Author Topic: Guestolo help - HJT log (Read 651 times)

ummzee · « **on:** September 03, 2007, 10:20:04 PM »

Hello,

Please view my log and offer any help you can.

I am getting massive pop-ups.

I have run CCleaner, AVG Anit-spyware and Trojan Hunter several times and the popup occur even when I am not on the internet.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:03 PM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hosycasyn] C:\Program Files\Online Services\hosycasyn22011.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\uuuyewby.dll",forkonce
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Rsoc] "C:\PROGRA~1\COMMON~1\YMBOLS~1\netdde.exe" -vt ndrv
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\xocqgqnj.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\progyrtaq.html

--
End of file - 4613 bytes

guestolo · « **Reply #1 on:** September 03, 2007, 11:10:11 PM »

Your malware protections may interfere with any fixes we try
Can you do the following
Disable Trojan Hunter Guard:

* Go to TrojanHunter Guard in the lower right corner of your screen.
* Right click it and select settings. Uncheck "Load at startup" and "Enabled"

Disable AVG Anti-Spyware Guard
Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
In the Resident Shield section, toggle the AVG Anti-Spyware active protection off by clicking Change state which will then change the protection status to 'inactive'
If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield.
Reply No and set it to inactive for the duration of your cleanup.

Leave these protections disabled until after we have you clean please

Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

1. Post the log from Combofix, this log can also be found at C:\Combofix.txt
2. Post a fresh hijackthis log

ummzee · « **Reply #2 on:** September 04, 2007, 08:40:57 AM »

QUOTE (guestolo @ Sep 3 2007, 10:10 PM) <{POST_SNAPBACK}>

Your malware protections may interfere with any fixes we tryCan you do the followingDisable Trojan Hunter Guard: * Go to TrojanHunter Guard in the lower right corner of your screen. * Right click it and select settings. Uncheck "Load at startup" and "Enabled"Disable AVG Anti-Spyware Guard Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.In the Resident Shield section, toggle the AVG Anti-Spyware active protection off by clicking Change state which will then change the protection status to 'inactive'If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield.Reply No and set it to inactive for the duration of your cleanup.Leave these protections disabled until after we have you clean pleaseDownload this file - Combofix.exe and save it ONLY to your desktopDouble click combofix.exe & follow the prompts.When finished, it shall produce a log for you.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall1. Post the log from Combofix, this log can also be found at C:\Combofix.txt2. Post a fresh hijackthis log

combofixComboFix 07-08-30.3 - "Administrator" 2007-09-04 7:28:37.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.251 [GMT -4:00] * Created a new restore point((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft\25319.datC:\DOCUME~1\ADMINI~1\APPLIC~1\winantispyware 2007C:\DOCUME~1\ADMINI~1\APPLIC~1\WinAntiVirus Pro 2007C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouchC:\DOCUME~1\ADMINI~1\Desktop\internet.lnkC:\DOCUME~1\ADMINI~1\Desktop\WinAntiSpyware 2007.lnkC:\DOCUME~1\ADMINI~1\err.logC:\DOCUME~1\ADMINI~1\MYDOCU~1\dobe~1C:\DOCUME~1\ADMINI~1\ResErrors.logC:\DOCUME~1\ADMINI~1\STARTM~1\Programs\OuterinfoC:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitorC:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\AbbrC:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ActivationCodeC:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\CustomerEmailC:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\CustomerNameC:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\OIDC:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\PCIDC:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCodeC:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\SuspiciousC:\DOCUME~1\ALLUSE~1\APPLIC~1\winantispyware 2007C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007C:\Documents and Settings\All Users.\documents\settingsC:\Documents and Settings\All Users.\documents\settings\desktop.iniC:\Program Files\Common Files\Companion WizardC:\Program Files\Common Files\companion wizard\compwiz.exeC:\Program Files\Common Files\dobe~1C:\Program Files\Common Files\WinAntiSpyware 2007C:\Program Files\Common Files\winantispyware 2007\err.logC:\Program Files\Common Files\WinAntiVirus Pro 2007C:\Program Files\Common Files\winantivirus pro 2007\err.logC:\Program Files\Common Files\Yazzle1122OinUninstaller.exeC:\Program Files\Common Files\ymbols~1C:\Program Files\Common Files\ymbols~1\?ymbols\C:\Program Files\outerinfoC:\Program Files\outerinfo\OiUninstaller.exeC:\Program Files\outerinfo\outerinfo.icoC:\Program Files\outerinfo\Terms.rtfC:\Program Files\svhostC:\Program Files\WinAntiSpyware 2007C:\Program Files\winantispyware 2007\Activate.datC:\Program Files\winantispyware 2007\appupdate.datC:\Program Files\winantispyware 2007\AsAgents.dllC:\Program Files\winantispyware 2007\AsAgents.xmlC:\Program Files\winantispyware 2007\atl71.dllC:\Program Files\winantispyware 2007\AutoProcess.datC:\Program Files\winantispyware 2007\bnlink.datC:\Program Files\winantispyware 2007\database\enemies.datC:\Program Files\winantispyware 2007\database\knownfiles.datC:\Program Files\winantispyware 2007\database\TEBase.datC:\Program Files\winantispyware 2007\database\vbpv.datC:\Program Files\winantispyware 2007\dbupdate.datC:\Program Files\winantispyware 2007\fopnl.dllC:\Program Files\winantispyware 2007\InstUp.exeC:\Program Files\winantispyware 2007\lapv.datC:\Program Files\winantispyware 2007\license.rtfC:\Program Files\winantispyware 2007\manual.pdfC:\Program Files\winantispyware 2007\manual.urlC:\Program Files\winantispyware 2007\mfc71.dllC:\Program Files\winantispyware 2007\monstate.datC:\Program Files\winantispyware 2007\msvcp71.dllC:\Program Files\winantispyware 2007\msvcr71.dllC:\Program Files\winantispyware 2007\ps.datC:\Program Files\winantispyware 2007\pv.datC:\Program Files\winantispyware 2007\quaratine.dat\#post_quarantineC:\Program Files\winantispyware 2007\quaratine.dat6459e613c60446476f67aa2\#dataC:\Program Files\winantispyware 2007\quaratine.dat6459e613c60446476f67aa2\#internalC:\Program Files\winantispyware 2007\quaratine.dat6459e613c60446476f67aa2\#nameC:\Program Files\winantispyware 2007\quaratine.dat6459e613c60446476f67aa2\9f9d255dbd884b7437606488\#dataC:\Program Files\winantispyware 2007\quaratine.dat6459e613c60446476f67aa2\9f9d255dbd884b7437606488\#internalC:\Program Files\winantispyware 2007\quaratine.dat6459e613c60446476f67aa2\9f9d255dbd884b7437606488\#nameC:\Program Files\winantispyware 2007\quaratine.datdbd32202b374f4f133e93a7\#dataC:\Program Files\winantispyware 2007\quaratine.datdbd32202b374f4f133e93a7\#internalC:\Program Files\winantispyware 2007\quaratine.datdbd32202b374f4f133e93a7\#nameC:\Program Files\winantispyware 2007\quaratine.datdbd32202b374f4f133e93a7\fc101519635048c0b14448ac\#dataC:\Program Files\winantispyware 2007\quaratine.datdbd32202b374f4f133e93a7\fc101519635048c0b14448ac\#internalC:\Program Files\winantispyware 2007\quaratine.datdbd32202b374f4f133e93a7\fc101519635048c0b14448ac\#nameC:\Program Files\winantispyware 2007\quaratine.dateb0ef9f43b14ef378acdb8f\#dataC:\Program Files\winantispyware 2007\quaratine.dateb0ef9f43b14ef378acdb8f\#internalC:\Program Files\winantispyware 2007\quaratine.dateb0ef9f43b14ef378acdb8f\#nameC:\Program Files\winantispyware 2007\quaratine.dateb0ef9f43b14ef378acdb8f\3b1034ccb6544d071bc2d2bb\#dataC:\Program Files\winantispyware 2007\quaratine.dateb0ef9f43b14ef378acdb8f\3b1034ccb6544d071bc2d2bb\#internalC:\Program Files\winantispyware 2007\quaratine.dateb0ef9f43b14ef378acdb8f\3b1034ccb6544d071bc2d2bb\#nameC:\Program Files\winantispyware 2007\quaratine.dat\127a3719e6564a1ec00f0490\#dataC:\Program Files\winantispyware 2007\quaratine.dat\127a3719e6564a1ec00f0490\#internalC:\Program Files\winantispyware 2007\quaratine.dat\127a3719e6564a1ec00f0490\#nameC:\Program Files\winantispyware 2007\quaratine.dat\127a3719e6564a1ec00f0490\b3b9554415a346f96231a38d\#dataC:\Program Files\winantispyware 2007\quaratine.dat\127a3719e6564a1ec00f0490\b3b9554415a346f96231a38d\#internalC:\Program Files\winantispyware 2007\quaratine.dat\127a3719e6564a1ec00f0490\b3b9554415a346f96231a38d\#nameC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\#dataC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\#internalC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\#nameC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\288f34d04eae454566926aab\#dataC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\288f34d04eae454566926aab\#internalC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\288f34d04eae454566926aab\#nameC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\30648b9e5a0347ac4e3c17b7\#dataC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\30648b9e5a0347ac4e3c17b7\#internalC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\30648b9e5a0347ac4e3c17b7\#nameC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\7b0f686abf5b4d2253e48ba5\#dataC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\7b0f686abf5b4d2253e48ba5\#internalC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\7b0f686abf5b4d2253e48ba5\#nameC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\819ced44923e4c2b5ff33dbb\#dataC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\819ced44923e4c2b5ff33dbb\#internalC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\819ced44923e4c2b5ff33dbb\#nameC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\8ffd993805004a89fbaf3d99\#dataC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\8ffd993805004a89fbaf3d99\#internalC:\Program Files\winantispyware 2007\quaratine.dat\14bff0ba29574aebb76dabad\8ffd993805004a89fbaf3d99\#nameC:\Program Files\winantispyware 2007\quaratine.dat\2206d1b6d6644c7db686dcb0\#dataC:\Program Files\winantispyware 2007\quaratine.dat\2206d1b6d6644c7db686dcb0\#internalC:\Program Files\winantispyware 2007\quaratine.dat\2206d1b6d6644c7db686dcb0\#nameC:\Program Files\winantispyware 2007\quaratine.dat\2206d1b6d6644c7db686dcb0\6ebbcac9e2b94a1a196f38bd\#dataC:\Program Files\winantispyware 2007\quaratine.dat\2206d1b6d6644c7db686dcb0\6ebbcac9e2b94a1a196f38bd\#internalC:\Program Files\winantispyware 2007\quaratine.dat\2206d1b6d6644c7db686dcb0\6ebbcac9e2b94a1a196f38bd\#nameC:\Program Files\winantispyware 2007\quaratine.dat\28f6c107b57b459912009692\#dataC:\Program Files\winantispyware 2007\quaratine.dat\28f6c107b57b459912009692\#internalC:\Program Files\winantispyware 2007\quaratine.dat\28f6c107b57b459912009692\#nameC:\Program Files\winantispyware 2007\quaratine.dat\28f6c107b57b459912009692\3c5e1dec90944ab76b09db8f\#dataC:\Program Files\winantispyware 2007\quaratine.dat\28f6c107b57b459912009692\3c5e1dec90944ab76b09db8f\#internalC:\Program Files\winantispyware 2007\quaratine.dat\28f6c107b57b459912009692\3c5e1dec90944ab76b09db8f\#nameC:\Program Files\winantispyware 2007\quaratine.dat\28f6c107b57b459912009692\a70c21b6df0644f4d6aaf0a5\#dataC:\Program Files\winantispyware 2007\quaratine.dat\28f6c107b57b459912009692\a70c21b6df0644f4d6aaf0a5\#internalC:\Program Files\winantispyware 2007\quaratine.dat\28f6c107b57b459912009692\a70c21b6df0644f4d6aaf0a5\#nameC:\Program Files\winantispyware 2007\quaratine.dat\2f9b360818f54975708065ab\#dataC:\Program Files\winantispyware 2007\quaratine.dat\2f9b360818f54975708065ab\#internalC:\Program Files\winantispyware 2007\quaratine.dat\2f9b360818f54975708065ab\#nameC:\Program Files\winantispyware 2007\quaratine.dat\2f9b360818f54975708065abdcf3bd8d2524cbd0e698fb4\#dataC:\Program Files\winantispyware 2007\quaratine.dat\2f9b360818f54975708065abdcf3bd8d2524cbd0e698fb4\#internalC:\Program Files\winantispyware 2007\quaratine.dat\2f9b360818f54975708065abdcf3bd8d2524cbd0e698fb4\#nameC:\Program Files\winantispyware 2007\quaratine.dat\2f9b360818f54975708065ab\f4d82299b68e40ca15e59681\#dataC:\Program Files\winantispyware 2007\quaratine.dat\2f9b360818f54975708065ab\f4d82299b68e40ca15e59681\#internalC:\Program Files\winantispyware 2007\quaratine.dat\2f9b360818f54975708065ab\f4d82299b68e40ca15e59681\#nameC:\Program Files\winantispyware 2007\quaratine.dat\38cf7a214b4f41a87fd6e4ad\#dataC:\Program Files\winantispyware 2007\quaratine.dat\38cf7a214b4f41a87fd6e4ad\#internalC:\Program Files\winantispyware 2007\quaratine.dat\38cf7a214b4f41a87fd6e4ad\#nameC:\Program Files\winantispyware 2007\quaratine.dat\38cf7a214b4f41a87fd6e4ad\2e2766d604dc42ede062f2b8\#dataC:\Program Files\winantispyware 2007\quaratine.dat\38cf7a214b4f41a87fd6e4ad\2e2766d604dc42ede062f2b8\#internalC:\Program Files\winantispyware 2007\quaratine.dat\38cf7a214b4f41a87fd6e4ad\2e2766d604dc42ede062f2b8\#nameC:\Program Files\winantispyware 2007\quaratine.dat\38cf7a214b4f41a87fd6e4ad\ef76921692b3443f47c5d6a6\#dataC:\Program Files\winantispyware 2007\quaratine.dat\38cf7a214b4f41a87fd6e4ad\ef76921692b3443f47c5d6a6\#internalC:\Program Files\winantispyware 2007\quaratine.dat\38cf7a214b4f41a87fd6e4ad\ef76921692b3443f47c5d6a6\#nameC:\Program Files\winantispyware 2007\quaratine.dat\3b2ada9eec1342d0589f2d88\#dataC:\Program Files\winantispyware 2007\quaratine.dat\3b2ada9eec1342d0589f2d88\#internalC:\Program Files\winantispyware 2007\quaratine.dat\3b2ada9eec1342d0589f2d88\#nameC:\Program Files\winantispyware 2007\quaratine.dat\3b2ada9eec1342d0589f2d88\2a73189ad93c448497cc05af\#dataC:\Program Files\winantispyware 2007\quaratine.dat\3b2ada9eec1342d0589f2d88\2a73189ad93c448497cc05af\#internalC:\Program Files\winantispyware 2007\quaratine.dat\3b2ada9eec1342d0589f2d88\2a73189ad93c448497cc05af\#nameC:\Program Files\winantispyware 2007\quaratine.dat\3e6dde0dd0874ce0178f1596\#dataC:\Program Files\winantispyware 2007\quaratine.dat\3e6dde0dd0874ce0178f1596\#internalC:\Program Files\winantispyware 2007\quaratine.dat\3e6dde0dd0874ce0178f1596\#nameC:\Program Files\winantispyware 2007\quaratine.dat\3e6dde0dd0874ce0178f1596\edcd35e3ef95423d2980e992\#dataC:\Program Files\winantispyware 2007\quaratine.dat\3e6dde0dd0874ce0178f1596\edcd35e3ef95423d2980e992\#internalC:\Program Files\winantispyware 2007\quaratine.dat\3e6dde0dd0874ce0178f1596\edcd35e3ef95423d2980e992\#nameC:\Program Files\winantispyware 2007\quaratine.dat\40e687a0802b4856c0b80cb5\#dataC:\Program Files\winantispyware 2007\quaratine.dat\40e687a0802b4856c0b80cb5\#internalC:\Program Files\winantispyware 2007\quaratine.dat\40e687a0802b4856c0b80cb5\#nameC:\Program Files\winantispyware 2007\quaratine.dat\40e687a0802b4856c0b80cb5\13a08b7b45cf4b250beb6e99\#dataC:\Program Files\winantispyware 2007\quaratine.dat\40e687a0802b4856c0b80cb5\13a08b7b45cf4b250beb6e99\#internalC:\Program Files\winantispyware 2007\quaratine.dat\40e687a0802b4856c0b80cb5\13a08b7b45cf4b250beb6e99\#nameC:\Program Files\winantispyware 2007\quaratine.dat\4168843158d74878cc86c8b5\#dataC:\Program Files\winantispyware 2007\quaratine.dat\4168843158d74878cc86c8b5\#internalC:\Program Files\winantispyware 2007\quaratine.dat\4168843158d74878cc86c8b5\#nameC:\Program Files\winantispyware 2007\quaratine.dat\4168843158d74878cc86c8b5\84f25c273f68471d24e22fb5\#dataC:\Program Files\winantispyware 2007\quaratine.dat\4168843158d74878cc86c8b5\84f25c273f68471d24e22fb5\#internalC:\Program Files\winantispyware 2007\quaratine.dat\4168843158d74878cc86c8b5\84f25c273f68471d24e22fb5\#nameC:\Program Files\winantispyware 2007\quaratine.dat\48c3739f7f814002ea2d4e8e\#dataC:\Program Files\winantispyware 2007\quaratine.dat\48c3739f7f814002ea2d4e8e\#internalC:\Program Files\winantispyware 2007\quaratine.dat\48c3739f7f814002ea2d4e8e\#nameC:\Program Files\winantispyware 2007\quaratine.dat\48c3739f7f814002ea2d4e8e\a133e0bc77e24743d3805fb9\#dataC:\Program Files\winantispyware 2007\quaratine.dat\48c3739f7f814002ea2d4e8e\a133e0bc77e24743d3805fb9\#internalC:\Program Files\winantispyware 2007\quaratine.dat\48c3739f7f814002ea2d4e8e\a133e0bc77e24743d3805fb9\#nameC:\Program Files\winantispyware 2007\quaratine.dat\525f9cd6dbf44fe264173cad\#dataC:\Program Files\winantispyware 2007\quaratine.dat\525f9cd6dbf44fe264173cad\#internalC:\Program Files\winantispyware 2007\quaratine.dat\525f9cd6dbf44fe264173cad\#nameC:\Program Files\winantispyware 2007\quaratine.dat\525f9cd6dbf44fe264173cad\e97cde0a312a41be6867f79a\#dataC:\Program Files\winantispyware 2007\quaratine.dat\525f9cd6dbf44fe264173cad\e97cde0a312a41be6867f79a\#internalC:\Program Files\winantispyware 2007\quaratine.dat\525f9cd6dbf44fe264173cad\e97cde0a312a41be6867f79a\#nameC:\Program Files\winantispyware 2007\quaratine.dat\56bc559f9d2e4d7cb57bf99a\#dataC:\Program Files\winantispyware 2007\quaratine.dat\56bc559f9d2e4d7cb57bf99a\#internalC:\Program Files\winantispyware 2007\quaratine.dat\56bc559f9d2e4d7cb57bf99a\#nameC:\Program Files\winantispyware 2007\quaratine.dat\56bc559f9d2e4d7cb57bf99a\12a2693330d1462703d6639b\#dataC:\Program Files\winantispyware 2007\quaratine.dat\56bc559f9d2e4d7cb57bf99a\12a2693330d1462703d6639b\#internalC:\Program Files\winantispyware 2007\quaratine.dat\56bc559f9d2e4d7cb57bf99a\12a2693330d1462703d6639b\#nameC:\Program Files\winantispyware 2007\quaratine.dat\5ded61684e5341e3404f30a7\#dataC:\Program Files\winantispyware 2007\quaratine.dat\5ded61684e5341e3404f30a7\#internalC:\Program Files\winantispyware 2007\quaratine.dat\5ded61684e5341e3404f30a7\#nameC:\Program Files\winantispyware 2007\quaratine.dat\5ded61684e5341e3404f30a7\213f86987e394be25bf4af98\#dataC:\Program Files\winantispyware 2007\quaratine.dat\5ded61684e5341e3404f30a7\213f86987e394be25bf4af98\#internalC:\Program Files\winantispyware 2007\quaratine.dat\5ded61684e5341e3404f30a7\213f86987e394be25bf4af98\#nameC:\Program Files\winantispyware 2007\quaratine.dat\60b59150cc6240c3dfc1ab84\#dataC:\Program Files\winantispyware 2007\quaratine.dat\60b59150cc6240c3dfc1ab84\#internalC:\Program Files\winantispyware 2007\quaratine.dat\60b59150cc6240c3dfc1ab84\#nameC:\Program Files\winantispyware 2007\quaratine.dat\60b59150cc6240c3dfc1ab84\634d7f8d03094e669e298090\#dataC:\Program Files\winantispyware 2007\quaratine.dat\60b59150cc6240c3dfc1ab84\634d7f8d03094e669e298090\#internalC:\Program Files\winantispyware 2007\quaratine.dat\60b59150cc6240c3dfc1ab84\634d7f8d03094e669e298090\#nameC:\Program Files\winantispyware 2007\quaratine.dat\6bed3f9ed11b4b956985a9a3\#dataC:\Program Files\winantispyware 2007\quaratine.dat\6bed3f9ed11b4b956985a9a3\#internalC:\Program Files\winantispyware 2007\quaratine.dat\6bed3f9ed11b4b956985a9a3\#nameC:\Program Files\winantispyware 2007\quaratine.dat\6bed3f9ed11b4b956985a9a3\3830ce25482d446e13f32fa1\#dataC:\Program Files\winantispyware 2007\quaratine.dat\6bed3f9ed11b4b956985a9a3\3830ce25482d446e13f32fa1\#internalC:\Program Files\winantispyware 2007\quaratine.dat\6bed3f9ed11b4b956985a9a3\3830ce25482d446e13f32fa1\#nameC:\Program Files\winantispyware 2007\quaratine.dat\6bed3f9ed11b4b956985a9a3\5d11586ad7b0432187afc283\#dataC:\Program Files\winantispyware 2007\quaratine.dat\6bed3f9ed11b4b956985a9a3\5d11586ad7b0432187afc283\#internalC:\Program Files\winantispyware 2007\quaratine.dat\6bed3f9ed11b4b956985a9a3\5d11586ad7b0432187afc283\#nameC:\Program Files\winantispyware 2007\quaratine.dat\8423251656c54d60bfdfc491\#dataC:\Program Files\winantispyware 2007\quaratine.dat\8423251656c54d60bfdfc491\#internalC:\Program Files\winantispyware 2007\quaratine.dat\8423251656c54d60bfdfc491\#nameC:\Program Files\winantispyware 2007\quaratine.dat\8423251656c54d60bfdfc491\468f2ab2de674c811d836283\#dataC:\Program Files\winantispyware 2007\quaratine.dat\8423251656c54d60bfdfc491\468f2ab2de674c811d836283\#internalC:\Program Files\winantispyware 2007\quaratine.dat\8423251656c54d60bfdfc491\468f2ab2de674c811d836283\#nameC:\Program Files\winantispyware 2007\quaratine.dat\8423251656c54d60bfdfc491\59bee5f6c3394d1a7a9b05b9\#dataC:\Program Files\winantispyware 2007\quaratine.dat\8423251656c54d60bfdfc491\59bee5f6c3394d1a7a9b05b9\#internalC:\Program Files\winantispyware 2007\quaratine.dat\8423251656c54d60bfdfc491\59bee5f6c3394d1a7a9b05b9\#nameC:\Program Files\winantispyware 2007\quaratine.dat\8423251656c54d60bfdfc491\d121dba839794131193bde8b\#dataC:\Program Files\winantispyware 2007\quaratine.dat\8423251656c54d60bfdfc491\d121dba839794131193bde8b\#internalC:\Program Files\winantispyware 2007\quaratine.dat\8423251656c54d60bfdfc491\d121dba839794131193bde8b\#nameC:\Program Files\winantispyware 2007\quaratine.dat\8566cf0edb7c4efb5524cd8e\#dataC:\Program Files\winantispyware 2007\quaratine.dat\8566cf0edb7c4efb5524cd8e\#internalC:\Program Files\winantispyware 2007\quaratine.dat\8566cf0edb7c4efb5524cd8e\#nameC:\Program Files\winantispyware 2007\quaratine.dat\8566cf0edb7c4efb5524cd8e\4d58ce1e37a74083bfdc488c\#dataC:\Program Files\winantispyware 2007\quaratine.dat\8566cf0edb7c4efb5524cd8e\4d58ce1e37a74083bfdc488c\#internalC:\Program Files\winantispyware 2007\quaratine.dat\8566cf0edb7c4efb5524cd8e\4d58ce1e37a74083bfdc488c\#nameC:\Program Files\winantispyware 2007\quaratine.dat\8566cf0edb7c4efb5524cd8e\e750853e730c443864b9d0a2\#dataC:\Program Files\winantispyware 2007\quaratine.dat\8566cf0edb7c4efb5524cd8e\e750853e730c443864b9d0a2\#internalC:\Program Files\winantispyware 2007\quaratine.dat\8566cf0edb7c4efb5524cd8e\e750853e730c443864b9d0a2\#nameC:\Program Files\winantispyware 2007\quaratine.dat\87665f0658a94c7e944bd2a3\#dataC:\Program Files\winantispyware 2007\quaratine.dat\87665f0658a94c7e944bd2a3\#internalC:\Program Files\winantispyware 2007\quaratine.dat\87665f0658a94c7e944bd2a3\#nameC:\Program Files\winantispyware 2007\quaratine.dat\87665f0658a94c7e944bd2a3\505a7d4543394cbc71332aac\#dataC:\Program Files\winantispyware 2007\quaratine.dat\87665f0658a94c7e944bd2a3\505a7d4543394cbc71332aac\#internalC:\Program Files\winantispyware 2007\quaratine.dat\87665f0658a94c7e944bd2a3\505a7d4543394cbc71332aac\#nameC:\Program Files\winantispyware 2007\quaratine.dat\89bb9df06a9848ef18ea02ba\#dataC:\Program Files\winantispyware 2007\quaratine.dat\89bb9df06a9848ef18ea02ba\#internalC:\Program Files\winantispyware 2007\quaratine.dat\89bb9df06a9848ef18ea02ba\#nameC:\Program Files\winantispyware 2007\quaratine.dat\89bb9df06a9848ef18ea02ba\160477d29e0044d4e63be9b2\#dataC:\Program Files\winantispyware 2007\quaratine.dat\89bb9df06a9848ef18ea02ba\160477d29e0044d4e63be9b2\#internalC:\Program Files\winantispyware 2007\quaratine.dat\89bb9df06a9848ef18ea02ba\160477d29e0044d4e63be9b2\#nameC:\Program Files\winantispyware 2007\quaratine.dat\89bb9df06a9848ef18ea02ba\3f27505eef2e43158526c68b\#dataC:\Program Files\winantispyware 2007\quaratine.dat\89bb9df06a9848ef18ea02ba\3f27505eef2e43158526c68b\#internalC:\Program Files\winantispyware 2007\quaratine.dat\89bb9df06a9848ef18ea02ba\3f27505eef2e43158526c68b\#nameC:\Program Files\winantispyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\#dataC:\Program Files\winantispyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\#internalC:\Program Files\winantispyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\#nameC:\Program Files\winantispyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\162e7dc7917b41061e202083\#dataC:\Program Files\winantispyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\162e7dc7917b41061e202083\#internalC:\Program Files\winantispyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\162e7dc7917b41061e202083\#nameC:\Program Files\winantispyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\aa208c714fd34ef491b46095\#dataC:\Program Files\winantispyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\aa208c714fd34ef491b46095\#internalC:\Program Files\winantispyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\aa208c714fd34ef491b46095\#nameC:\Program Files\winantispyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\c8dafeb6df9d47845ba792bf\#dataC:\Program Files\winantispyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\c8dafeb6df9d47845ba792bf\#internalC:\Program Files\winantispyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\c8dafeb6df9d47845ba792bf\#nameC:\Program Files\winantispyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\f90641db5d4b4012ef956997\#dataC:\Program Files\winantispyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\f90641db5d4b4012ef956997\#internalC:\Program Files\winantispyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\f90641db5d4b4012ef956997\#nameC:\Program Files\winantispyware 2007\quaratine.dat\909e87e9532340e45a296390\#dataC:\Program Files\winantispyware 2007\quaratine.dat\909e87e9532340e45a296390\#internalC:\Program Files\winantispyware 2007\quaratine.dat\909e87e9532340e45a296390\#nameC:\Program Files\winantispyware 2007\quaratine.dat\909e87e9532340e45a296390\32c63eeb92a84ddb372bcfab\#dataC:\Program Files\winantispyware 2007\quaratine.dat\909e87e9532340e45a296390\32c63eeb92a84ddb372bcfab\#internalC:\Program Files\winantispyware 2007\quaratine.dat\909e87e9532340e45a296390\32c63eeb92a84ddb372bcfab\#nameC:\Program Files\winantispyware 2007\quaratine.dat\92c6a26e2bbd4900ad589285\#dataC:\Program Files\winantispyware 2007\quaratine.dat\92c6a26e2bbd4900ad589285\#internalC:\Program Files\winantispyware 2007\quaratine.dat\92c6a26e2bbd4900ad589285\#nameC:\Program Files\winantispyware 2007\quaratine.dat\92c6a26e2bbd4900ad589285\28f4b73f67f44efe39a70d85\#dataC:\Program Files\winantispyware 2007\quaratine.dat\92c6a26e2bbd4900ad589285\28f4b73f67f44efe39a70d85\#internalC:\Program Files\winantispyware 2007\quaratine.dat\92c6a26e2bbd4900ad589285\28f4b73f67f44efe39a70d85\#nameC:\Program Files\winantispyware 2007\quaratine.dat\ab0e68665aa0489eaf4098a5\#dataC:\Program Files\winantispyware 2007\quaratine.dat\ab0e68665aa0489eaf4098a5\#internalC:\Program Files\winantispyware 2007\quaratine.dat\ab0e68665aa0489eaf4098a5\#nameC:\Program Files\winantispyware 2007\quaratine.dat\ab0e68665aa0489eaf4098a5\ddfd43ae80f34ccb2d4c848e\#dataC:\Program Files\winantispyware 2007\quaratine.dat\ab0e68665aa0489eaf4098a5\ddfd43ae80f34ccb2d4c848e\#internalC:\Program Files\winantispyware 2007\quaratine.dat\ab0e68665aa0489eaf4098a5\ddfd43ae80f34ccb2d4c848e\#nameC:\Program Files\winantispyware 2007\quaratine.dat\aef0ce140e9842325e19689d\#dataC:\Program Files\winantispyware 2007\quaratine.dat\aef0ce140e9842325e19689d\#internalC:\Program Files\winantispyware 2007\quaratine.dat\aef0ce140e9842325e19689d\#nameC:\Program Files\winantispyware 2007\quaratine.dat\aef0ce140e9842325e19689d\659e449b8096497366a0fcaa\#dataC:\Program Files\winantispyware 2007\quaratine.dat\aef0ce140e9842325e19689d\659e449b8096497366a0fcaa\#internalC:\Program Files\winantispyware 2007\quaratine.dat\aef0ce140e9842325e19689d\659e449b8096497366a0fcaa\#nameC:\Program Files\winantispyware 2007\quaratine.dat\affcc10a4a2a47fe2ed3c68d\#dataC:\Program Files\winantispyware 2007\quaratine.dat\affcc10a4a2a47fe2ed3c68d\#internalC:\Program Files\winantispyware 2007\quaratine.dat\affcc10a4a2a47fe2ed3c68d\#nameC:\Program Files\winantispyware 2007\quaratine.dat\affcc10a4a2a47fe2ed3c68d\183171ed04b94a071ec688a0\#dataC:\Program Files\winantispyware 2007\quaratine.dat\affcc10a4a2a47fe2ed3c68d\183171ed04b94a071ec688a0\#internalC:\Program Files\winantispyware 2007\quaratine.dat\affcc10a4a2a47fe2ed3c68d\183171ed04b94a071ec688a0\#nameC:\Program Files\winantispyware 2007\quaratine.dat\affcc10a4a2a47fe2ed3c68d\3e91c9517a854ad0e7e9f0a4\#dataC:\Program Files\winantispyware 2007\quaratine.dat\affcc10a4a2a47fe2ed3c68d\3e91c9517a854ad0e7e9f0a4\#internalC:\Program Files\winantispyware 2007\quaratine.dat\affcc10a4a2a47fe2ed3c68d\3e91c9517a854ad0e7e9f0a4\#nameC:\Program Files\winantispyware 2007\quaratine.dat\b779aa566163433b0d0ac198\#dataC:\Program Files\winantispyware 2007\quaratine.dat\b779aa566163433b0d0ac198\#internalC:\Program Files\winantispyware 2007\quaratine.dat\b779aa566163433b0d0ac198\#nameC:\Program Files\winantispyware 2007\quaratine.dat\b779aa566163433b0d0ac198\2edd93dd10bd4b53a0bc8385\#dataC:\Program Files\winantispyware 2007\quaratine.dat\b779aa566163433b0d0ac198\2edd93dd10bd4b53a0bc8385\#internalC:\Program Files\winantispyware 2007\quaratine.dat\b779aa566163433b0d0ac198\2edd93dd10bd4b53a0bc8385\#nameC:\Program Files\winantispyware 2007\quaratine.dat\b8bf00188acf42e004bd3c98\#dataC:\Program Files\winantispyware 2007\quaratine.dat\b8bf00188acf42e004bd3c98\#internalC:\Program Files\winantispyware 2007\quaratine.dat\b8bf00188acf42e004bd3c98\#nameC:\Program Files\winantispyware 2007\quaratine.dat\b8bf00188acf42e004bd3c98\f54131e760534353908ddbbd\#dataC:\Program Files\winantispyware 2007\quaratine.dat\b8bf00188acf42e004bd3c98\f54131e760534353908ddbbd\#internalC:\Program Files\winantispyware 2007\quaratine.dat\b8bf00188acf42e004bd3c98\f54131e760534353908ddbbd\#nameC:\Program Files\winantispyware 2007\quaratine.dat\b94938d9a5b54daef14d82b9\#dataC:\Program Files\winantispyware 2007\quaratine.dat\b94938d9a5b54daef14d82b9\#internalC:\Program Files\winantispyware 2007\quaratine.dat\b94938d9a5b54daef14d82b9\#nameC:\Program Files\winantispyware 2007\quaratine.dat\b94938d9a5b54daef14d82b9\84f798977798414f37e6ecad\#dataC:\Program Files\winantispyware 2007\quaratine.dat\b94938d9a5b54daef14d82b9\84f798977798414f37e6ecad\#internalC:\Program Files\winantispyware 2007\quaratine.dat\b94938d9a5b54daef14d82b9\84f798977798414f37e6ecad\#nameC:\Program Files\winantispyware 2007\quaratine.dat\b9a5ef1d3c624e7603c4fbb6\#dataC:\Program Files\winantispyware 2007\quaratine.dat\b9a5ef1d3c624e7603c4fbb6\#internalC:\Program Files\winantispyware 2007\quaratine.dat\b9a5ef1d3c624e7603c4fbb6\#nameC:\Program Files\winantispyware 2007\quaratine.dat\b9a5ef1d3c624e7603c4fbb6\11c113fcc53e4581c57b1583\#dataC:\Program Files\winantispyware 2007\quaratine.dat\b9a5ef1d3c624e7603c4fbb6\11c113fcc53e4581c57b1583\#internalC:\Program Files\winantispyware 2007\quaratine.dat\b9a5ef1d3c624e7603c4fbb6\11c113fcc53e4581c57b1583\#nameC:\Program Files\winantispyware 2007\quaratine.dat\bc810fd532654c35dd327ead\#dataC:\Program Files\winantispyware 2007\quaratine.dat\bc810fd532654c35dd327ead\#internalC:\Program Files\winantispyware 2007\quaratine.dat\bc810fd532654c35dd327ead\#nameC:\Program Files\winantispyware 2007\quaratine.dat\bc810fd532654c35dd327ead\771bdc1bc9434127ecaacc91\#dataC:\Program Files\winantispyware 2007\quaratine.dat\bc810fd532654c35dd327ead\771bdc1bc9434127ecaacc91\#internalC:\Program Files\winantispyware 2007\quaratine.dat\bc810fd532654c35dd327ead\771bdc1bc9434127ecaacc91\#nameC:\Program Files\winantispyware 2007\quaratine.dat\c6769604b0d44b37a0136280\#dataC:\Program Files\winantispyware 2007\quaratine.dat\c6769604b0d44b37a0136280\#internalC:\Program Files\winantispyware 2007\quaratine.dat\c6769604b0d44b37a0136280\#nameC:\Program Files\winantispyware 2007\quaratine.dat\c6769604b0d44b37a0136280\ec1d164d67e643ee0f1272a0\#dataC:\Program Files\winantispyware 2007\quaratine.dat\c6769604b0d44b37a0136280\ec1d164d67e643ee0f1272a0\#internalC:\Program Files\winantispyware 2007\quaratine.dat\c6769604b0d44b37a0136280\ec1d164d67e643ee0f1272a0\#nameC:\Program Files\winantispyware 2007\quaratine.dat\cd309bc5839841913d4718b3\#dataC:\Program Files\winantispyware 2007\quaratine.dat\cd309bc5839841913d4718b3\#internalC:\Program Files\winantispyware 2007\quaratine.dat\cd309bc5839841913d4718b3\#nameC:\Program Files\winantispyware 2007\quaratine.dat\cd309bc5839841913d4718b3\5e8a1e8f5e974f87fab6a58a\#dataC:\Program Files\winantispyware 2007\quaratine.dat\cd309bc5839841913d4718b3\5e8a1e8f5e974f87fab6a58a\#internalC:\Program Files\winantispyware 2007\quaratine.dat\cd309bc5839841913d4718b3\5e8a1e8f5e974f87fab6a58a\#nameC:\Program Files\winantispyware 2007\quaratine.dat\d526f0610ad745e34811fb8c\#dataC:\Program Files\winantispyware 2007\quaratine.dat\d526f0610ad745e34811fb8c\#internalC:\Program Files\winantispyware 2007\quaratine.dat\d526f0610ad745e34811fb8c\#nameC:\Program Files\winantispyware 2007\quaratine.dat\d526f0610ad745e34811fb8c\1e3fc517706b41182584aeb1\#dataC:\Program Files\winantispyware 2007\quaratine.dat\d526f0610ad745e34811fb8c\1e3fc517706b41182584aeb1\#internalC:\Program Files\winantispyware 2007\quaratine.dat\d526f0610ad745e34811fb8c\1e3fc517706b41182584aeb1\#nameC:\Program Files\winantispyware 2007\quaratine.dat\d526f0610ad745e34811fb8c\3e3e1f4a49d5496f65a20d8e\#dataC:\Program Files\winantispyware 2007\quaratine.dat\d526f0610ad745e34811fb8c\3e3e1f4a49d5496f65a20d8e\#internalC:\Program Files\winantispyware 2007\quaratine.dat\d526f0610ad745e34811fb8c\3e3e1f4a49d5496f65a20d8e\#nameC:\Program Files\winantispyware 2007\quaratine.dat\d526f0610ad745e34811fb8c\b38e61aa44f54772c1eea385\#dataC:\Program Files\winantispyware 2007\quaratine.dat\d526f0610ad745e34811fb8c\b38e61aa44f54772c1eea385\#internalC:\Program Files\winantispyware 2007\quaratine.dat\d526f0610ad745e34811fb8c\b38e61aa44f54772c1eea385\#nameC:\Program Files\winantispyware 2007\quaratine.dat\d526f0610ad745e34811fb8c\e39f0c616fd042904ee5aa95\#dataC:\Program Files\winantispyware 2007\quaratine.dat\d526f0610ad745e34811fb8c\e39f0c616fd042904ee5aa95\#internalC:\Program Files\winantispyware 2007\quaratine.dat\d526f0610ad745e34811fb8c\e39f0c616fd042904ee5aa95\#nameC:\Program Files\winantispyware 2007\quaratine.dat\dba2f206c9264ef3e823b6ad\#dataC:\Program Files\winantispyware 2007\quaratine.dat\dba2f206c9264ef3e823b6ad\#internalC:\Program Files\winantispyware 2007\quaratine.dat\dba2f206c9264ef3e823b6ad\#nameC:\Program Files\winantispyware 2007\quaratine.dat\dba2f206c9264ef3e823b6ad\3b245366a5644662bb97b59b\#dataC:\Program Files\winantispyware 2007\quaratine.dat\dba2f206c9264ef3e823b6ad\3b245366a5644662bb97b59b\#internalC:\Program Files\winantispyware 2007\quaratine.dat\dba2f206c9264ef3e823b6ad\3b245366a5644662bb97b59b\#nameC:\Program Files\winantispyware 2007\quaratine.dat\dcc446db349044f3795a7d94\#dataC:\Program Files\winantispyware 2007\quaratine.dat\dcc446db349044f3795a7d94\#internalC:\Program Files\winantispyware 2007\quaratine.dat\dcc446db349044f3795a7d94\#nameC:\Program Files\winantispyware 2007\quaratine.dat\dcc446db349044f3795a7d94\6b3d9267802a4b3138bb3b8d\#dataC:\Program Files\winantispyware 2007\quaratine.dat\dcc446db349044f3795a7d94\6b3d9267802a4b3138bb3b8d\#internalC:\Program Files\winantispyware 2007\quaratine.dat\dcc446db349044f3795a7d94\6b3d9267802a4b3138bb3b8d\#nameC:\Program Files\winantispyware 2007\quaratine.dat\dcc446db349044f3795a7d94\c1b5726630fb489109b1478d\#dataC:\Program Files\winantispyware 2007\quaratine.dat\dcc446db349044f3795a7d94\c1b5726630fb489109b1478d\#internalC:\Program Files\winantispyware 2007\quaratine.dat\dcc446db349044f3795a7d94\c1b5726630fb489109b1478d\#nameC:\Program Files\winantispyware 2007\quaratine.dat\e04a219107f74d57295a7e9f\#dataC:\Program Files\winantispyware 2007\quaratine.dat\e04a219107f74d57295a7e9f\#internalC:\Program Files\winantispyware 2007\quaratine.dat\e04a219107f74d57295a7e9f\#nameC:\Program Files\winantispyware 2007\quaratine.dat\e04a219107f74d57295a7e9f\3589e0c778c4415693c83591\#dataC:\Program Files\winantispyware 2007\quaratine.dat\e04a219107f74d57295a7e9f\3589e0c778c4415693c83591\#internalC:\Program Files\winantispyware 2007\quaratine.dat\e04a219107f74d57295a7e9f\3589e0c778c4415693c83591\#nameC:\Program Files\winantispyware 2007\quaratine.dat\e3ab96e53bbc4f91ba214580\#dataC:\Program Files\winantispyware 2007\quaratine.dat\e3ab96e53bbc4f91ba214580\#internalC:\Program Files\winantispyware 2007\quaratine.dat\e3ab96e53bbc4f91ba214580\#nameC:\Program Files\winantispyware 2007\quaratine.dat\e3ab96e53bbc4f91ba214580\9b4e52813f88477464168a8e\#dataC:\Program Files\winantispyware 2007\quaratine.dat\e3ab96e53bbc4f91ba214580\9b4e52813f88477464168a8e\#internalC:\Program Files\winantispyware 2007\quaratine.dat\e3ab96e53bbc4f91ba214580\9b4e52813f88477464168a8e\#nameC:\Program Files\winantispyware 2007\quaratine.dat\e3ab96e53bbc4f91ba214580\c74d037c22e242c26b2a238a\#dataC:\Program Files\winantispyware 2007\quaratine.dat\e3ab96e53bbc4f91ba214580\c74d037c22e242c26b2a238a\#internalC:\Program Files\winantispyware 2007\quaratine.dat\e3ab96e53bbc4f91ba214580\c74d037c22e242c26b2a238a\#nameC:\Program Files\winantispyware 2007\quaratine.dat\edb806fa0915471d538f319f\#dataC:\Program Files\winantispyware 2007\quaratine.dat\edb806fa0915471d538f319f\#internalC:\Program Files\winantispyware 2007\quaratine.dat\edb806fa0915471d538f319f\#nameC:\Program Files\winantispyware 2007\quaratine.dat\edb806fa0915471d538f319f\fa9b0209b6ba4ceff894edbb\#dataC:\Program Files\winantispyware 2007\quaratine.dat\edb806fa0915471d538f319f\fa9b0209b6ba4ceff894edbb\#internalC:\Program Files\winantispyware 2007\quaratine.dat\edb806fa0915471d538f319f\fa9b0209b6ba4ceff894edbb\#nameC:\Program Files\winantispyware 2007\quaratine.dat\ede25b3a5a4b49da0ca5f5a7\#dataC:\Program Files\winantispyware 2007\quaratine.dat\ede25b3a5a4b49da0ca5f5a7\#internalC:\Program Files\winantispyware 2007\quaratine.dat\ede25b3a5a4b49da0ca5f5a7\#nameC:\Program Files\winantispyware 2007\quaratine.dat\ede25b3a5a4b49da0ca5f5a7\cf74798e6c4749350a292f98\#dataC:\Program Files\winantispyware 2007\quaratine.dat\ede25b3a5a4b49da0ca5f5a7\cf74798e6c4749350a292f98\#internalC:\Program Files\winantispyware 2007\quaratine.dat\ede25b3a5a4b49da0ca5f5a7\cf74798e6c4749350a292f98\#nameC:\Program Files\winantispyware 2007\quaratine.dat\f0de268f741a477dd0b37699\#dataC:\Program Files\winantispyware 2007\quaratine.dat\f0de268f741a477dd0b37699\#internalC:\Program Files\winantispyware 2007\quaratine.dat\f0de268f741a477dd0b37699\#nameC:\Program Files\winantispyware 2007\quaratine.dat\f0de268f741a477dd0b37699\266629e407d74dd7a878aead\#dataC:\Program Files\winantispyware 2007\quaratine.dat\f0de268f741a477dd0b37699\266629e407d74dd7a878aead\#internalC:\Program Files\winantispyware 2007\quaratine.dat\f0de268f741a477dd0b37699\266629e407d74dd7a878aead\#nameC:\Program Files\winantispyware 2007\quaratine.dat\f20a8a8d02b24d19139499ac\#dataC:\Program Files\winantispyware 2007\quaratine.dat\f20a8a8d02b24d19139499ac\#internalC:\Program Files\winantispyware 2007\quaratine.dat\f20a8a8d02b24d19139499ac\#nameC:\Program Files\winantispyware 2007\quaratine.dat\f20a8a8d02b24d19139499ac\efeae3a461bd4561e4f469b8\#dataC:\Program Files\winantispyware 2007\quaratine.dat\f20a8a8d02b24d19139499ac\efeae3a461bd4561e4f469b8\#internalC:\Program Files\winantispyware 2007\quaratine.dat\f20a8a8d02b24d19139499ac\efeae3a461bd4561e4f469b8\#nameC:\Program Files\winantispyware 2007\quaratine.dat\f378d3fb27b34650e1174aa4\#dataC:\Program Files\winantispyware 2007\quaratine.dat\f378d3fb27b34650e1174aa4\#internalC:\Program Files\winantispyware 2007\quaratine.dat\f378d3fb27b34650e1174aa4\#nameC:\Program Files\winantispyware 2007\quaratine.dat\f378d3fb27b34650e1174aa499e1e2ec3134eb99ce3e88f\#dataC:\Program Files\winantispyware 2007\quaratine.dat\f378d3fb27b34650e1174aa499e1e2ec3134eb99ce3e88f\#internalC:\Program Files\winantispyware 2007\quaratine.dat\f378d3fb27b34650e1174aa499e1e2ec3134eb99ce3e88f\#nameC:\Program Files\winantispyware 2007\quaratine.dat\f378d3fb27b34650e1174aa4\2851bdf800bb4754909456a6\#dataC:\Program Files\winantispyware 2007\quaratine.dat\f378d3fb27b34650e1174aa4\2851bdf800bb4754909456a6\#internalC:\Program Files\winantispyware 2007\quaratine.dat\f378d3fb27b34650e1174aa4\2851bdf800bb4754909456a6\#nameC:\Program Files\winantispyware 2007\readme.rtfC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\39febafd790b4730df8f599d\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\39febafd790b4730df8f599d6994906803c4dc9437973be\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\39febafd790b4730df8f599d6994906803c4dc9437973be\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\39febafd790b4730df8f599d6994906803c4dc9437973be\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\39febafd790b4730df8f599d\5c446b13717d4d9231edcfb3\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\39febafd790b4730df8f599d\5c446b13717d4d9231edcfb3\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\39febafd790b4730df8f599d\5c446b13717d4d9231edcfb3\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\39febafd790b4730df8f599d\f20c5ccf5b834d249200909a\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\39febafd790b4730df8f599d\f20c5ccf5b834d249200909a\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\39febafd790b4730df8f599d\f20c5ccf5b834d249200909a\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\6124aef993a449677b9152bf\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\6124aef993a449677b9152bf4a18115814a4a6119e30a99\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\6124aef993a449677b9152bf4a18115814a4a6119e30a99\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\6124aef993a449677b9152bf4a18115814a4a6119e30a99\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\6124aef993a449677b9152bf\8ac7479dbcb5400f544a3c96\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\6124aef993a449677b9152bf\8ac7479dbcb5400f544a3c96\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\6124aef993a449677b9152bf\8ac7479dbcb5400f544a3c96\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\6124aef993a449677b9152bf\faeadef365af4903775ccabe\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\6124aef993a449677b9152bf\faeadef365af4903775ccabe\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\6124aef993a449677b9152bf\faeadef365af4903775ccabe\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985564fc8587af4ffc60b5a198\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985564fc8587af4ffc60b5a198\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985564fc8587af4ffc60b5a198\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985564fc8587af4ffc60b5a198\AdministratorC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba9856edba9c1a2549c59c364fa4\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba9856edba9c1a2549c59c364fa4\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba9856edba9c1a2549c59c364fa4\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba9856edba9c1a2549c59c364fa4\AdministratorC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985706cc06c9d947e0607282b7\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985706cc06c9d947e0607282b7\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985706cc06c9d947e0607282b7\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985e5664119a7143bf5f11be83\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985e5664119a7143bf5f11be83\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985e5664119a7143bf5f11be83\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\15b8a69d17b645f9d6bfba96\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\15b8a69d17b645f9d6bfba96\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\15b8a69d17b645f9d6bfba96\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\1692854942d34dc79b63598e\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\1692854942d34dc79b63598e\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\1692854942d34dc79b63598e\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\1885fd8509714f7d0e35bea7\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\1885fd8509714f7d0e35bea7\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\1885fd8509714f7d0e35bea7\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\18863d6236e24a22470013ae\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\18863d6236e24a22470013ae\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\18863d6236e24a22470013ae\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\1c68fded549a41bd02847a8a\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\1c68fded549a41bd02847a8a\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\1c68fded549a41bd02847a8a\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\1c68fded549a41bd02847a8a\AdministratorC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\1e67857c47d14f66f5326bb0\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\1e67857c47d14f66f5326bb0\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\1e67857c47d14f66f5326bb0\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\22e330178db0423fe09de096\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\22e330178db0423fe09de096\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\22e330178db0423fe09de096\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\27f4e75b61fe4da5a8cb7094\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\27f4e75b61fe4da5a8cb7094\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\27f4e75b61fe4da5a8cb7094\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\29ae6601b03f45596a1b2f81\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\29ae6601b03f45596a1b2f81\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\29ae6601b03f45596a1b2f81\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\29ae6601b03f45596a1b2f81\AdministratorC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\2ff4d593739f45b8902b31bb\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\2ff4d593739f45b8902b31bb\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\2ff4d593739f45b8902b31bb\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\2ff4d593739f45b8902b31bb\AdministratorC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\304c2aaa26bf4839b09d0b92\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\304c2aaa26bf4839b09d0b92\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\304c2aaa26bf4839b09d0b92\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\30fd866a85bb483c6b9eeaa1\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\30fd866a85bb483c6b9eeaa1\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\30fd866a85bb483c6b9eeaa1\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\37930d1ed3bf41259413caa4\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\37930d1ed3bf41259413caa4\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\37930d1ed3bf41259413caa4\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\4171218f291b4262f4c5e784\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\4171218f291b4262f4c5e784\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\4171218f291b4262f4c5e784\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\4171218f291b4262f4c5e784\AdministratorC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\487e697f54ef4b5ff46192bf\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\487e697f54ef4b5ff46192bf\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\487e697f54ef4b5ff46192bf\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\487e697f54ef4b5ff46192bf\AdministratorC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\50521d6402954d696c02a28f\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\50521d6402954d696c02a28f\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\50521d6402954d696c02a28f\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\50521d6402954d696c02a28f\AdministratorC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\512ed29513524eea92e8bcac\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\512ed29513524eea92e8bcac\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\512ed29513524eea92e8bcac\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\512ed29513524eea92e8bcac\AdministratorC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\567a5b4c0a3a4892581755a6\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\567a5b4c0a3a4892581755a6\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\567a5b4c0a3a4892581755a6\#nameC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\576aa5d0eace40a596eaf99d\#dataC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\576aa5d0eace40a596eaf99d\#internalC:\Program Files\winantispyware 2007\RTMonitor.dat\4044d739f64e46eb4175a58b\8d2a24ccea7a4186a54ba985\576aa5d0ea

guestolo · « **Reply #3 on:** September 04, 2007, 11:03:38 AM »

Combofix took care of quite a bit, but we're not quite done yet

Can you do the following
1... Access your add/remove programs and remove Spywarebot
if found, DO NOT confuse this with Spybot if installed

2...Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")

3... Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work

Quote

File::
C:\WINDOWS\System32\sstqp.dll
C:\Program Files\Online Services\hosycasyn22011.exe
C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\Rtte57.sys
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.bak1

Folder::
C:\Program Files\SpywareBot
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0AB2A8C3-7367-4047-F89E-1F051F4912AC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A645AD3-77E0-4868-B8F6-3EFDDD16DB2F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFB3A151-12CE-6E63-E855-39761F1C50C2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hosycasyn"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rsoc"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyaxw]

DirLook::
C:\WINDOWS\system32\IBD4
C:\WINDOWS\system32\drvfig32
C:\WINDOWS\YWE
C:\Temp

Save this as txtfile
CFScript

Take note the pic above
Drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt..
I will need to see this log again later

4... Can you temporarily disable Avast's protection so it won't interfere with the next scanner
Right click the Avast icon by the clock
Expand "Pause Provider"
Select "Standard Shield"

5...Using browser Internet Explorer
Run an online virus scan at [color=\"#2E8B57\"]Kaspersky's[/color]
At the link click the button Kaspersky Online Scanner
Accept the prompt at the Welcome screen
You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now under select a target to scan:

Select My Computer

This program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.

***Now click on the Save as Text button:

Save the file to your desktop. I will need to see it later

This scan won't take near as long as Kaspersky's
6...Download and save too your desktop
[color=\"#FF0000\"]fsbl.exe[/color]
(F-Secure Blacklight)

Double click to run fsbl.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log

BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".

7... After Kaspersky's scan and Blacklight are finished
Right click the Avast icon by the clock
Expand "Resume Provider"
Select "Standard Shield"

Post back all the following please, even if it takes more than one reply to do so

1. Post the log from Blacklight
2. Post the log from Combofix>>C:\Combofix.txt
3. Post the report from Kaspersky's
4. Post a fresh hijackthis log

ummzee · « **Reply #4 on:** September 04, 2007, 02:39:06 PM »

[quote name=\'guestolo\' post=\'384926\' date=\'Sep 4 2007, 10:03 AM\']Combofix took care of quite a bit, but we're not quite done yet

Can you do the following
1... Access your add/remove programs and remove Spywarebot
if found, DO NOT confuse this with Spybot if installed

2...Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")

3... Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work
Save this as txtfile
CFScript

Take note the pic above
Drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt..
I will need to see this log again later

4... Can you temporarily disable Avast's protection so it won't interfere with the next scanner
Right click the Avast icon by the clock
Expand "Pause Provider"
Select "Standard Shield"

5...Using browser Internet Explorer
Run an online virus scan at [color=\"#2E8B57\"]Kaspersky's[/color]
At the link click the button Kaspersky Online Scanner
Accept the prompt at the Welcome screen
You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now under select a target to scan:

Select My Computer

This program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.

***Now click on the Save as Text button:

Save the file to your desktop. I will need to see it later

This scan won't take near as long as Kaspersky's
6...Download and save too your desktop
[color=\"#FF0000\"]fsbl.exe[/color]
(F-Secure Blacklight)

Double click to run fsbl.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log

BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".

7... After Kaspersky's scan and Blacklight are finished
Right click the Avast icon by the clock
Expand "Resume Provider"
Select "Standard Shield"

Post back all the following please, even if it takes more than one reply to do so

1. Post the log from Blacklight
2. Post the log from Combofix>>C:\Combofix.txt
3. Post the report from Kaspersky's
4. Post a fresh hijackthis log[/quote]

Hello,

I got as far as the virus scan at Kaspersky's however, there is a file that is needed by the program (I attached a screen shot of the request (word document)). The needed file is: "002E08D9.key"

How do you want me to proceed?

Fatima

guestolo · « **Reply #5 on:** September 04, 2007, 02:51:08 PM »

Just carry on with the remaining instructions, we'll try an alternative later if you can't get Kaspersky to load
Post back all other logs

ummzee · « **Reply #6 on:** September 04, 2007, 03:12:01 PM »

[quote name=\'guestolo\' post=\'385006\' date=\'Sep 4 2007, 01:51 PM\']Just carry on with the remaining instructions, we'll try an alternative later if you can't get Kaspersky to load
Post back all other logs[/quote]

ummzee · « **Reply #7 on:** September 04, 2007, 03:17:22 PM »

there were no hidden files found by fsbl

ComboFix 07-08-30.3 - "Administrator" 2007-09-04 15:10:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.309 [GMT -4:00]
* Created a new restore point

FILE::
C:\WINDOWS\System32\sstqp.dll
C:\Program Files\Online Services\hosycasyn22011.exe
C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\Rtte57.sys
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.bak1

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\Log\2007 Aug 27 - 07_10_14 PM_031.log
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\Log\2007 Aug 27 - 07_10_16 PM_562.log
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\Log\2007 Aug 27 - 07_13_15 PM_421.log
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\Log\2007 Aug 28 - 01_05_25 AM_578.log
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\Log\2007 Aug 28 - 01_05_45 AM_031.log
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\Log\2007 Aug 28 - 05_27_12 PM_812.log
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\Log\2007 Aug 28 - 12_36_31 AM_750.log
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\Log\2007 Aug 28 - 12_37_18 AM_968.log
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\Log\2007 Aug 28 - 12_40_30 AM_875.log
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\rs.dat
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\Settings\CustomScan.stg
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\Settings\IgnoreList.stg
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\Settings\ScanInfo.stg
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\Settings\ScanResults.stg
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\Settings\SelectedFolders.stg
C:\DOCUME~1\ADMINI~1\APPLIC~1\SpywareBot\Settings\Settings.stg
C:\Program Files\SpywareBot
C:\Program Files\SpywareBot\Log\2007 Aug 27 - 07_10_23 PM.log
C:\Program Files\SpywareBot\Log\2007 Aug 28 - 01_05_47 AM.log
C:\Program Files\SpywareBot\Log\2007 Aug 28 - 12_37_24 AM.log
C:\WINDOWS\system32\drivers\Rtte57.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job

((((((((((((((((((((((((( Files Created from 2007-08-04 to 2007-09-04 )))))))))))))))))))))))))))))))

2007-09-04 07:26   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-09-03 23:05   <DIR>   d--------   C:\Program Files\Trend Micro
2007-09-03 21:26   95,608   --a------   C:\WINDOWS\system32\AvastSS.scr
2007-09-03 21:26   94,416   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-03 21:26   92,848   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-03 21:26   783,224   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-09-03 21:26   42,912   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-03 21:26   26,624   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-03 21:26   23,152   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-03 21:25   <DIR>   d--------   C:\Program Files\Alwil Software
2007-09-02 08:50   23,040   -----c---   C:\WINDOWS\system32\dllcache\fltmc.exe
2007-09-02 08:50   16,896   -----c---   C:\WINDOWS\system32\dllcache\fltlib.dll
2007-09-02 08:50   128,896   -----c---   C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-09-01 10:56   <DIR>   d--------   C:\WINDOWS\provisioning
2007-09-01 10:56   <DIR>   d--------   C:\WINDOWS\peernet
2007-09-01 10:53   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2007-09-01 10:45   <DIR>   d--------   C:\WINDOWS\EHome
2007-08-31 18:24   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\TrojanHunter
2007-08-31 18:09   <DIR>   d--------   C:\Program Files\TrojanHunter 4.7
2007-08-31 17:10   10,872   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-31 16:58   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-08-31 16:31   4,569   --a------   C:\WINDOWS\system32\secupd.dat
2007-08-31 16:31   11,776   --a------   C:\WINDOWS\system32\spnpinst.exe
2007-08-31 15:48   6,550   --a------   C:\WINDOWS\jautoexp.dat
2007-08-31 15:48   46,352   --a------   C:\WINDOWS\setdebug.exe
2007-08-31 15:48   113   --a------   C:\WINDOWS\system32\zonedon.reg
2007-08-31 15:48   113   --a------   C:\WINDOWS\system32\zonedoff.reg
2007-08-31 15:42   <DIR>   d--------   C:\WINDOWS\LastGood(2)
2007-08-31 15:21   614,912   --a------   C:\WINDOWS\system32\h323msp.dll
2007-08-31 15:21   40,960   ---------   C:\WINDOWS\system32\mf3216.dll
2007-08-31 15:21   331,264   --a------   C:\WINDOWS\system32\ipnathlp.dll
2007-08-31 15:21   26,112   --a------   C:\WINDOWS\system32\xpsp1hfm.exe
2007-08-29 21:11   <DIR>   d--hs----   C:\WINDOWS\YWE
2007-08-29 21:11   <DIR>   d--------   C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-08-28 17:50   8,704   --a------   C:\WINDOWS\system32\SpOrder.dll
2007-08-28 17:50   24,064   --a------   C:\WINDOWS\system32\msxml3a.dll
2007-08-28 00:12   89,088   --a------   C:\WINDOWS\system32\atl71.dll
2007-08-28 00:12   499,712   --a------   C:\WINDOWS\system32\msvcp71.dll
2007-08-28 00:12   1,060,864   --a------   C:\WINDOWS\system32\mfc71.dll
2007-08-28 00:10   <DIR>   d--------   C:\WINDOWS\system32\IBD4
2007-08-28 00:10   <DIR>   d--------   C:\WINDOWS\system32\drvfig32
2007-08-28 00:10   <DIR>   d--------   C:\Temp
2007-08-27 20:28   <DIR>   d--------   C:\Program Files\Common Files\SupportSoft
2007-08-27 19:16   1,082,368   --a------   C:\WINDOWS\system32\esent.dll
2007-08-27 19:05   <DIR>   d--------   C:\WINDOWS\system32\bits
2007-08-27 19:04   22,752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2007-08-27 08:24   <DIR>   d---s----   C:\DOCUME~1\ADMINI~1\UserData
2007-08-26 21:19   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-08-26 21:14   <DIR>   d--------   C:\Program Files\Google
2007-08-26 21:14   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-26 20:37   8,192   --a------   C:\WINDOWS\system32\bitsprx2.dll
2007-08-26 20:37   7,168   --a------   C:\WINDOWS\system32\bitsprx3.dll
2007-08-26 20:37   351,232   --a------   C:\WINDOWS\system32\winhttp.dll
2007-08-26 20:37   18,944   --a------   C:\WINDOWS\system32\qmgrprxy.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 19:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18   33624   --a------   C:\WINDOWS\system32\wups.dll
2007-06-26 02:08   1104896   --a------   C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31   282112   --a------   C:\WINDOWS\system32\gdi32.dll
2007-06-13 06:23   1033216   --a------   C:\WINDOWS\explorer.exe
2003-08-12 20:24   8   --a------   C:\DOCUME~1\ADMINI~1\APPLIC~1\usb.dat.bin

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

---- Directory of C:\WINDOWS\system32\IBD4 ----

2007-08-08 03:30   116351   --a------   C:\WINDOWS\system32\IBD4\rru22011.exe

---- Directory of C:\WINDOWS\system32\drvfig32 ----

2007-08-21 17:52   9814   --a------   C:\WINDOWS\system32\drvfig32\r3w2821.exe

---- Directory of C:\WINDOWS\YWE ----

---- Directory of C:\Temp ----

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-02 13:37]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-02 13:19]
"!AVG Anti-Spyware"="C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2006-06-20 22:36]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
Source= C:\Program Files\WindowsUpdate\progyrtaq.html
FriendlyName=

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-04 15:11:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\cmd.exe [200] 0x82A3CB38

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-04 15:13:02
C:\ComboFix-quarantined-files.txt ... 2007-09-04 15:12
C:\ComboFix2.txt ... 2007-09-04 07:45

   --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:34 AM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: 0 - {0AB2A8C3-7367-4047-F89E-1F051F4912AC} - C:\Program Files\WindowsUpdate\lawugew476.dll (file missing)
O2 - BHO: (no name) - {2A645AD3-77E0-4868-B8F6-3EFDDD16DB2F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BFB3A151-12CE-6E63-E855-39761F1C50C2} - C:\WINDOWS\system32\vbnmkvg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hosycasyn] C:\Program Files\Online Services\hosycasyn22011.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [Rsoc] "C:\PROGRA~1\COMMON~1\YMBOLS~1\netdde.exe" -vt ndrv
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O20 - Winlogon Notify: sstqp - C:\WINDOWS\System32\sstqp.dll (file missing)
O20 - Winlogon Notify: xxyyaxw - xxyyaxw.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\progyrtaq.html

--
End of file - 4729 bytes

09/04/07 15:44:53 [Info]: BlackLight Engine 1.0.64 initialized
09/04/07 15:44:53 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/04/07 15:44:54 [Note]: 7019 4
09/04/07 15:44:54 [Note]: 7005 0
09/04/07 15:44:58 [Note]: 7006 0
09/04/07 15:44:59 [Note]: 7011 384
09/04/07 15:44:59 [Note]: 7026 0
09/04/07 15:44:59 [Note]: 7026 0
09/04/07 15:45:03 [Note]: FSRAW library version 1.7.1022
09/04/07 15:55:17 [Note]: 7006 0
09/04/07 15:55:18 [Note]: 7011 384
09/04/07 15:55:18 [Note]: 7026 0
09/04/07 15:55:18 [Note]: 7026 0
09/04/07 15:55:22 [Note]: FSRAW library version 1.7.1022
09/04/07 16:10:11 [Note]: 7007 0

guestolo · « **Reply #8 on:** September 04, 2007, 03:23:23 PM »

You posted an old Hijackthis log
Can you post a fresh one please

ummzee · « **Reply #9 on:** September 04, 2007, 03:27:07 PM »

[quote name=\'guestolo\' post=\'385030\' date=\'Sep 4 2007, 02:23 PM\']You posted an old Hijackthis log
Can you post a fresh one please[/quote]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:30 PM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\progyrtaq.html

--
End of file - 4177 bytes

I am sorry about that, I also edited the previous message by adding the fsbl results, I had not seen the file before.

Thank you for all you help.

guestolo · « **Reply #10 on:** September 04, 2007, 03:40:22 PM »

I'll be busy for a bit, drywalling the spareroom, so I have to finish some sanding, get it ready to prime

In the meantime, can you do the following please
Do a "System scan only" with Hijackthis and put a check next to this entry

O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\progyrtaq.html

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Download [color=\"blue\"]OTMoveIt[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================

C:\WINDOWS\system32\IBD4
C:\WINDOWS\system32\drvfig32
C:\WINDOWS\YWE
C:\Temp

======================================================
Return to OTMoveIt, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt.

[color=\"red\"]Note[/color]: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".
If you are not required to reboot, can you manually reboot anyways please

OTMoveIt will create a log here
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
I'll need to see it later

Again, temporarily disable Avast's Standard Shield
Using IE to run this scan
Go to this link
http://www.bitdefender.com/
Once there select "Scan now" under Scan online on the left hand side
Agree to the agreement and follow the prompts to load

After the scan post back the results back here

along with the log from OTMoveit and another fresh hijackthis log
Let me know how things are running

ummzee · « **Reply #11 on:** September 04, 2007, 05:26:33 PM »

[quote name=\'guestolo\' post=\'385041\' date=\'Sep 4 2007, 02:40 PM\']I'll be busy for a bit, drywalling the spareroom, so I have to finish some sanding, get it ready to prime

In the meantime, can you do the following please
Do a "System scan only" with Hijackthis and put a check next to this entry

O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\progyrtaq.html

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Download [color=\"blue\"]OTMoveIt[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================

C:\WINDOWS\system32\IBD4
C:\WINDOWS\system32\drvfig32
C:\WINDOWS\YWE
C:\Temp

======================================================
Return to OTMoveIt, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt.

[color=\"red\"]Note[/color]: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".
If you are not required to reboot, can you manually reboot anyways please

OTMoveIt will create a log here
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
I'll need to see it later

Again, temporarily disable Avast's Standard Shield
Using IE to run this scan
Go to this link
http://www.bitdefender.com/
Once there select "Scan now" under Scan online on the left hand side
Agree to the agreement and follow the prompts to load

After the scan post back the results back here

along with the log from OTMoveit and another fresh hijackthis log
Let me know how things are running[/quote]

Everything is great and working fine, no pop-ups

BitDefender Online Scanner

Scan report generated at: Tue, Sep 04, 2007 - 17:56:06

Scan path: A:\;C:\

:\;

Statistics

Time
00:34:45

Files
90005

Folders
3057

Boot Sectors
2

Archives
751

Packed Files
3343

Results

Identified Viruses
25

Infected Files
87

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
93

Engines Info

Virus Definitions
775856

Engine build
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Program Files\TrojanHunter 4.7\Quarantine\26l.dat
Infected with: Trojan.Fotomoto.E

C:\Program Files\TrojanHunter 4.7\Quarantine\26l.dat
Disinfection failed

C:\Program Files\TrojanHunter 4.7\Quarantine\26l.dat
Deleted

C:\Program Files\TrojanHunter 4.7\Quarantine\410xHC.dat
Infected with: Trojan.Downloader.Winfixer.T

C:\Program Files\TrojanHunter 4.7\Quarantine\410xHC.dat
Disinfection failed

C:\Program Files\TrojanHunter 4.7\Quarantine\410xHC.dat
Deleted

C:\Program Files\TrojanHunter 4.7\Quarantine\hJt3al.dat
Detected with: Application.Winfixer.EG

C:\Program Files\TrojanHunter 4.7\Quarantine\hJt3al.dat
Disinfection failed

C:\Program Files\TrojanHunter 4.7\Quarantine\hJt3al.dat
Deleted

C:\Program Files\TrojanHunter 4.7\Quarantine\Jz3Mu.dat
Detected with: Adware.TTC.B

C:\Program Files\TrojanHunter 4.7\Quarantine\Jz3Mu.dat
Disinfection failed

C:\Program Files\TrojanHunter 4.7\Quarantine\Jz3Mu.dat
Deleted

C:\Program Files\TrojanHunter 4.7\Quarantine\zXesbw.dat
Infected with: Trojan.Vundo.DMV

C:\Program Files\TrojanHunter 4.7\Quarantine\zXesbw.dat
Disinfection failed

C:\Program Files\TrojanHunter 4.7\Quarantine\zXesbw.dat
Deleted

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\AsAgents.dll.vir
Detected with: Application.Winfixer.DK

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\AsAgents.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\AsAgents.dll.vir
Deleted

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\fopnl.dll.vir
Detected with: Application.Winfixer.EB

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\fopnl.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\fopnl.dll.vir
Deleted

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\InstUp.exe.vir=>(Instyler o)=>(Instyler Module 0)
Infected with: Trojan.Fakealert.BX

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\InstUp.exe.vir=>(Instyler o)=>(Instyler Module 0)
Disinfection failed

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\InstUp.exe.vir=>(Instyler o)=>(Instyler Module 0)
Deleted

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\InstUp.exe.vir=>(Instyler o)
Update failed

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\InstUp.exe.vir=>(Instyler o)=>(Instyler Module 1)
Infected with: Trojan.Downloader.Winfixer.T

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\InstUp.exe.vir=>(Instyler o)=>(Instyler Module 1)
Disinfection failed

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\InstUp.exe.vir=>(Instyler o)=>(Instyler Module 1)
Deleted

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\InstUp.exe.vir=>(Instyler o)
Update failed

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\28f6c107b57b459912009692\a70c21b6df0644f4d6aaf0a5\#data.vir=>(Quarantine-PE)
Infected with: Trojan.VB.Agent.K

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\28f6c107b57b459912009692\a70c21b6df0644f4d6aaf0a5\#data.vir=>(Quarantine-PE)
Disinfection failed

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\28f6c107b57b459912009692\a70c21b6df0644f4d6aaf0a5\#data.vir=>(Quarantine-PE)
Deleted

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\f90641db5d4b4012ef956997\#data.vir=>(Quarantine-PE)
Infected with: Trojan.Proxy.493

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\f90641db5d4b4012ef956997\#data.vir=>(Quarantine-PE)
Disinfection failed

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\8f760c6ffc1c447b687ee781\f90641db5d4b4012ef956997\#data.vir=>(Quarantine-PE)
Deleted

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\b94938d9a5b54daef14d82b9\84f798977798414f37e6ecad\#data.vir=>(Quarantine-PE)
Infected with: Trojan.Vundo.DMV

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\b94938d9a5b54daef14d82b9\84f798977798414f37e6ecad\#data.vir=>(Quarantine-PE)
Disinfection failed

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\b94938d9a5b54daef14d82b9\84f798977798414f37e6ecad\#data.vir=>(Quarantine-PE)
Deleted

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\bc810fd532654c35dd327ead\771bdc1bc9434127ecaacc91\#data.vir=>(Quarantine-PE)
Infected with: DeepScan:Generic.Virtumonde.1.16A22705

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\bc810fd532654c35dd327ead\771bdc1bc9434127ecaacc91\#data.vir=>(Quarantine-PE)
Disinfection failed

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\bc810fd532654c35dd327ead\771bdc1bc9434127ecaacc91\#data.vir=>(Quarantine-PE)
Deleted

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\f378d3fb27b34650e1174aa499e1e2ec3134eb99ce3e88f\#data.vir=>(Quarantine-PE)
Infected with: Trojan.Spy.Agent.NHK

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\f378d3fb27b34650e1174aa499e1e2ec3134eb99ce3e88f\#data.vir=>(Quarantine-PE)
Disinfection failed

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\f378d3fb27b34650e1174aa499e1e2ec3134eb99ce3e88f\#data.vir=>(Quarantine-PE)
Deleted

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\f378d3fb27b34650e1174aa4\2851bdf800bb4754909456a6\#data.vir=>(Quarantine-PE)
Infected with: Trojan.Spy.Agent.NHK

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\f378d3fb27b34650e1174aa4\2851bdf800bb4754909456a6\#data.vir=>(Quarantine-PE)
Disinfection failed

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\quaratine.dat\f378d3fb27b34650e1174aa4\2851bdf800bb4754909456a6\#data.vir=>(Quarantine-PE)
Deleted

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\was7.exe.vir
Detected with: Application.Winfixer.DY

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\was7.exe.vir
Disinfection failed

C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\was7.exe.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\cifrsmsw.exe.vir
Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\cifrsmsw.exe.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\cifrsmsw.exe.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\cplpekvh.exe.vir
Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\cplpekvh.exe.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\cplpekvh.exe.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\Rtte57.sys.vir
Infected with: Trojan.Srizbi.G

C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\Rtte57.sys.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\Rtte57.sys.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\symavc32.sys.vir
Infected with: Trojan.Srizbi.G

C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\symavc32.sys.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\symavc32.sys.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\gcttigdl.exe.vir
Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\gcttigdl.exe.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\gcttigdl.exe.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\giydfenf.exe.vir
Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\giydfenf.exe.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\giydfenf.exe.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\gnqsps.dll.vir
Infected with: Trojan.Spambot.BXB

C:\qoobox\Quarantine\C\WINDOWS\system32\gnqsps.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\gnqsps.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\KB24182794.exe.vir
Infected with: Trojan.Srizbi.G

C:\qoobox\Quarantine\C\WINDOWS\system32\KB24182794.exe.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\KB24182794.exe.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\KB48559630.exe.vir
Infected with: Trojan.Srizbi.G

C:\qoobox\Quarantine\C\WINDOWS\system32\KB48559630.exe.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\KB48559630.exe.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\qvjpkkmp.dll.vir
Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\qvjpkkmp.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\uuuyewby.dll.vir
Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\uuuyewby.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\vturs.dll.vir
Infected with: DeepScan:Generic.Virtumonde.1.D3832B16

C:\qoobox\Quarantine\C\WINDOWS\system32\vturs.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\vturs.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\xsfofkwf.exe.vir
Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\xsfofkwf.exe.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\xsfofkwf.exe.vir
Deleted

C:\qoobox\Quarantine\catchme2007-09-04_ 74302.60.zip=>mllmk.dll
Infected with: DeepScan:Generic.Virtumonde.1.D3832B16

C:\qoobox\Quarantine\catchme2007-09-04_ 74302.60.zip=>mllmk.dll
Disinfection failed

C:\qoobox\Quarantine\catchme2007-09-04_ 74302.60.zip=>mllmk.dll
Deleted

C:\qoobox\Quarantine\catchme2007-09-04_ 74302.60.zip
Updated

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0011769.dll
Infected with: DeepScan:Generic.Virtumonde.1.D3832B16

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0011769.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0011769.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0011887.dll
Infected with: DeepScan:Generic.Virtumonde.1.D3832B16

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0011887.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0011887.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0012143.exe
Infected with: Trojan.Downloader.Winfixer.T

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0012143.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0012143.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0012145.dll
Detected with: Application.Winfixer.EG

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0012145.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0012145.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0012146.exe
Infected with: MemScan:Trojan.Downloader.Tibs.GXL

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0012146.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0012146.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0012149.dll
Infected with: Trojan.Vundo.DMV

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0012149.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP139\A0012149.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP189\A0016959.dll
Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP189\A0016959.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0017983.exe=>(NSIS o)=>zlib_nsis0000
Infected with: Trojan.Clicker.Small.YD

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0017983.exe=>(NSIS o)=>zlib_nsis0000
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0017983.exe=>(NSIS o)=>zlib_nsis0000
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0017983.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0017983.exe=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Clicker.Small.YD

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0017983.exe=>(NSIS o)=>zlib_nsis0002
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0017983.exe=>(NSIS o)=>zlib_nsis0002
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0017983.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0017983.exe=>(NSIS o)=>zlib_nsis0003
Infected with: Trojan.Clicker.Small.AV

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0017983.exe=>(NSIS o)=>zlib_nsis0003
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0017983.exe=>(NSIS o)=>zlib_nsis0003
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0017983.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0017993.dll
Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0017993.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0018005.exe
Detected with: Adware.TTC.B

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0018005.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0018005.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0018008.exe
Infected with: Trojan.Proxy.Xorpix.BH

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0018008.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0018008.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0018009.exe
Infected with: Trojan.Proxy.Xorpix.BH

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0018009.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0018009.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0018010.dll
Infected with: Trojan.Vundo.DMV

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0018010.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP191\A0018010.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP192\A0018055.dll
Infected with: Trojan.Vundo.DMX

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP192\A0018055.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP192\A0018055.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018101.exe
Infected with: Trojan.Srizbi.G

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018101.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018101.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018102.exe
Infected with: Trojan.Srizbi.G

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018102.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018102.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018104.exe
Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018104.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018104.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018105.exe
Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018105.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018105.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018106.exe
Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018106.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018106.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018107.exe
Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018107.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018107.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018108.exe
Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018108.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018108.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018109.dll
Infected with: Trojan.Spambot.BXB

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018109.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018109.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018110.dll
Infected with: DeepScan:Generic.Virtumonde.1.D3832B16

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018110.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018110.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018112.dll
Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018112.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018114.dll
Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018114.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018121.dll
Detected with: Application.Winfixer.DK

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018121.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018121.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018123.dll
Detected with: Application.Winfixer.EB

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018123.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018123.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018124.exe=>(Instyler o)=>(Instyler Module 0)
Infected with: Trojan.Fakealert.BX

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018124.exe=>(Instyler o)=>(Instyler Module 0)
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018124.exe=>(Instyler o)=>(Instyler Module 0)
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018124.exe=>(Instyler o)
Update failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018124.exe=>(Instyler o)=>(Instyler Module 1)
Infected with: Trojan.Downloader.Winfixer.T

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018124.exe=>(Instyler o)=>(Instyler Module 1)
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018124.exe=>(Instyler o)=>(Instyler Module 1)
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018124.exe=>(Instyler o)
Update failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018134.exe
Detected with: Application.Winfixer.DY

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018134.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018134.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018148.dll
Infected with: DeepScan:Generic.Virtumonde.1.D3832B16

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018148.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP193\A0018148.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP194\A0018270.sys
Infected with: Trojan.Srizbi.G

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP194\A0018270.sys
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP194\A0018270.sys
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP194\A0018271.sys
Infected with: Trojan.Srizbi.G

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP194\A0018271.sys
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP194\A0018271.sys
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002446.dll
Detected with: Application.Winfixer.DK

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002446.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002446.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002447.exe=>(Instyler o)=>(Instyler Module 0)
Infected with: Trojan.Fakealert.BX

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002447.exe=>(Instyler o)=>(Instyler Module 0)
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002447.exe=>(Instyler o)=>(Instyler Module 0)
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002447.exe=>(Instyler o)
Update failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002447.exe=>(Instyler o)=>(Instyler Module 1)
Infected with: Trojan.Downloader.Winfixer.T

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002447.exe=>(Instyler o)=>(Instyler Module 1)
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002447.exe=>(Instyler o)=>(Instyler Module 1)
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002447.exe=>(Instyler o)
Update failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002448.dll
Detected with: Application.Winfixer.EB

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002448.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002448.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002449.exe
Detected with: Application.Winfixer.DY

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002449.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002449.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002455.dll
Detected with: Application.Winfixer.EG

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002455.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0002455.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0006471.dll
Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0006471.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0006474.exe
Infected with: Trojan.Popwin.DE

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0006474.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0006474.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0006477.dll
Detected with: Application.Winfixer.EG

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0006477.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP66\A0006477.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP69\snapshot\MFEX-1.DAT
Infected with: Trojan.Downloader.Winfixer.T

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP69\snapshot\MFEX-1.DAT
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP69\snapshot\MFEX-1.DAT
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP70\snapshot\MFEX-1.DAT
Infected with: Trojan.Downloader.Winfixer.T

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP70\snapshot\MFEX-1.DAT
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP70\snapshot\MFEX-1.DAT
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP71\snapshot\MFEX-1.DAT
Infected with: Trojan.Downloader.Winfixer.T

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP71\snapshot\MFEX-1.DAT
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP71\snapshot\MFEX-1.DAT
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP72\snapshot\MFEX-1.DAT
Infected with: Trojan.Downloader.Winfixer.T

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP72\snapshot\MFEX-1.DAT
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP72\snapshot\MFEX-1.DAT
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008476.dll
Infected with: DeepScan:Generic.Virtumonde.1.16A22705

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008476.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008476.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008480.exe
Infected with: Trojan.VB.Agent.K

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008480.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008480.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008481.exe
Infected with: Trojan.Downloader.Winfixer.T

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008481.exe
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008481.exe
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008491.dll
Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008491.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008492.dll
Infected with: DeepScan:Generic.Virtumonde.1.D3832B16

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008492.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008492.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008493.dll
Infected with: Trojan.Vundo.DMV

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008493.dll
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\A0008493.dll
Deleted

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\snapshot\MFEX-1.DAT
Infected with: Trojan.Downloader.Winfixer.T

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\snapshot\MFEX-1.DAT
Disinfection failed

C:\System Volume Information\_restore{536A84B1-23FF-427D-877C-E7F33498F4D6}\RP73\snapshot\MFEX-1.DAT
Deleted

C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drvfig32\r3w2821.exe
Infected with: Trojan.Downloader.Small.AAEU

C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drvfig32\r3w2821.exe
Disinfection failed

C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drvfig32\r3w2821.exe
Deleted

C:\_OTMoveIt\MovedFiles\WINDOWS\system32\IBD4\rru22011.exe
Infected with: Trojan.Agent.ABLK

C:\_OTMoveIt\MovedFiles\WINDOWS\system32\IBD4\rru22011.exe
Disinfection failed

C:\_OTMoveIt\MovedFiles\WINDOWS\system32\IBD4\rru22011.exe
Deleted

C:\WINDOWS\system32\IBD4 moved successfully.
C:\WINDOWS\system32\drvfig32 moved successfully.
C:\WINDOWS\YWE moved successfully.
C:\Temp moved successfully.

Created on 09/04/2007 16:54:57

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:27 PM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Administrator\Desktop\AntiVirus\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 6414 bytes

guestolo · « **Reply #12 on:** September 04, 2007, 06:13:29 PM »

Good work, looks good
The infected files that BitDefender couldn't remove are not going to do no harm for now
Can you post one last log and I'll give you final cleanup steps

supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

TheTechGuide Forum

News:

Author Topic: Guestolo help - HJT log (Read 651 times)

ummzee

Guestolo help - HJT log

guestolo

Guestolo help - HJT log

ummzee

Guestolo help - HJT log

guestolo

Guestolo help - HJT log

ummzee

Guestolo help - HJT log

guestolo

Guestolo help - HJT log

ummzee

Guestolo help - HJT log

ummzee

Guestolo help - HJT log

guestolo

Guestolo help - HJT log

ummzee

Guestolo help - HJT log

guestolo

Guestolo help - HJT log

ummzee

Guestolo help - HJT log

guestolo

Guestolo help - HJT log