1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

My hijackThis log

Discussion in 'Malware and Virus Removal Archive' started by calilsv, 2007/09/19.

  1. 2007/09/19
    calilsv

    calilsv Inactive Thread Starter

    Joined:
    2007/09/19
    Messages:
    12
    Likes Received:
    0
    Decided to finally join the forum, after lurking for a long time.
    I'm trying to help a friend fix his computer which was running really slow, and always trying to connect to the internet. I used spybot and avg free to fix most problems, although is still tries to connect to the internet, and I cant see what is doing it. here is my hijackthis log file. Thanks for the help.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:18:42 PM, on 9/18/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\YAHOO!\browser\ycommon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\DfrgFat.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Zango /fleok=1D8A83A5C5E2167E9CAC75760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.341.0\HostIE.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\COMMON\yiesrvc.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.341.0\HostIE.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [gcylqcjo] C:\WINDOWS\System32\bqivcius.exe
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.341.0\OEAddOn.exe
    O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.0.341.0\ZangoSA.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\System32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\COMMON\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O15 - Trusted Zone: *.att.net
    O15 - Trusted Zone: http://*.att.net
    O15 - Trusted Zone: *.sbcglobal.net
    O15 - Trusted Zone: http://*.sbcglobal.net
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O21 - SSODL: msmhost - {956D4F71-8C70-4560-98AC-04A66D2DEDCB} - C:\WINDOWS\msmhost.dll
    O21 - SSODL: msmdev - {FAE1DF25-49ED-4CA8-8A7B-B58D8674BEA4} - C:\WINDOWS\msmdev.dll
    O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\kmrn.dll (file missing)
    O22 - SharedTaskScheduler: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\kmrn.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

    --
    End of file - 8345 bytes
     
    calilsv,
    #1
  2. 2007/09/19
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi calilsv
    Welcome to Windows bbs

    Your friend has a number of infections. Lets start off this way.

    Please do the following in the order given.

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

    Then do this.

    Please follow these instructions exactly as given.

    Now download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the "Update now" link.
      • The update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
    6. Under "Reports "
      • Select " Do Not Automatically generate reports "
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions "
    6. Next select the "Save Reports"
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

    Please post the SDFix log, The AVG AS log and a new HJT log.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2007/09/20
    calilsv

    calilsv Inactive Thread Starter

    Joined:
    2007/09/19
    Messages:
    12
    Likes Received:
    0
    Geri thanks for the help. Here is what I cam up with.


    SDFix: Version 1.106

    Run by Administrator on Wed 09/19/2007 at 08:04 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    smtpdrv

    ImagePath:
    System32\DRIVERS\smtpdrv.sys

    smtpdrv - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Default HomePage Value
    Restoring Default Desktop Components Value

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\Program Files\VideoAccessCodec\install.ico - Deleted
    C:\Program Files\VideoAccessCodec\Uninstall.exe - Deleted
    C:\WINDOWS\dat.txt - Deleted
    C:\WINDOWS\main_uninstaller.exe - Deleted
    C:\WINDOWS\msmdev.dll - Deleted
    C:\WINDOWS\msmhost.dll - Deleted
    C:\WINDOWS\nsduo.dll - Deleted
    C:\WINDOWS\rs.txt - Deleted
    C:\WINDOWS\System32KBRunOnce2.tm_ - Deleted
    C:\WINDOWS\System32KBRunOnce2.t__ - Deleted
    C:\WINDOWS\system32\4_exception.nls - Deleted
    C:\WINDOWS\system32\KBRunOnce2.t__ - Deleted


    Folder C:\Documents and Settings\All Users\Documents\Settings - Removed
    Folder C:\Program Files\VideoAccessCodec - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\WINDOWS\\System32\\rdlyfauo.exe "= "C:\\WINDOWS\\System32\\rdlyfauo.exe:*:Enabled:Server "
    "C:\\DOCUME~1\\MARIAN~1\\LOCALS~1\\Temp\\0.exe "= "C:\\DOCUME~1\\MARIAN~1\\LOCALS~1\\Temp\\0.exe:*:Enabled:Enabled "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "C:\\WINDOWS\\System32\\rdlyfauo.exe "= "C:\\WINDOWS\\System32\\rdlyfauo.exe:*:Enabled:Server "

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Program Files\Uninstall Information\IE40.Comctl32\AINF0000
    C:\Documents and Settings\M M\My Documents\~$QQ.COM.doc
    C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
    C:\Program Files\Picasa2\setup.exe
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP66\A0023810.exe
    C:\LOGO.SYS
    C:\Documents and Settings\M M\Local Settings\Temp\dtouzbig.sys
    C:\WINDOWS\LastGood.Tmp\INF\oem12.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem12.PNF
    C:\WINDOWS\LastGood.Tmp\INF\dxxp.inf
    C:\WINDOWS\LastGood.Tmp\INF\dxxp.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem13.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem13.PNF
    C:\WINDOWS\LastGood.Tmp\INF\dxdllreg.inf
    C:\WINDOWS\LastGood.Tmp\INF\dxdllreg.PNF
    C:\WINDOWS\LastGood.Tmp\INF\dxbda.inf
    C:\WINDOWS\LastGood.Tmp\INF\dxbda.PNF
    C:\WINDOWS\LastGood.Tmp\INF\d3dx9_24_x86.inf
    C:\WINDOWS\LastGood.Tmp\INF\d3dx9_24_x86.PNF
    C:\WINDOWS\LastGood.Tmp\INF\d3dx9_25_x86.inf
    C:\WINDOWS\LastGood.Tmp\INF\d3dx9_25_x86.PNF
    C:\WINDOWS\LastGood.Tmp\INF\d3dx9_26_x86.inf
    C:\WINDOWS\LastGood.Tmp\INF\d3dx9_26_x86.PNF
    C:\WINDOWS\LastGood.Tmp\INF\d3dx9_27_x86.inf
    C:\WINDOWS\LastGood.Tmp\INF\d3dx9_27_x86.PNF
    C:\WINDOWS\LastGood.Tmp\INF\xinput9_1_0_x86.inf
    C:\WINDOWS\LastGood.Tmp\INF\xinput9_1_0_x86.PNF
    C:\WINDOWS\LastGood.Tmp\INF\d3dx9_28_x86.inf
    C:\WINDOWS\LastGood.Tmp\INF\d3dx9_28_x86.PNF
    C:\WINDOWS\LastGood.Tmp\INF\d3dx9_29_x86.inf
    C:\WINDOWS\LastGood.Tmp\INF\d3dx9_29_x86.PNF
    C:\WINDOWS\LastGood.Tmp\INF\xact_x86.inf
    C:\WINDOWS\LastGood.Tmp\INF\xact_x86.PNF
    C:\WINDOWS\LastGood.Tmp\INF\MPPRE10.inf
    C:\WINDOWS\LastGood.Tmp\INF\MPPRE10.PNF
    C:\WINDOWS\LastGood.Tmp\INF\DRM10.inf
    C:\WINDOWS\LastGood.Tmp\INF\DRM10.PNF
    C:\WINDOWS\LastGood.Tmp\INF\codecs10.inf
    C:\WINDOWS\LastGood.Tmp\INF\codecs10.PNF
    C:\WINDOWS\LastGood.Tmp\INF\WMFSDK10.inf
    C:\WINDOWS\LastGood.Tmp\INF\WMFSDK10.PNF
    C:\WINDOWS\LastGood.Tmp\INF\WMDM10.inf
    C:\WINDOWS\LastGood.Tmp\INF\WMDM10.PNF
    C:\WINDOWS\LastGood.Tmp\INF\WPD10.inf
    C:\WINDOWS\LastGood.Tmp\INF\WPD10.PNF
    C:\WINDOWS\LastGood.Tmp\INF\wpdmtp.inf
    C:\WINDOWS\LastGood.Tmp\INF\wpdmtp.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem14.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem14.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem15.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem15.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem16.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem16.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem17.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem17.PNF
    C:\Documents and Settings\M M\Local Settings\Temp\BIT34.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT13.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT17.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT40.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT8B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT11.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT48.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT3A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT30.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT3D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT3E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT42.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT3F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT28.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT33.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT91.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT21.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT29.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT36.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITE.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT44.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT5E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT66.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT6D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT4A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT4C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT54.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT6E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT6F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT70.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT71.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT72.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT73.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT8C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT8D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT8E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT8F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT90.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT92.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT94.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT96.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT98.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT99.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT9A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT2.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT9B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT3.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT4.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT5.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT6C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT75.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT78.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT61.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT60.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT6.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT24.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT7.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT8.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT9.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITA.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT142.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITC.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\DXMF1.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITB.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITD.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITF.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT10.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT16.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT27.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT31.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT35.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT50.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT59.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT6A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT83.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT84.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT86.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT8A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT93.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT97.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT9C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT9D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT9E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT9F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITA0.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITA1.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITA2.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITA3.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITA5.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITA6.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITA7.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITA8.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITA9.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITAA.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITAB.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITAC.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITAD.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITAE.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITAF.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITB0.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITB1.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITB2.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITB3.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITB4.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITB5.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITB6.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITB7.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITB8.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITB9.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITBA.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITBB.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITBC.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT12.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITBD.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITBE.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT41.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITBF.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT49.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITC0.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITC1.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITC2.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITC3.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITC4.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT14.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITC5.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITC6.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITC7.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITC8.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT15.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITC9.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITCA.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITCB.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITCC.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITCD.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITCE.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITCF.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT2C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT46.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITD0.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITD1.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITD2.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT18.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITD3.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT19.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITD5.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITD6.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITD7.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT95.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITD8.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT20.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT2E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT37.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITD9.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITDA.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITDB.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITDD.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITDE.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITDF.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITE0.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITE1.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITE2.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITE3.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITE4.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITE5.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITE6.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITE7.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITE8.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITE9.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITEA.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITEC.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT43.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT25.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT22.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT51.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT2A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT23.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT58.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT4D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT5F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT38.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT5A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT45.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT52.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT26.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT63.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT6B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT7C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITA4.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITEB.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT2B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT3B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT3C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT53.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT67.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT68.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT76.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT77.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT7E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT74.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT85.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITED.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT13B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT13C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT159.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT10D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT2D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT4E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT55.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT32.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT2F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITEE.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT47.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITEF.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITF0.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITF1.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITF2.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITF3.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITF4.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITF5.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT64.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT39.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT65.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITF6.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITF7.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITF8.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITF9.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT4F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITFA.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT57.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT4B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITFB.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITFC.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITFD.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT5B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT7F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT80.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT87.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT88.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT89.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITD4.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITDC.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT56.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT5C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT5D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITFE.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BITFF.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT69.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT79.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT62.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT7B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT7A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT7D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT81.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT82.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT100.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT101.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT102.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT103.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT104.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT105.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT106.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT107.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT108.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT109.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT10A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT10B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT10C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT10E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT10F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT110.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT111.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT112.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT113.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT114.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT118.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT119.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT11A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT11B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT115.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT11C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT11D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT116.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT131.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT134.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT117.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT135.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT136.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT137.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT138.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT139.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT13A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT13D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT13F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT140.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT13E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT141.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT143.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT144.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT145.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT147.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT148.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT149.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT14A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT14B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT14C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT146.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT14D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT14E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT14F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT150.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT151.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT152.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT153.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT154.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT155.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT156.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT157.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT158.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT15A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT15B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT15C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT15D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT15E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT15F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT160.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT161.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT162.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT163.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT164.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT165.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT166.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT167.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT168.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT169.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT16A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT16B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT16C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT16D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT16E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT16F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT170.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT171.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT172.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT173.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT174.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT175.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT176.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT177.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT178.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT179.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT17A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT17B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT17C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT17D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT17E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT17F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT180.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT181.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT182.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT183.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT184.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT185.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT186.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT187.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT188.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT189.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT18A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT18B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT18C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT18D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT18E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT18F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT190.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT191.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT192.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT193.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT194.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT195.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT196.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT197.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT198.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT199.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT19A.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT19B.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT19C.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT19D.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT19E.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT19F.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1A0.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1A1.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1A2.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1A3.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1A4.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1A5.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1A6.tmp
     
    calilsv,
    #3
  5. 2007/09/20
    calilsv

    calilsv Inactive Thread Starter

    Joined:
    2007/09/19
    Messages:
    12
    Likes Received:
    0
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1A7.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1A8.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1A9.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1AA.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1AB.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1AC.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1AD.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1AE.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1AF.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1B0.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1B1.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1B2.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1B3.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1B4.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1B5.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1B6.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1B7.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1B8.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1B9.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1BA.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1BB.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1BC.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1BD.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1BE.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1BF.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1C0.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1C1.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1C2.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1C3.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1C4.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1C5.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1C6.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1C7.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1C8.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1C9.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1CA.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1CB.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1CC.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1CD.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1CE.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1CF.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1D0.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1D1.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1D2.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1D3.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1D4.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1D5.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1D6.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1D7.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1D8.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1D9.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1DA.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1DB.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1DC.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1DD.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1DE.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1DF.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1E0.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1E1.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1E2.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1E3.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1E4.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1E5.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1E6.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1E7.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1E8.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1E9.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1EA.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1EB.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1EC.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1ED.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1EE.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1EF.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1F0.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1F1.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1F2.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1F3.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1F4.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1F5.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1F6.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1F7.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1F8.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1F9.tmp
    C:\Documents and Settings\M M\Local Settings\Temp\BIT1FB.tmp
    C:\Documents and Settings\M M\My Documents\~WRL1579.tmp
    C:\Documents and Settings\M M\My Documents\~WRL3705.tmp
    C:\Documents and Settings\M M\My Documents\~WRL3149.tmp
    C:\Documents and Settings\M M\My Documents\~WRL0613.tmp
    C:\Documents and Settings\M M\My Documents\~WRL2618.tmp
    C:\Documents and Settings\M M\My Documents\~WRL0004.tmp
    C:\Documents and Settings\M M\My Documents\~WRL0005.tmp
    C:\Documents and Settings\M M\My Documents\~WRL0001.tmp
    C:\Documents and Settings\M M\My Documents\~WRL2475.tmp
    C:\Documents and Settings\M M\My Documents\~WRL0003.tmp
    C:\Documents and Settings\M M\My Documents\~WRL3716.tmp
    C:\Documents and Settings\M M\My Documents\~WRL0073.tmp
    C:\Documents and Settings\M M\My Documents\~WRL0624.tmp
    C:\Documents and Settings\M M\My Documents\~WRL0006.tmp
    C:\Documents and Settings\M M\My Documents\Uncle Mariano Interview\~WRL1556.tmp
    C:\Documents and Settings\M M\Application Data\Microsoft\Word\~WRL1985.tmp
    C:\Documents and Settings\M M\Application Data\Microsoft\Word\~WRL0588.tmp
    C:\Documents and Settings\M M\Application Data\Microsoft\Word\~WRL2454.tmp
    C:\Documents and Settings\M M\Application Data\Microsoft\Word\~WRL3531.tmp
    C:\Documents and Settings\M M\Application Data\Microsoft\Word\~WRL2347.tmp
    C:\Documents and Settings\M M\Application Data\Microsoft\Word\~WRL3092.tmp
    C:\Documents and Settings\M M\Application Data\Microsoft\Word\~WRL1573.tmp
    C:\Documents and Settings\M M\Application Data\Microsoft\Word\~WRL2923.tmp
    C:\Documents and Settings\M M\Application Data\Microsoft\Word\~WRL0264.tmp

    Finished!

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:50:51 PM 9/19/2007

    + Scan result:



    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP62\A0016879.EXE -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP62\A0016880.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0049216.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056375.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056376.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056377.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\Program Files\Starware343\bin\Starware343.dll -> Adware.Comet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Error during cleaning.
    HKU\S-1-5-21-2052111302-1682526488-1957994488-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Hiwire -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Hiwire\MusicMatch -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Hiwire\MusicMatch\Browser -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Hiwire\MusicMatch\Faceplate -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Hiwire\MusicMatch\History -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Hiwire\MusicMatch\Resources -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Hiwire\MusicMatch\Stations -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Hiwire\MusicMatch\WebUpdate -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Hiwire -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Hiwire\MusicMatch -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Hiwire\MusicMatch\Browser -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Hiwire\MusicMatch\Faceplate -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Hiwire\MusicMatch\History -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Hiwire\MusicMatch\Resources -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Hiwire\MusicMatch\Stations -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Hiwire\MusicMatch\WebUpdate -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2052111302-1682526488-1957994488-500\Software\Hiwire -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2052111302-1682526488-1957994488-500\Software\Hiwire\MusicMatch -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2052111302-1682526488-1957994488-500\Software\Hiwire\MusicMatch\Browser -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2052111302-1682526488-1957994488-500\Software\Hiwire\MusicMatch\Faceplate -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2052111302-1682526488-1957994488-500\Software\Hiwire\MusicMatch\History -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2052111302-1682526488-1957994488-500\Software\Hiwire\MusicMatch\Resources -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2052111302-1682526488-1957994488-500\Software\Hiwire\MusicMatch\Stations -> Adware.HiWire : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2052111302-1682526488-1957994488-500\Software\Hiwire\MusicMatch\WebUpdate -> Adware.HiWire : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP62\A0016864.exe -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP62\A0016867.exe -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP62\A0016868.dll -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP62\A0016869.dll -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP62\A0016870.exe -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP62\A0016876.exe -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP62\A0016885.dll -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP62\A0016886.dll -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP62\A0016890.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP62\A0016891.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP62\A0016892.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP62\A0016893.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP62\A0016900.exe -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056374.exe -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056379.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056381.exe -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056382.exe -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056383.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056384.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056388.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056392.dll -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056393.dll -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056395.dll -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056396.dll -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056400.exe -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP70\A0056401.exe -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll -> Adware.WindowEnhancer : Cleaned with backup (quarantined).
    C:\SDFix\backups\backups.zip/backups/msmdev.dll -> Downloader.Agent.dag : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP72\A0057436.dll -> Downloader.Agent.dag : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP72\A0057447.dll -> Downloader.Agent.dag : Cleaned with backup (quarantined).
    C:\Documents and Settings\M M\Application Data\installer_en[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : Cleaned with backup (quarantined).
    C:\Program Files\Advanced Registry Optimizer\installer_en.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{65AC59CD-88C9-4DE9-B899-0797D4808434}\RP69\A0031122.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : Cleaned with backup (quarantined).
    C:\Documents and Settings\M M\Local Settings\Temp\dtouzbig.sys -> Rootkit.Podnuha.c : Cleaned with backup (quarantined).
    :mozilla.33:C:\Documents and Settings\M M\Application Data\Mozilla\Firefox\Profiles\sj89hgp7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.27:C:\Documents and Settings\M M\Application Data\Mozilla\Firefox\Profiles\sj89hgp7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.30:C:\Documents and Settings\M M\Application Data\Mozilla\Firefox\Profiles\sj89hgp7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.31:C:\Documents and Settings\M M\Application Data\Mozilla\Firefox\Profiles\sj89hgp7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.32:C:\Documents and Settings\M M\Application Data\Mozilla\Firefox\Profiles\sj89hgp7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.14:C:\Documents and Settings\M M\Application Data\Mozilla\Firefox\Profiles\sj89hgp7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.35:C:\Documents and Settings\M M\Application Data\Mozilla\Firefox\Profiles\sj89hgp7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    C:\Documents and Settings\M M\Local Settings\Temp\Cookies\M M@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.34:C:\Documents and Settings\M M\Application Data\Mozilla\Firefox\Profiles\sj89hgp7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.


    ::Report end
     
    calilsv,
    #4
  6. 2007/09/20
    calilsv

    calilsv Inactive Thread Starter

    Joined:
    2007/09/19
    Messages:
    12
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:57:37 PM, on 9/19/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\YAHOO!\browser\ycommon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Zango /fleok=1D8A83A5C5E2167E9CAC75760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.341.0\HostIE.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\COMMON\yiesrvc.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.341.0\HostIE.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [gcylqcjo] C:\WINDOWS\System32\bqivcius.exe
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.341.0\OEAddOn.exe
    O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.0.341.0\ZangoSA.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\System32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\COMMON\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O15 - Trusted Zone: *.att.net
    O15 - Trusted Zone: http://*.att.net
    O15 - Trusted Zone: *.sbcglobal.net
    O15 - Trusted Zone: http://*.sbcglobal.net
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\kmrn.dll (file missing)
    O22 - SharedTaskScheduler: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\kmrn.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

    --
    End of file - 7866 bytes
     
    calilsv,
    #5
  7. 2007/09/20
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi

    We need to check this file, please do this.

    Jotti File Submission:
    • Please go to Jotti's malware scan
    • Copy and paste the following file path into the "File to upload & scan "box on the top of the page:
      • C:\WINDOWS\System32\bqivcius.exe
    • Click on the submit button
    • Please post the results in your next reply.

    Please post the results.

    Then please give me a uninstall list, here. how.

    To get an Uninstall List from HijackThis:
    • Open HijackThis, click Config, click Misc Tools
    • Click "Open Uninstall Manager "
    • Click "Save List" (generates uninstall_list.txt)
    • Click Save, copy and paste the results in your next post.

    Thanks
    Geri
     
    Geri,
    #6
  8. 2007/09/20
    calilsv

    calilsv Inactive Thread Starter

    Joined:
    2007/09/19
    Messages:
    12
    Likes Received:
    0
    Thanks for the quick responses.

    When I uploaded the file to that site, this is the message it gave me:

    The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

    here is the hijack this file you requested.

    Adaptec DirectCD
    Adaptec Easy CD Creator 4
    Adaptec UDF Reader
    Adobe Acrobat 4.0
    Adobe Download Manager 2.2 (Remove Only)
    Adobe Flash Player 9 ActiveX
    Adobe Photoshop Elements
    Adobe Reader 8.1.0
    Adobe SVG Viewer
    AOL Registration
    Artisan DVD/DivX Player
    AT&T Yahoo! Applications
    AutoCAD 2000
    AutoCAD 2000 Migration Assistance
    AVG 7.5
    AVG Anti-Spyware 7.5
    BackWeb
    BroadJump Client Foundation
    eHelp
    Google Photos Screensaver
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    HijackThis 2.0.2
    hp instant support
    HP Internet Center
    HP Memories Disc
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp psc 1200 series
    hp psc 1200 series
    hp psc 1200 series
    HP_WildTangent_Games
    Logitech MouseWare 9.76
    Microsoft LifeCam
    Microsoft Money 2001
    Microsoft Office Standard Edition 2003
    Microsoft Works 6.0
    Microsoft Works and Money 2001 Setup Launcher
    Mozilla Firefox (2.0.0.4)
    MSXML 6.0 Parser
    MusicMatch Jukebox
    My Photo Center
    Norton Security Scan
    One-touch Multimedia Keyboard
    Picasa 2
    QuickLink III
    Radio365 1.2
    RealPlayer
    Spybot - Search & Destroy 1.4
    URGE
    Windows Installer 3.1 (KB893803)
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format Runtime
    Windows XP Hotfix - KB823559
    Windows XP Hotfix - KB828741
    Windows XP Hotfix - KB833407
    Windows XP Hotfix - KB835732
    Windows XP Hotfix - KB842773
    Windows XP Hotfix (SP1) [See Q329048 for more information]
    Windows XP Hotfix (SP1) [See Q329390 for more information]
    Windows XP Hotfix (SP1) [See Q329441 for more information]
    Windows XP Hotfix (SP1) [See Q329834 for more information]
    Windows XP Hotfix (SP1) Q329170
    Windows XP Hotfix (SP1) Q810577
    Windows XP Hotfix (SP1) Q810833
    Windows XP Hotfix (SP1) Q815021
    Windows XP Hotfix (SP2) [See Q329115 for more information]
    Windows XP Uninstall
    Zango Browser and Wowpapers Tools
    ZoneAlarm
     
    calilsv,
    #7
  9. 2007/09/20
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi calilsv

    I see this "softwarereferral.com" This is a dangerous site. Site Advisor has it listed as bad. I would not download anything from there if you have visited it.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following

    Zango Browser and Wowpapers Tools

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Zango /fleok=1D8A83A5C5E2167E9CAC75760EA83FA5EF80752B9499 803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.341.0\HostIE.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.341.0\HostIE.dll (file missing)
    O4 - HKLM\..\Run: [gcylqcjo] C:\WINDOWS\System32\bqivcius.exe
    O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.341.0\OEAddOn.exe
    O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.0.341.0\ZangoSA.exe "

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    Reboot into safe mode.
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

    C:\Program Files\Zango

    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

    C:\WINDOWS\System32\bqivcius.exe

    After that, Reboot.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin

    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

    Please post a new HJT log.

    Thanks
    Geri
     
    Geri,
    #8
  10. 2007/09/21
    calilsv

    calilsv Inactive Thread Starter

    Joined:
    2007/09/19
    Messages:
    12
    Likes Received:
    0
    Geri, here's the new HJT log. It looks a lot better than when we first started.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:06:30 AM, on 9/21/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\YAHOO!\browser\ycommon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\COMMON\yiesrvc.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\System32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\COMMON\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O15 - Trusted Zone: *.att.net
    O15 - Trusted Zone: http://*.att.net
    O15 - Trusted Zone: *.sbcglobal.net
    O15 - Trusted Zone: http://*.sbcglobal.net
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\kmrn.dll (file missing)
    O22 - SharedTaskScheduler: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\kmrn.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

    --
    End of file - 6847 bytes


    Thanks
    Jason
     
    calilsv,
    #9
  11. 2007/09/21
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\kmrn.dll (file missing)
    O22 - SharedTaskScheduler: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\kmrn.dll (file missing)

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    Reboot and post a new HJT log.

    Thanks
    Geri
     
    Geri,
    #10

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...