -> HijackThis 1.99.1 ->
Kaspersky Online Scanner -> Kaspersky Online Scanner ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB898461 -> Update for Windows XP (KB898461) ->
LiveUpdate -> LiveUpdate 3.2 (Symantec Corporation) ->
MPEG Encoder 3 -> MPEG Encoder 3 ->
Nero - Burning Rom!UninstallKey -> Nero 6 Ultra Edition ->
NeroVision!UninstallKey -> NeroVision Express 2 ->
Panda ActiveScan -> Panda ActiveScan ->
Pop-Up Stopper Professional -> Pop-Up Stopper Professional ->
RealAlt_is1 -> Real Alternative 1.51 ->
ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->
Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4 ->
SpywareBlaster_is1 -> SpywareBlaster v3.5.1 ->
ST4UNST #1 -> Peck's Power Join ->
SymSetup.{830D8CBD-C668-49e2-A969-C2C2106332E0} -> Norton AntiVirus (Symantec Corporation) ->
TrojanHunter_is1 -> TrojanHunter 4.6 ->
Tweak UI 2.10 -> Tweak UI ->
WGA -> Windows Genuine Advantage Validation Tool (KB892130) ->
Winamp -> Winamp (remove only) ->
WinAVIVideoConverter_is1 -> WinAVIVideoConverter ->
Windows Media Format Runtime -> Windows Media Format Runtime ->
Windows Media Player -> Windows Media Player 10 ->
WinPcapInst -> WinPcap 3.1 ->
WinRAR archiver -> WinRAR archiver ->
Yahoo! Companion -> Yahoo! Toolbar ->
Yahoo! Messenger -> Yahoo! Messenger ->
Yahoo! Toolbar -> Yahoo! Toolbar ->
YInstHelper -> Yahoo! Install Manager ->


[Files/Folders - Created Within 60 days]
!KillBox -> %SystemDrive%\!KillBox -> [Folder | Created Date = 5/10/2007 5:54:09 PM | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 6/14/2007 7:01:20 PM | Attr = ]
hidownload -> %SystemDrive%\hidownload -> [Folder | Created Date = 5/29/2007 7:35:52 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 6/17/2007 6:35:55 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 5/16/2007 6:25:19 PM | Attr = ]
$NtUninstallKB898461$ -> %SystemRoot%\$NtUninstallKB898461$ -> [Folder | Created Date = 5/10/2007 5:49:44 PM | Attr = H ]
b122.exe -> %SystemRoot%\b122.exe -> [Ver = | Size = 99855 bytes | Created Date = 6/12/2007 6:12:50 AM | Attr = ]
b136.exe -> %SystemRoot%\b136.exe -> [Ver = | Size = 123544 bytes | Created Date = 6/5/2007 10:51:40 AM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87552 bytes | Created Date = 6/14/2007 12:03:26 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 6/14/2007 12:10:17 PM | Attr = ]
IDMan.INI -> %SystemRoot%\IDMan.INI -> [Ver = | Size = 68 bytes | Created Date = 6/3/2007 7:35:31 AM | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 6/14/2007 12:03:26 PM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 6/4/2007 3:07:03 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 6/10/2007 3:44:24 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 6/10/2007 3:44:24 PM | Attr = H ]
retadpu2000219.exe -> %SystemRoot%\retadpu2000219.exe -> [Ver = 1, 0, 0, 6 | Size = 40960 bytes | Created Date = 6/20/2007 4:14:18 AM | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 6/19/2007 5:17:13 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 5/16/2007 6:17:38 AM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 4/22/2007 8:38:10 AM | Attr = ]
cbadd.bak1 -> %System32%\cbadd.bak1 -> [Ver = | Size = 6530 bytes | Created Date = 6/20/2007 5:45:19 PM | Attr = HS]
cbadd.ini -> %System32%\cbadd.ini -> [Ver = | Size = 6727 bytes | Created Date = 6/20/2007 5:45:08 PM | Attr = HS]
close.vbs -> %System32%\close.vbs -> [Ver = | Size = 454 bytes | Created Date = 5/28/2007 5:03:30 AM | Attr = ]
ddabc.dll -> %System32%\ddabc.dll -> [Ver = | Size = 266336 bytes | Created Date = 6/20/2007 5:45:05 PM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 6/17/2007 6:34:20 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 4/22/2007 8:37:44 AM | Attr = ]
hjkkj.bakt -> %System32%\hjkkj.bakt -> [Ver = | Size = 1813912 bytes | Created Date = 6/20/2007 4:19:45 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/22/2007 6:22:56 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 4/22/2007 6:22:56 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/22/2007 6:22:56 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 4/22/2007 6:22:56 PM | Attr = ]
jkkhhed.dll -> %System32%\jkkhhed.dll -> [Ver = | Size = 31254 bytes | Created Date = 6/20/2007 4:14:19 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 6/14/2007 8:23:38 PM | Attr = ]
locate.com -> %System32%\locate.com -> [Ver = | Size = 11254 bytes | Created Date = 4/22/2007 9:55:04 AM | Attr = ]
MSINET.oca -> %System32%\MSINET.oca -> [Ver = | Size = 29184 bytes | Created Date = 4/26/2007 12:30:14 AM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 5/16/2007 6:17:42 AM | Attr = ]
PreInstall -> %System32%\PreInstall -> [Folder | Created Date = 5/10/2007 5:49:46 PM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 6/17/2007 6:34:20 PM | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 6/17/2007 6:34:20 PM | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Created Date = 6/13/2007 10:27:15 PM | Attr = R ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 6/14/2007 12:03:26 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 6/14/2007 12:03:26 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/14/2007 12:03:26 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2066 bytes | Created Date = 6/17/2007 6:34:35 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 4/22/2007 8:37:44 AM | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 6/14/2007 12:03:26 PM | Attr = ]
win -> %System32%\win -> [Folder | Created Date = 6/13/2007 6:18:53 AM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 5/16/2007 6:18:17 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 6/14/2007 4:35:06 PM | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 6/14/2007 4:35:05 PM | Attr = ]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Created Date = 6/14/2007 8:23:40 PM | Attr = ]
Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage -> [Folder | Created Date = 5/10/2007 5:50:15 PM | Attr = ]
Yahoo! Companion -> %AllUsersAppData%\Yahoo! Companion -> [Folder | Created Date = 5/17/2007 4:12:37 PM | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 6/14/2007 4:35:13 PM | Attr = ]
TrojanHunter -> %UserAppData%\TrojanHunter -> [Folder | Created Date = 6/13/2007 10:28:05 PM | Attr = ]
Uniblue -> %UserAppData%\Uniblue -> [Folder | Created Date = 6/1/2007 3:19:56 PM | Attr = ]
Mozilla -> %LocalAppData%\Mozilla -> [Folder | Created Date = 6/4/2007 3:01:52 PM | Attr = ]
chevelle -> %UserDesktop%\chevelle -> [Folder | Created Date = 6/20/2007 7:29:04 AM | Attr = ]
MalWare Removal View topic - popups and browser hijack.htm -> %UserDesktop%\MalWare Removal View topic - popups and browser hijack.htm -> [Ver = | Size = 172160 bytes | Created Date = 6/20/2007 12:36:55 PM | Attr = ]
MalWare Removal View topic - popups and browser hijack_files -> %UserDesktop%\MalWare Removal View topic - popups and browser hijack_files -> [Folder | Created Date = 6/20/2007 6:14:22 PM | Attr = ]
New Folder (2) -> %UserDesktop%\New Folder (2) -> [Folder | Created Date = 6/6/2007 6:43:15 PM | Attr = ]
New Folder (3) -> %UserDesktop%\New Folder (3) -> [Folder | Created Date = 6/16/2007 5:43:36 AM | Attr = ]
SpywareBlaster.lnk -> %UserDesktop%\SpywareBlaster.lnk -> [Ver = | Size = 725 bytes | Created Date = 6/20/2007 12:27:54 PM | Attr = ]
spywareblastersetup351.exe -> %UserDesktop%\spywareblastersetup351.exe -> Javacool Software LLC [Ver = 3.5.1 | Size = 2566736 bytes | Created Date = 6/20/2007 12:25:06 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spywareblastersetup351.exe:Zone.Identifier ->
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 5/10/2007 6:00:30 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 6/2/2007 12:53:40 AM | Attr = HS]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 6/19/2007 6:17:16 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/1/2007 3:43:44 PM | Attr = HS]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 6/1/2007 12:33:20 AM | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 6/18/2007 8:44:14 PM | Attr = ]
hidownload -> %SystemDrive%\hidownload -> [Folder | Modified Date = 5/29/2007 8:39:06 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/20/2007 6:40:36 PM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 6/1/2007 11:53:58 PM | Attr = HS]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 6/20/2007 4:33:22 AM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 6/2/2007 12:51:30 AM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 6/20/2007 6:38:00 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/20/2007 6:45:06 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 6/19/2007 7:38:24 PM | Attr = ]
b122.exe -> %SystemRoot%\b122.exe -> [Ver = | Size = 99855 bytes | Modified Date = 6/12/2007 4:12:50 AM | Attr = ]
b136.exe -> %SystemRoot%\b136.exe -> [Ver = | Size = 123544 bytes | Modified Date = 6/5/2007 8:51:40 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/20/2007 6:39:54 PM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87552 bytes | Modified Date = 6/5/2007 5:24:04 AM | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 6/19/2007 6:26:16 PM | Attr = HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/19/2007 7:38:40 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 6/14/2007 1:10:18 PM | Attr = ]
IDMan.INI -> %SystemRoot%\IDMan.INI -> [Ver = | Size = 68 bytes | Modified Date = 6/18/2007 3:35:30 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/14/2007 9:23:40 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/1/2007 3:43:48 PM | Attr = HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 6/19/2007 9:15:02 PM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 6/4/2007 4:07:04 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/20/2007 6:45:20 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 6/10/2007 4:44:26 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/14/2007 7:41:14 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 6/17/2007 12:34:10 AM | Attr = ]
retadpu2000219.exe -> %SystemRoot%\retadpu2000219.exe -> [Ver = 1, 0, 0, 6 | Size = 40960 bytes | Modified Date = 6/20/2007 5:14:20 AM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 6/19/2007 7:41:14 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 893 bytes | Modified Date = 6/17/2007 1:36:36 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6/20/2007 7:16:20 PM | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 6/20/2007 7:16:24 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 526 bytes | Modified Date = 6/2/2007 12:53:40 AM | Attr = ]
Norton AntiVirus - Run Full System Scan - HDebo.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - HDebo.job -> [Ver = | Size = 572 bytes | Modified Date = 6/15/2007 7:25:44 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/20/2007 6:40:02 PM | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 6/19/2007 7:41:18 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/20/2007 5:17:44 PM | Attr = ]
cbadd.bak1 -> %System32%\cbadd.bak1 -> [Ver = | Size = 6530 bytes | Modified Date = 6/20/2007 6:45:20 PM | Attr = HS]
cbadd.ini -> %System32%\cbadd.ini -> [Ver = | Size = 6727 bytes | Modified Date = 6/20/2007 7:16:20 PM | Attr = HS]
config -> %System32%\config -> [Folder | Modified Date = 6/19/2007 7:41:34 PM | Attr = ]
ddabc.dll -> %System32%\ddabc.dll -> [Ver = | Size = 266336 bytes | Modified Date = 6/20/2007 6:45:08 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/14/2007 1:07:54 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/20/2007 6:32:48 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 6/19/2007 7:01:30 PM | Attr = ]
hjkkj.bakt -> %System32%\hjkkj.bakt -> [Ver = | Size = 1813912 bytes | Modified Date = 6/20/2007 5:19:46 PM | Attr = ]
jkkhhed.dll -> %System32%\jkkhhed.dll -> [Ver = | Size = 31254 bytes | Modified Date = 6/20/2007 5:14:20 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 6/14/2007 9:23:40 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 6/19/2007 7:01:30 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 6/2/2007 12:51:30 AM | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Modified Date = 6/13/2007 11:27:20 PM | Attr = R ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2066 bytes | Modified Date = 6/17/2007 7:34:36 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 6/19/2007 7:01:30 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 6/19/2007 7:44:24 PM | Attr = ]
win -> %System32%\win -> [Folder | Modified Date = 6/13/2007 7:18:54 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 6/20/2007 1:35:18 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 8:10:42 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 6/20/2007 4:28:06 AM | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 6/14/2007 5:35:06 PM | Attr = ]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Modified Date = 6/14/2007 9:23:42 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 6/17/2007 1:26:44 AM | Attr = ]
DMCache -> %UserAppData%\DMCache -> [Folder | Modified Date = 6/20/2007 10:27:18 AM | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 6/14/2007 5:35:14 PM | Attr = ]
TrojanHunter -> %UserAppData%\TrojanHunter -> [Folder | Modified Date = 6/13/2007 11:28:06 PM | Attr = ]
Uniblue -> %UserAppData%\Uniblue -> [Folder | Modified Date = 6/1/2007 4:19:58 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4321778 bytes | Modified Date = 6/1/2007 11:48:22 PM | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 6/20/2007 5:01:52 PM | Attr = ]
Mozilla -> %LocalAppData%\Mozilla -> [Folder | Modified Date = 6/4/2007 4:01:54 PM | Attr = ]
Anti Malware Tools -> %UserDocuments%\Anti Malware Tools -> [Folder | Modified Date = 6/1/2007 9:59:22 AM | Attr = ]
Sexy -> %UserDocuments%\Sexy -> [Folder | Modified Date = 6/15/2007 11:11:02 PM | Attr = ]
chevelle -> %UserDesktop%\chevelle -> [Folder | Modified Date = 6/20/2007 8:34:42 AM | Attr = ]
MalWare Removal View topic - popups and browser hijack.htm -> %UserDesktop%\MalWare Removal View topic - popups and browser hijack.htm -> [Ver = | Size = 172160 bytes | Modified Date = 6/20/2007 7:14:24 PM | Attr = ]
MalWare Removal View topic - popups and browser hijack_files -> %UserDesktop%\MalWare Removal View topic - popups and browser hijack_files -> [Folder | Modified Date = 6/20/2007 7:14:24 PM | Attr = ]
New Folder (2) -> %UserDesktop%\New Folder (2) -> [Folder | Modified Date = 6/6/2007 10:50:14 PM | Attr = ]
New Folder (3) -> %UserDesktop%\New Folder (3) -> [Folder | Modified Date = 6/20/2007 1:34:00 PM | Attr = ]
SpywareBlaster.lnk -> %UserDesktop%\SpywareBlaster.lnk -> [Ver = | Size = 725 bytes | Modified Date = 6/20/2007 1:27:56 PM | Attr = ]
spywareblastersetup351.exe -> %UserDesktop%\spywareblastersetup351.exe -> Javacool Software LLC [Ver = 3.5.1 | Size = 2566736 bytes | Modified Date = 6/20/2007 1:25:08 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spywareblastersetup351.exe:Zone.Identifier ->
Vid -> %UserDesktop%\Vid -> [Folder | Modified Date = 6/18/2007 10:45:52 PM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 6/19/2007 7:23:22 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , -> %SystemRoot%\retadpu2000219.exe -> [Ver = 1, 0, 0, 6 | Size = 40960 bytes | Modified Date = 6/20/2007 5:14:20 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.0.1.435 | Size = 58368 bytes | Modified Date = 7/25/2005 2:06:20 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 10/16/2001 10:50:04 AM | Attr = ]
WSUD , -> %System32%\dwSock6.dll -> Desaware Inc. [Ver = 1.01.0007 | Size = 200704 bytes | Modified Date = 8/26/2003 9:54:24 AM | Attr = ]
UPX! , -> %System32%\locate.com -> [Ver = | Size = 11254 bytes | Modified Date = 1/13/2005 10:41:48 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 10/7/2006 5:18:32 AM | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 5:49:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\t3odm.dll -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 4/30/2004 10:46:24 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 10/16/2001 10:54:26 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 10/16/2001 11:48:56 AM | Attr = ]
PTech , -> %UserAppData%\Picture Patrol O Groups -> [Ver = | Size = 808074 bytes | Modified Date = 1/4/2005 12:23:00 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\1400.pdf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\carb_app_chart.pdf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\carb_faq.pdf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\carb_owners_manual.pdf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\ISORecorderV2RC1.msi:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\PPJ11bf.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spywareblastersetup351.exe:Zone.Identifier ->
Thawte Consulting , -> %UserDesktop%\spywareblastersetup351.exe -> Javacool Software LLC [Ver = 3.5.1 | Size = 2566736 bytes | Modified Date = 6/20/2007 1:25:08 PM | Attr = ]

< End of report >
hdebo
Regular Member
 
Posts: 26
Joined: June 13th, 2007, 8:12 pm

Unread postby tim s » June 20th, 2007, 8:43 pm

Hi hdebo

Please do the following:

Start WinPFind3U.
Copy/Paste the information that is inside of the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
NOTE*(make sure to just highlight and copy what is inside of the quote box nothing outside of it)

[Processes - Non-Microsoft Only]
YY -> retadpu2000219.exe -> %SystemRoot%\retadpu2000219.exe
YY -> wiglrxpe.exe -> %LocalSettings%\Temp\wiglrxpe.exe
[Win32 Services - Non-Microsoft Only]
YY -> (DomainService) DomainService [Win32_Own | Auto | Running] -> %LocalSettings%\Temp\wiglrxpe.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> runner1 -> %SystemRoot%\retadpu2000219.exe
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhhed.dll []
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> ddabc -> %System32%\ddabc.dll
YY -> jkkhhed -> %System32%\jkkhhed.dll
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {4D6ED517-E7D5-4FA0-95F8-358268C051A0} [HKLM] -> %System32%\ddabc.dll [Reg Data - Value does not exist]
YY -> {C157A695-B31D-426F-9455-1801B7F0B4A0} [HKLM] -> %ProgramFiles%\Online Services\sademowu43855.dll []
YY -> {DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhhed.dll [Reg Data - Value does not exist]
[Files/Folders - Created Within 60 days]
NY -> b122.exe -> %SystemRoot%\b122.exe
NY -> b136.exe -> %SystemRoot%\b136.exe
NY -> retadpu2000219.exe -> %SystemRoot%\retadpu2000219.exe
NY -> cbadd.bak1 -> %System32%\cbadd.bak1
NY -> cbadd.ini -> %System32%\cbadd.ini
NY -> ddabc.dll -> %System32%\ddabc.dll
NY -> hjkkj.bakt -> %System32%\hjkkj.bakt
NY -> jkkhhed.dll -> %System32%\jkkhhed.dll
NY -> MSINET.oca -> %System32%\MSINET.oca
[Files/Folders - Modified Within 30 days]
NY -> b122.exe -> %SystemRoot%\b122.exe
NY -> b136.exe -> %SystemRoot%\b136.exe
NY -> retadpu2000219.exe -> %SystemRoot%\retadpu2000219.exe
NY -> cbadd.bak1 -> %System32%\cbadd.bak1
NY -> cbadd.ini -> %System32%\cbadd.ini
NY -> ddabc.dll -> %System32%\ddabc.dll
NY -> hjkkj.bakt -> %System32%\hjkkj.bakt
NY -> jkkhhed.dll -> %System32%\jkkhhed.dll
[File String Scan - Non-Microsoft Only]
NY -> UPX! , -> %SystemRoot%\retadpu2000219.exe


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished.
Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
NOTE* If for some reason Notepad does not open with log of actions taken.
The log will be in the Winpfind3u folder and will have a name like this:

( mmddyyyy_hhmmss.log)

Just copy and paste that log in your next reply.


-----------------------------------------------------------------

This is next:

Open Notepad(not wordpad) and copy and paste the following into it:


Code: Select all
# Copyright © 1993-1999 Microsoft Corp.
#  
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#  
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#  
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#  
# For example:
#  
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#  
127.0.0.1 localhost


Next go to File menu at top of notepad and choose Save as

Name the file "Hosts" (The quotation marks prevent Windows from giving the file an extension, which by default for Notepad will be .txt.)

Now save this to your desktop for now so we can put it in the correct folder.

Now we are going to navigate to this folder

C:\WINDOWS\SYSTEM32\DRIVERS\ETC
  • Click on start then My computer
  • double click C; drive to open
  • double click Windows folder to open
  • locate SYSTEM32 folder open it
  • locate DRIVERS folder open it
  • locate ETC folder open it
  • Now slide Hosts file you saved to your desktop into this folder. (NOTE* If you get a message that file already exit do you wish to replace click yes.)

Close all open windows and restart computer.

------------------------------------------------------------------------------------

Now try this agian

Please do the following.

Download HostsXpert and unzip it to your desktop.
Open HostsXpert that you earlier unzipped on your desktop
Click "Make Hosts Writable?" upper right corner (if available)
Click "Restore Microsoft's Original Hosts File" and then click OK
Close HostsXpert

restart computer here.

----------------------------------------------------------------

Here we are going to clean out temp files from your computer.

Re-run CCleaner
  • Double click the CCleaner shortcut on the desktop to start the program.
    • On the Windows tab, under Internet Explorer,
      • All Boxes should have a check mark. (You will need to re-enter your passwords at all sites where a cookie is used to recognize you when you visit).
    • On the Windows tab, under Windows Explorer,
      • All Boxes should have a check mark.
    • On the Windows tab, under System,
      • All Boxes should have a check mark.
    • On the Windows tab, under Advanced,
      • NO check marks
  • If you use either the Firefox or Mozilla browsers, the box to put check in for "Cookies" is on the Applications tab, under Firefox/Mozilla. If already checked move to next step.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.
  • You will need to reboot here if not ask to do so.
_______________________________

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Open AVG Anti-Spyware:


  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports. NOTE* If this is not selected you will not be able to click Save Scan Report button when instructed to do so.
    • Under What to scan? - Select Scan every file.
Close AVG Anti-Spyware without running yet.
Now disable (turn off AVG Anti-Spyware)
  • Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.

______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________


Open AVG Anti-Spyware program.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
Restart computer back into normal mode.

-----------------------------------------------------------

Post these in next reply:
WinpFind3u log located in WinpFind3u folder ( mmddyyyy_hhmmss.log)
AVG Anti-Spyware report
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby hdebo » June 20th, 2007, 11:03 pm

I ran all the test but still had trouble running hostxpert. Here are the other logs requested. Thank you again for all the help

[Processes - Non-Microsoft Only]
Process retadpu2000219.exe killed successfully.
C:\WINDOWS\retadpu2000219.exe moved successfully.
Unable to kill process wiglrxpe.exe .
C:\Documents and Settings\HDebo\Local Settings\Temp\wiglrxpe.exe moved successfully.
[Win32 Services - Non-Microsoft Only]
Service DomainService stopped successfully.
Service DomainService deleted successfully.
File C:\Documents and Settings\HDebo\Local Settings\Temp\wiglrxpe.exe not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 deleted successfully.
File C:\WINDOWS\retadpu2000219.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
File move failed. C:\WINDOWS\SYSTEM32\jkkhhed.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddabc deleted successfully.
File move failed. C:\WINDOWS\SYSTEM32\ddabc.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkhhed deleted successfully.
File move failed. C:\WINDOWS\SYSTEM32\jkkhhed.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D6ED517-E7D5-4FA0-95F8-358268C051A0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D6ED517-E7D5-4FA0-95F8-358268C051A0} deleted successfully.
File move failed. C:\WINDOWS\SYSTEM32\ddabc.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C157A695-B31D-426F-9455-1801B7F0B4A0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C157A695-B31D-426F-9455-1801B7F0B4A0} deleted successfully.
C:\Program Files\Online Services\sademowu43855.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
File move failed. C:\WINDOWS\SYSTEM32\jkkhhed.dll scheduled to be moved on reboot.
[Files/Folders - Created Within 60 days]
File C:\WINDOWS\b122.exe not found!
C:\WINDOWS\b136.exe moved successfully.
File C:\WINDOWS\retadpu2000219.exe not found!
C:\WINDOWS\SYSTEM32\cbadd.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\cbadd.ini moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\ddabc.dll scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\hjkkj.bakt moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\jkkhhed.dll scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\MSINET.oca moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\b122.exe not found!
File C:\WINDOWS\b136.exe not found!
File C:\WINDOWS\retadpu2000219.exe not found!
File C:\WINDOWS\SYSTEM32\cbadd.bak1 not found!
File C:\WINDOWS\SYSTEM32\cbadd.ini not found!
File move failed. C:\WINDOWS\SYSTEM32\ddabc.dll scheduled to be moved on reboot.
File C:\WINDOWS\SYSTEM32\hjkkj.bakt not found!
File move failed. C:\WINDOWS\SYSTEM32\jkkhhed.dll scheduled to be moved on reboot.
[File String Scan - Non-Microsoft Only]
File C:\WINDOWS\retadpu2000219.exe not found!
< End of log >
Created on 06/20/2007 22:03:06

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:56:44 PM 6/20/2007

+ Scan result:



C:\System Volume Information\_restore{138B4596-94AF-4C6B-B0CE-7C09C0FF9E41}\RP36\A0003827.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{138B4596-94AF-4C6B-B0CE-7C09C0FF9E41}\RP36\A0003755.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{138B4596-94AF-4C6B-B0CE-7C09C0FF9E41}\RP36\A0003756.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{138B4596-94AF-4C6B-B0CE-7C09C0FF9E41}\RP36\A0003757.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{138B4596-94AF-4C6B-B0CE-7C09C0FF9E41}\RP36\A0003805.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{138B4596-94AF-4C6B-B0CE-7C09C0FF9E41}\RP36\A0003806.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{138B4596-94AF-4C6B-B0CE-7C09C0FF9E41}\RP36\A0003807.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\b129.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\HDebo\Desktop\New Folder (3)\WinPFind3u\MovedFiles\WINDOWS\b136.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\Documents and Settings\HDebo\Cookies\hdebo@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\HDebo\Cookies\hdebo@fortunecity[1].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\HDebo\Cookies\hdebo@ehg-kasperskylab.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HDebo\Cookies\hdebo@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HDebo\Cookies\hdebo@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\HDebo\Cookies\hdebo@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\HDebo\Cookies\hdebo@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\HDebo\Cookies\hdebo@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\HDebo\Cookies\hdebo@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\HDebo\Cookies\hdebo@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\HDebo\Desktop\New Folder (3)\WinPFind3u\MovedFiles\Documents and Settings\HDebo\Local Settings\Temp\wiglrxpe.exe -> Trojan.Agent.aoy : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 11:02:32 PM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {445B35C9-CF66-4ADE-A407-B44D7C5C9648} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AF249272-6A56-43C4-BCE2-715C52C444C3} - C:\WINDOWS\system32\ddabc.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\jkkhhed.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: ddabc - C:\WINDOWS\system32\ddabc.dll
O20 - Winlogon Notify: jkkhhed - C:\WINDOWS\SYSTEM32\jkkhhed.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
hdebo
Regular Member
 
Posts: 26
Joined: June 13th, 2007, 8:12 pm

Unread postby tim s » June 20th, 2007, 11:20 pm

Hi hdebo,

Ok now I need you to make sure to dowload fresh updated copies of tools here. If you still have copies from before delete them before following fix.

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
-----------------------------------------------------

Next do the following:
1. Download this file - combofix.exe
2. Close all open windows.
3. Double click combofix.exe & follow the prompts.
4. When finished, it shall produce a log for you. It is located >> C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


-----------------------------------------------------------------------

Please post in next reply
C:\vundofix.txt
C:\ComboFix.txt
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby hdebo » June 21st, 2007, 1:33 am

Here are the requested logs.
Vundo

VundoFix V4.2.73

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.9

Scan started at 6:53:46 PM 5/10/2007

Listing files found while scanning....


No infected files were found.


VundoFix V4.2.73

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.9

Scan started at 7:24:43 PM 5/15/2007

Listing files found while scanning....


C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.tmp
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\ututv.tmp
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\vtutu.dll
Attempting to delete C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ututv.tmp
C:\WINDOWS\system32\ututv.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\ututv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vtutu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vtutu.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V4.2.73

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.9

Scan started at 7:29:02 PM 5/15/2007

Listing files found while scanning....


C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\vtutu.dll
Attempting to delete C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vtutu.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V4.2.73

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.9

Scan started at 7:32:29 PM 5/15/2007

Listing files found while scanning....


No infected files were found.


VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 7:25:19 PM 5/16/2007

Listing files found while scanning....

c:\windows\servicepackfiles\i386\odbctask.dll
C:\WINDOWS\system32\ilkkj.bak1
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\ilkkj.tmp
C:\WINDOWS\system32\jkkli.dll

Beginning removal...

Attempting to delete c:\windows\servicepackfiles\i386\odbctask.dll
c:\windows\servicepackfiles\i386\odbctask.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ilkkj.bak1
C:\WINDOWS\system32\ilkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\ilkkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilkkj.tmp
C:\WINDOWS\system32\ilkkj.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete c:\windows\servicepackfiles\i386\odbctask.dll
c:\windows\servicepackfiles\i386\odbctask.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 7:40:05 PM 5/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ddaya.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddaya.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddaya.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 7:53:55 PM 5/16/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 5:13:38 PM 6/1/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 7:34:23 PM 6/8/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 1:01:08 PM 6/10/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 7:26:22 AM 6/13/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.0

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 8:33:22 PM 6/13/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.0

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 1:03:07 AM 6/17/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.0

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 1:54:07 AM 6/18/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.0

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 6:33:44 PM 6/20/2007

Listing files found while scanning....

C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hjkkj.tmp
C:\WINDOWS\system32\jkkjh.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hjkkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkkj.tmp
C:\WINDOWS\system32\hjkkj.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 1:14:24 AM 6/21/2007

Listing files found while scanning....

C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\ddabc.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\ddabc.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\ddabc.dll Has been deleted!

Performing Repairs to the registry.
Done!

Combofix
ComboFix 07-06-18.2 - C:\Documents and Settings\HDebo\Desktop\ComboFix.exe
"HDebo" - 2007-06-21 1:23:05 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\core


((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))


2007-06-20 13:27 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-20 05:17 <DIR> d-------- C:\Program Files\WinPop
2007-06-20 05:14 31,254 --a------ C:\WINDOWS\system32\jkkhhed.dll
2007-06-17 19:34 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-17 19:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-17 19:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-17 19:34 2,066 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-14 21:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-14 21:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab
2007-06-14 17:35 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-14 13:03 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 23:28 <DIR> d-------- C:\DOCUME~1\HDebo\APPLIC~1\TrojanHunter
2007-06-13 23:27 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
2007-06-13 07:18 <DIR> d-------- C:\WINDOWS\system32\win
2007-06-04 16:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-01 16:19 <DIR> d-------- C:\DOCUME~1\HDebo\APPLIC~1\Uniblue
2007-06-01 00:33 524,288 --ah----- C:\DOCUME~1\ADMINI~1.DES\NTUSER.DAT
2007-05-29 20:35 <DIR> d-------- C:\hidownload
2007-05-28 06:03 454 --a------ C:\WINDOWS\system32\close.vbs


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-21 03:02:29 -------- d-----w C:\Program Files\HJT
2007-06-20 14:27:17 -------- d-----w C:\DOCUME~1\HDebo\APPLIC~1\DMCache
2007-06-20 09:14:23 -------- d-----w C:\Program Files\Online Services
2007-06-19 23:27:45 -------- d-----w C:\Program Files\Norton AntiVirus
2007-06-19 23:23:21 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-18 06:16:09 -------- d-----w C:\Program Files\BitComet
2007-06-14 00:51:18 -------- d-----w C:\Program Files\Easy Video Joiner
2007-05-30 00:15:02 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-29 23:57:26 -------- d-----w C:\Program Files\WinPcap
2007-05-10 23:00:55 -------- d-----w C:\DOCUME~1\HDebo\APPLIC~1\Lavasoft
2007-05-10 23:00:48 -------- d-----w C:\Program Files\Lavasoft
2007-05-10 23:00:30 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-04-22 11:38:55 -------- d-----w C:\Program Files\Internet Download Manager
2007-04-22 03:22:38 0 ----a-w C:\WINDOWS\system32\SBRC.dat
2007-04-22 03:22:38 0 ----a-w C:\WINDOWS\system32\SBFC.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 10:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{153CCF78-FC01-4E22-A91B-FBBCBECC9795}=C:\WINDOWS\system32\ddabc.dll []
{445B35C9-CF66-4ADE-A407-B44D7C5C9648}=C:\WINDOWS\system32\jkkjh.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{DC192567-65F9-4AB6-ADB7-E13575F81726}=C:\WINDOWS\system32\jkkhhed.dll [2007-06-20 05:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 04:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperProfessional"="C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE" [2005-06-01 16:09]
"WinPop"="C:\Program Files\WinPop\winpop.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]
"{DC192567-65F9-4AB6-ADB7-E13575F81726}"="C:\WINDOWS\system32\jkkhhed.dll" [2007-06-20 05:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkhhed]
jkkhhed.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ihsService.exe]
"C:\Program Files\Sunbelt Software\iHateSpam\ihsService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton AntiVirus\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S


Contents of the 'Scheduled Tasks' folder
2007-06-15 23:25:43 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HDebo.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-21 01:28:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-21 1:30:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-21 01:30
C:\ComboFix2.txt ... 2007-06-19 18:17
C:\ComboFix3.txt ... 2007-06-18 01:53

--- E O F ---
HJT
Logfile of HijackThis v1.99.1
Scan saved at 1:31:44 AM, on 6/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {153CCF78-FC01-4E22-A91B-FBBCBECC9795} - C:\WINDOWS\system32\ddabc.dll (file missing)
O2 - BHO: (no name) - {445B35C9-CF66-4ADE-A407-B44D7C5C9648} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\jkkhhed.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: jkkhhed - C:\WINDOWS\SYSTEM32\jkkhhed.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
hdebo
Regular Member
 
Posts: 26
Joined: June 13th, 2007, 8:12 pm

Unread postby tim s » June 21st, 2007, 9:37 pm

Hi hdebo,

Thanks for Posting logs.


Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):

    O2 - BHO: (no name) - {153CCF78-FC01-4E22-A91B-FBBCBECC9795} - C:\WINDOWS\system32\ddabc.dll (file missing)
    O2 - BHO: (no name) - {445B35C9-CF66-4ADE-A407-B44D7C5C9648} - C:\WINDOWS\system32\jkkjh.dll (file missing)
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\jkkhhed.dll
    O20 - Winlogon Notify: jkkhhed - C:\WINDOWS\SYSTEM32\jkkhhed.dll

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit HijackThis.


--------------------------------------------

This is next:

Open notepad and copy/paste the text in the quotebox below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.

Code: Select all
File::
C:\WINDOWS\system32\jkkhhed.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] 
"{153CCF78-FC01-4E22-A91B-FBBCBECC9795}"=-
"{445B35C9-CF66-4ADE-A407-B44D7C5C9648}"=-
"{DC192567-65F9-4AB6-ADB7-E13575F81726}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] 
"{DC192567-65F9-4AB6-ADB7-E13575F81726}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkhhed]



Save this as ComboFix-Do.txt

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.
Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.


-------------------------------------------------

Ok try this:

Download and unzip hosts.zip from HERE to a folder (hosts).

When you get a chance please read more about what we are doing HERE.

Here's a Tutorial on how to install it, but it's installed like this:

Open up the hosts folder and double-click on the mvps.bat file, it will rename your present HOSTS file to HOSTS.MVP, then it will copy the new HOSTS file to the correct location on your machine. It happens very quickly so don't blink!

--------------------------------------------------

Please note that a large HOSTS file (over 135 kb) may slow down the machine. This only occurs in W2K and XP.

To fix this:
Go to Start > Run (type) services.msc > OK
Scroll down to DNS Client, Right-click and select: Properties
Click the drop-down arrow for "Startup type"
Select: Manual, click Apply/Ok and restart.


Reboot when done and........

----------------------------------------------------------------

Post in next reply:
ComboFix-Do.txt
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby hdebo » June 22nd, 2007, 4:22 am

OK I ran the tests and here is the logs.
ComboFix 07-06-18.2 - C:\Documents and Settings\HDebo\Desktop\ComboFix.exe
"HDebo" - 2007-06-22 3:57:27 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\HDebo\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\jkkhhed.dll


((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))


2007-06-22 03:41 122,944 --a------ C:\WINDOWS\system32\mseuodbq.exe
2007-06-21 13:36 122,944 --a------ C:\WINDOWS\system32\iybijfrf.exe
2007-06-20 13:27 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-20 05:17 <DIR> d-------- C:\Program Files\WinPop
2007-06-17 19:34 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-17 19:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-17 19:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-17 19:34 2,066 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-14 21:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-14 21:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab
2007-06-14 17:35 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-14 13:03 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 23:28 <DIR> d-------- C:\DOCUME~1\HDebo\APPLIC~1\TrojanHunter
2007-06-13 23:27 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
2007-06-13 07:18 <DIR> d-------- C:\WINDOWS\system32\win
2007-06-04 16:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-01 16:19 <DIR> d-------- C:\DOCUME~1\HDebo\APPLIC~1\Uniblue
2007-06-01 00:33 524,288 --ah----- C:\DOCUME~1\ADMINI~1.DES\NTUSER.DAT
2007-05-29 20:35 <DIR> d-------- C:\hidownload
2007-05-28 06:03 454 --a------ C:\WINDOWS\system32\close.vbs


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 07:43:07 -------- d-----w C:\Program Files\HJT
2007-06-20 14:27:17 -------- d-----w C:\DOCUME~1\HDebo\APPLIC~1\DMCache
2007-06-20 09:14:23 -------- d-----w C:\Program Files\Online Services
2007-06-19 23:27:45 -------- d-----w C:\Program Files\Norton AntiVirus
2007-06-19 23:23:21 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-18 06:16:09 -------- d-----w C:\Program Files\BitComet
2007-06-14 00:51:18 -------- d-----w C:\Program Files\Easy Video Joiner
2007-05-30 00:15:02 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-29 23:57:26 -------- d-----w C:\Program Files\WinPcap
2007-05-10 23:00:55 -------- d-----w C:\DOCUME~1\HDebo\APPLIC~1\Lavasoft
2007-05-10 23:00:48 -------- d-----w C:\Program Files\Lavasoft
2007-05-10 23:00:30 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-04-22 11:38:55 -------- d-----w C:\Program Files\Internet Download Manager
2007-04-22 03:22:38 0 ----a-w C:\WINDOWS\system32\SBRC.dat
2007-04-22 03:22:38 0 ----a-w C:\WINDOWS\system32\SBFC.dat
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 10:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{106EFD46-1084-480F-BEB8-670420D874E5}=C:\WINDOWS\system32\mllmm.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{8A4CA141-0890-4639-AE45-B57CA9E070A7}=C:\WINDOWS\system32\vturp.dll []
{DC192567-65F9-4AB6-ADB7-E13575F81726}=C:\WINDOWS\system32\jkkhhed.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 04:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperProfessional"="C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE" [2005-06-01 16:09]
"WinPop"="C:\Program Files\WinPop\winpop.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ihsService.exe]
"C:\Program Files\Sunbelt Software\iHateSpam\ihsService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton AntiVirus\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S


Contents of the 'Scheduled Tasks' folder
2007-06-15 23:25:43 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HDebo.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-22 04:02:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-22 4:03:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-22 04:03
C:\ComboFix2.txt ... 2007-06-21 01:30
C:\ComboFix3.txt ... 2007-06-19 18:17

--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 4:20:22 AM, on 6/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\iybijfrf.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HJT\analyse.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\iybijfrf.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
hdebo
Regular Member
 
Posts: 26
Joined: June 13th, 2007, 8:12 pm

Unread postby tim s » June 22nd, 2007, 8:26 am

Hi hdebo,

Were able to install Winhelp2002 hosts?

Download Gmer to your Desktop from here:
http://www.gmer.net/gmer.zip
  • Unzip the program onto your Desktop
  • Disconnect from internet and close all running programs
  • Double click gmer.exe, let the gmer.sys driver load if asked
  • If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say OK
  • If no warning....Check that the Rootkit tab is selected and click the Scan button - don't change any settings before you do so
  • Once the scan is complete, click the Copy button
  • Open Notepad and hit Ctrl+V to paste the log and then save the log to your desktop

---------------------------------------------

Post in next reply:
Gmer log
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby tim s » June 22nd, 2007, 3:22 pm

Hi hdebo,

I missed two file in Kaspersky scan that need to be removed. Please do the following.

Go to Start- Run – type in CMD and click OK. The MSDOS window will be displayed. At the prompt type the following:

SC Stop DomainService

Then press Enter

Type:

SC Delete DomainService

Then press Enter.

Type:

exit

Then press Enter


-----------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.

Code: Select all
File::
C:\Documents and Settings\HDebo\Local Settings\Temp\chdpad.exe
C:\WINDOWS\system32\iybijfrf.exe
C:\WINDOWS\system32\mseuodbq.exe

Folder::
C:\Documents and Settings\HDebo\Local Settings\Temporary Internet Files\Content.IE5\REFLPHNZ

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] 
"{106EFD46-1084-480F-BEB8-670420D874E5}"=-
"{8A4CA141-0890-4639-AE45-B57CA9E070A7}"=- 
"{DC192567-65F9-4AB6-ADB7-E13575F81726}"=- 



Save this as ComboFix-Do.txt

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.
Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.


--------------------------------------------------------

To enable the viewing of Hidden files follow these steps:
  1. Close all programs so that you are at your desktop.
  2. Click Start, then select My Computer)
  3. Select the Tools (at top of opened screen in menu and click Folder Options.
  4. After the new window appears select the View tab.
  5. Put a checkmark in the checkbox labeled Display the contents of system folders.
  6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
  9. Press the Apply button and then the OK button and shutdown My Computer.
    Now your computer is configured to show all hidden files.


--------------------------------------------------------------

Use Explorer to navigate to and clean out contents of Norton AntiVirus Quarantine folder:

Folder:

  • C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine <<<< delete remove whats inside folder.


------------------------------------------------------------

Recycle bin needs to be emptied These are show up in Kaspersky scan log. Can be re-enbled when done cleaning.

Disabling the Norton Protected Recycle Bin should delete the items Norton has stored in the Recycler folder:
(Note* the NProtect folder is a Norton component; specifically, it's the folder where the Norton Protected Recycle Bin feature stores items you delete.)

1 . On the Windows desktop, right-click the Recycle Bin icon, and then click Properties.

2 . On the Global tab, click Use One Setting for All Drives.

3 . On the Recycle Bin tab, click Standard Recycle Bin.

4 . In the Title field, type the following text: Recycle Bin

5 . On the Norton Protection tab, select a drive, and then uncheck Enable Protection.

Repeat this step for each drive.

6. Select Also Empty Protected Files.

7 . Click OK, and then click OK again.

8 . Make sure Recycle bin has been emptied out.

9 . Restart the computer.
-----------------------------------------------------------------

Now Re-run Kaspersky Online Scanner

Notice!
A new version of Kaspersky Virus Scanner has been released on August 8, 2006. If you have installed a previous version, you must unistall that program first before installing the new version. To uninstall, please go to the computer control panel and select "Add/Remove Programs." Close all Internet Explorer windows before uninstalling the Kaspersky Online Scanner.
Note* You must use Internet Explorer for the scan not Firefox if you have it.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save Report As button:
    • Save the file to your desktop.
    • File Type: Text file (*.txt).
    • Name: Kav.txt for example
  • Copy and paste that information in your next post.
==========================


Post in next reply:
Kaspersky scan report <<< make sure complete log get posted if too long split into separate reply posts
ComboFix-Do.txt
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby hdebo » June 22nd, 2007, 9:37 pm

That host tool worked fine. I did the test you asked except the kaspersky scan as there is a problem with the web site. Is there another scanner online I can run? here is the other logs requested.

Combofix
ComboFix 07-06-18.2 - C:\Documents and Settings\HDebo\Desktop\ComboFix.exe
"HDebo" - 2007-06-22 21:07:37 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\HDebo\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\iybijfrf.exe
C:\WINDOWS\system32\mseuodbq.exe


((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))


2007-06-20 13:27 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-20 05:17 <DIR> d-------- C:\Program Files\WinPop
2007-06-17 19:34 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-17 19:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-17 19:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-17 19:34 2,066 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-14 21:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-14 21:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab
2007-06-14 17:35 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-14 13:03 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 23:28 <DIR> d-------- C:\DOCUME~1\HDebo\APPLIC~1\TrojanHunter
2007-06-13 23:27 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
2007-06-13 07:18 <DIR> d-------- C:\WINDOWS\system32\win
2007-06-04 16:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-01 16:19 <DIR> d-------- C:\DOCUME~1\HDebo\APPLIC~1\Uniblue
2007-06-01 00:33 524,288 --ah----- C:\DOCUME~1\ADMINI~1.DES\NTUSER.DAT
2007-05-29 20:35 <DIR> d-------- C:\hidownload
2007-05-28 06:03 454 --a------ C:\WINDOWS\system32\close.vbs


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 23:34:43 -------- d-----w C:\DOCUME~1\HDebo\APPLIC~1\DMCache
2007-06-22 08:20:15 -------- d-----w C:\Program Files\HJT
2007-06-20 09:14:23 -------- d-----w C:\Program Files\Online Services
2007-06-19 23:27:45 -------- d-----w C:\Program Files\Norton AntiVirus
2007-06-19 23:23:21 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-18 06:16:09 -------- d-----w C:\Program Files\BitComet
2007-06-14 00:51:18 -------- d-----w C:\Program Files\Easy Video Joiner
2007-05-30 00:15:02 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-29 23:57:26 -------- d-----w C:\Program Files\WinPcap
2007-05-10 23:00:55 -------- d-----w C:\DOCUME~1\HDebo\APPLIC~1\Lavasoft
2007-05-10 23:00:48 -------- d-----w C:\Program Files\Lavasoft
2007-05-10 23:00:30 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-04-22 03:22:38 0 ----a-w C:\WINDOWS\system32\SBRC.dat
2007-04-22 03:22:38 0 ----a-w C:\WINDOWS\system32\SBFC.dat
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 10:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 04:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperProfessional"="C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE" [2005-06-01 16:09]
"WinPop"="C:\Program Files\WinPop\winpop.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ihsService.exe]
"C:\Program Files\Sunbelt Software\iHateSpam\ihsService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton AntiVirus\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

*Newly Created Service* - GMER

Contents of the 'Scheduled Tasks' folder
2007-06-22 23:28:20 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HDebo.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-22 21:08:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-22 21:08:59
C:\ComboFix-quarantined-files.txt ... 2007-06-22 21:08
C:\ComboFix2.txt ... 2007-06-22 04:03
C:\ComboFix3.txt ... 2007-06-21 01:30

--- E O F ---
Gmer
GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-06-22 21:05:32
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 8663A110 ZwAlertResumeThread
SSDT 86618380 ZwAlertThread
SSDT 86465888 ZwAllocateVirtualMemory
SSDT 8663FD88 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 864455D0 ZwCreateMutant
SSDT 86465078 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT 86496568 ZwFreeVirtualMemory
SSDT 8662CA78 ZwImpersonateAnonymousToken
SSDT 8662AAE8 ZwImpersonateThread
SSDT 86498E08 ZwMapViewOfSection
SSDT 8649D0A8 ZwOpenEvent
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT 864960E0 ZwOpenProcessToken
SSDT 864814A0 ZwOpenThreadToken
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT 864940D0 ZwResumeThread
SSDT 86482230 ZwSetContextThread
SSDT 862541C8 ZwSetInformationProcess
SSDT 86488168 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 8649B0B0 ZwSuspendProcess
SSDT 86602230 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT 8661B078 ZwTerminateThread
SSDT 864995B8 ZwUnmapViewOfSection
SSDT 863DF4D0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!ZwYieldExecution + AF 804E4F70 2 Bytes [ 10, A1 ]
.text ntoskrnl.exe!ZwYieldExecution + B2 804E4F73 5 Bytes [ 86, 80, 83, 61, 86 ]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD3277.SYS The process cannot access the file because it is being used by another process.
? C:\WINDOWS\system32\DRIVERS\update.sys

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867954D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86418820
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 86795C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 86795EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 865FF450
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86566650
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 86795EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86566650
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 865D4EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 865D4EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 865D4EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 865D4EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 865D4EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 865D4EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 865D4EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 865D4EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 865D4EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 865D4EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 865D4EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 865D4EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{59AD5291-8F8C-42D7-B359-60BD93EE27AE} IRP_MJ_CREATE 865D4EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{59AD5291-8F8C-42D7-B359-60BD93EE27AE} IRP_MJ_CLOSE 865D4EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{59AD5291-8F8C-42D7-B359-60BD93EE27AE} IRP_MJ_DEVICE_CONTROL 865D4EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{59AD5291-8F8C-42D7-B359-60BD93EE27AE} IRP_MJ_INTERNAL_DEVICE_CONTROL 865D4EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{59AD5291-8F8C-42D7-B359-60BD93EE27AE} IRP_MJ_CLEANUP 865D4EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{59AD5291-8F8C-42D7-B359-60BD93EE27AE} IRP_MJ_PNP 865D4EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 86795788
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 8640E0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 864CE0E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 86795EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 862560E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 86418820
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 865687C0

---- EOF - GMER 1.0.12 ----
HJT
Logfile of HijackThis v1.99.1
Scan saved at 9:37:16 PM, on 6/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\NAVW32.exe
C:\Program Files\HJT\analyse.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
hdebo
Regular Member
 
Posts: 26
Joined: June 13th, 2007, 8:12 pm

Unread postby tim s » June 22nd, 2007, 9:49 pm

Hi hdebo,

Good job logs are looking better and yes there is another online scanner, but first do the following:

Need Re-run Vundo.exe


  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

----------------------------------------------------

Scan with F-Secure Online Scanner
  • Open this page in Internet Explorer:
    http://support.f-secure.com/enu/home/ols.shtml
  • Press Start scanning - this will open a new window
  • Allow the ActiveX control to install and run then Accept the license terms
  • Click Custom Scan, place a checkmark next to Scan inside archives, leave all other options at the defaults and press Start
  • The scanner will now download, then it will fully scan your computer for malware - this will take some time to complete
  • Press Automatic cleaning (recommended)
  • Once it has finished the cleaning process, click Show Report
  • Select File->Save As..., change Save as type: to Text File and save the report to your Desktop
  • Post a copy of the report in your next response


------------------------------------------------------

Please post in next reply:
C:\vundofix.txt
F-Secure Online Scan report
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware