View Full Version : Virtumonde - back on another computer
Any help would be greately appreciated. It has disabled Norton AV and I cannot do any system restore.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:50 PM, on 5/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\American Systems\Print Screen Deluxe\PrintScreenDeluxe.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 antivirsystem.com
O1 - Hosts: 94.232.248.66 www.antivirsystem.com
O2 - BHO: (no name) - {018C1171-3234-4371-A179-3EE4428F4BA0} - C:\WINDOWS\system32\dxqyuods.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: BHO - {BBD4551A-9B23-41cd-9BCD-818AA2DA7B63} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {EE9BD10F-F922-4522-8D23-F3BEF58622CB} - c:\windows\system32\eaglgdq.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Print Screen Deluxe] "C:\Program Files\American Systems\Print Screen Deluxe\PrintScreenDeluxe.exe" /m
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {163A949D-2A1F-4B4C-AE46-83D0F59BE189} (X4 Control) - http://67.116.64.98/XHD.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104379075846
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129606054218
O16 - DPF: {7EC687F9-9EFB-4FA3-A5BA-197C3461448A} (Rm Control) - http://67.116.64.98/RM.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: czavwzzq - C:\WINDOWS\SYSTEM32\eaglgdq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 12706 bytes
pskelley
2009-05-18, 01:12
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.
2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use
Download ComboFix from here:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
Thanks
Here is the first part of the Combofix log:
ComboFix 09-05-17.08 - Moseley 05/18/2009 12:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.177 [GMT -7:00]
Running from: c:\documents and settings\Moseley\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Moseley\LOCALS~1\Temp\tmp2.tmp
c:\program files\INSTALL.LOG
c:\recycler\NPROTECT\00496596.XML
c:\recycler\NPROTECT\00496597.XML
c:\recycler\NPROTECT\00496598.XML
c:\recycler\NPROTECT\00496599.XML
c:\recycler\NPROTECT\00496600.XML
c:\recycler\NPROTECT\00496601.XML
c:\recycler\NPROTECT\00496604.XML
c:\recycler\NPROTECT\00496605.XML
c:\recycler\NPROTECT\00496606.XML
c:\recycler\NPROTECT\00496607.XML
c:\recycler\NPROTECT\00496608.XML
c:\recycler\NPROTECT\00496609.edb
c:\recycler\NPROTECT\00496610.XML
c:\recycler\NPROTECT\00496611.XML
c:\recycler\NPROTECT\00496612.XML
c:\recycler\NPROTECT\00496613.XML
c:\recycler\NPROTECT\00496614.XML
c:\recycler\NPROTECT\00496615.XML
c:\recycler\NPROTECT\00496616.XML
c:\recycler\NPROTECT\00496617.XML
c:\recycler\NPROTECT\00496618.XML
c:\recycler\NPROTECT\00496619.XML
c:\recycler\NPROTECT\00496621.XML
c:\recycler\NPROTECT\00496622.XML
c:\recycler\NPROTECT\00496623.XML
c:\recycler\NPROTECT\00496624.XML
c:\recycler\NPROTECT\00496625.XML
c:\recycler\NPROTECT\00496626.XML
c:\recycler\NPROTECT\00496627.XML
c:\recycler\NPROTECT\00496628.XML
c:\recycler\NPROTECT\00496629.XML
c:\recycler\NPROTECT\00496630.TXT
c:\recycler\NPROTECT\00496631.XML
c:\recycler\NPROTECT\00496632.XML
c:\recycler\NPROTECT\00496633.XML
c:\recycler\NPROTECT\00496634.XML
c:\recycler\NPROTECT\00496635.XML
c:\recycler\NPROTECT\00496636.XML
c:\recycler\NPROTECT\00496638.XML
c:\recycler\NPROTECT\00496639.XML
c:\recycler\NPROTECT\00496640.XML
c:\recycler\NPROTECT\00496641.XML
c:\recycler\NPROTECT\00496642.XML
c:\recycler\NPROTECT\00496643.XML
c:\recycler\NPROTECT\00496644.XML
c:\recycler\NPROTECT\00496645.XML
c:\recycler\NPROTECT\00496646.XML
c:\recycler\NPROTECT\00496647.XML
c:\recycler\NPROTECT\00496648.XML
c:\recycler\NPROTECT\00496649.XML
c:\recycler\NPROTECT\00496650.XML
c:\recycler\NPROTECT\00496651.XML
c:\recycler\NPROTECT\00496652.XML
c:\recycler\NPROTECT\00496654.XML
c:\recycler\NPROTECT\00496655.XML
c:\recycler\NPROTECT\00496656.XML
c:\recycler\NPROTECT\00496657.XML
c:\recycler\NPROTECT\00496658.XML
c:\recycler\NPROTECT\00496660.XML
c:\recycler\NPROTECT\00496661.XML
c:\recycler\NPROTECT\00496662.XML
c:\recycler\NPROTECT\00496663.XML
c:\recycler\NPROTECT\00496664.XML
c:\recycler\NPROTECT\00496665.XML
c:\recycler\NPROTECT\00496666.XML
c:\recycler\NPROTECT\00496667.XML
c:\recycler\NPROTECT\00496668.XML
c:\recycler\NPROTECT\00496669.XML
c:\recycler\NPROTECT\00496671.XML
c:\recycler\NPROTECT\00496672.XML
c:\recycler\NPROTECT\00496673.XML
c:\recycler\NPROTECT\00496674.XML
c:\recycler\NPROTECT\00496675.XML
c:\recycler\NPROTECT\00496676.XML
c:\recycler\NPROTECT\00496677.XML
c:\recycler\NPROTECT\00496678.XML
c:\recycler\NPROTECT\00496679.XML
c:\recycler\NPROTECT\00496680.XML
c:\recycler\NPROTECT\00496681.XML
c:\recycler\NPROTECT\00496682.XML
c:\recycler\NPROTECT\00496683.XML
c:\recycler\NPROTECT\00496684.XML
c:\recycler\NPROTECT\00496685.XML
c:\recycler\NPROTECT\00496687.XML
c:\recycler\NPROTECT\00496690.XML
c:\recycler\NPROTECT\00496691.XML
c:\recycler\NPROTECT\00496719.XML
c:\recycler\NPROTECT\00496720
c:\recycler\NPROTECT\00496721
c:\recycler\NPROTECT\00496729.DAT
c:\recycler\NPROTECT\00496734
c:\recycler\NPROTECT\00496735.chm
c:\recycler\NPROTECT\00496739
c:\recycler\NPROTECT\00496762
c:\recycler\NPROTECT\00496765.cmd
c:\recycler\NPROTECT\00496768.TXT
c:\recycler\NPROTECT\00496769.TXT
c:\recycler\NPROTECT\00496770.TXT
c:\recycler\NPROTECT\00496771.TXT
c:\recycler\NPROTECT\00496772.TXT
c:\recycler\NPROTECT\00496773.zip
c:\recycler\NPROTECT\00496774.ZIP
c:\recycler\NPROTECT\00496775.HTM
c:\recycler\NPROTECT\00496776.TXT
c:\recycler\NPROTECT\00496777
c:\recycler\NPROTECT\00496783.cmd
c:\recycler\NPROTECT\00496785.txt
c:\recycler\NPROTECT\00496786.EXE
c:\recycler\NPROTECT\00496787.XML
c:\recycler\NPROTECT\00496791.XML
c:\recycler\NPROTECT\00496798.XML
c:\recycler\NPROTECT\00496824
c:\recycler\NPROTECT\00496825
c:\recycler\NPROTECT\00496829.DAT
c:\recycler\NPROTECT\00496830
c:\recycler\NPROTECT\00496831.chm
c:\recycler\NPROTECT\00496834
c:\recycler\NPROTECT\00496842.XML
c:\recycler\NPROTECT\00496845.dat
c:\recycler\NPROTECT\00496846.dat
c:\recycler\NPROTECT\00496847.bad
c:\recycler\NPROTECT\00496848.cmd
c:\recycler\NPROTECT\00496849.CFE
c:\recycler\NPROTECT\00496850.cmd
c:\recycler\NPROTECT\00496852.cmd
c:\recycler\NPROTECT\00496853.vbs
c:\recycler\NPROTECT\00496854.cmd
c:\recycler\NPROTECT\00496855.c
c:\recycler\NPROTECT\00496856.cmd
c:\recycler\NPROTECT\00496857.bat
c:\recycler\NPROTECT\00496858.dll
c:\recycler\NPROTECT\00496859.bat
c:\recycler\NPROTECT\00496860.CMD
c:\recycler\NPROTECT\00496861.CFE
c:\recycler\NPROTECT\00496863.CMD
c:\recycler\NPROTECT\00496865.c
c:\recycler\NPROTECT\00496866.SYS
c:\recycler\NPROTECT\00496867.BAT
c:\recycler\NPROTECT\00496868.CFE
c:\recycler\NPROTECT\00496869.cmd
c:\recycler\NPROTECT\00496870.dat
c:\recycler\NPROTECT\00496871.cmd
c:\recycler\NPROTECT\00496872.dat
c:\recycler\NPROTECT\00496873.cmd
c:\recycler\NPROTECT\00496874.CFE
c:\recycler\NPROTECT\00496875.sed
c:\recycler\NPROTECT\00496876.bat
c:\recycler\NPROTECT\00496877.str
c:\recycler\NPROTECT\00496878.CFE
c:\recycler\NPROTECT\00496879.sed
c:\recycler\NPROTECT\00496880.e_e
c:\recycler\NPROTECT\00496881.LOC
c:\recycler\NPROTECT\00496882.LOC
c:\recycler\NPROTECT\00496883.CFE
c:\recycler\NPROTECT\00496885.LOC
c:\recycler\NPROTECT\00496886.reg
c:\recycler\NPROTECT\00496887.CFE
c:\recycler\NPROTECT\00496888.cmd
c:\recycler\NPROTECT\00496889.dll
c:\recycler\NPROTECT\00496890.pif
c:\recycler\NPROTECT\00496891.dat
c:\recycler\NPROTECT\00496892.bat
c:\recycler\NPROTECT\00496893.CFE
c:\recycler\NPROTECT\00496894.bat
c:\recycler\NPROTECT\00496895.cmd
c:\recycler\NPROTECT\00496896
c:\recycler\NPROTECT\00496897
c:\recycler\NPROTECT\00496898.cmd
c:\recycler\NPROTECT\00496899.CFE
c:\recycler\NPROTECT\00496900.CFE
c:\recycler\NPROTECT\00496901.CFE
c:\recycler\NPROTECT\00496902.exe
c:\recycler\NPROTECT\00496903.bat
c:\recycler\NPROTECT\00496904.gif
c:\recycler\NPROTECT\00496905.CMD
c:\recycler\NPROTECT\00496906.cmd
c:\recycler\NPROTECT\00496907.cmd
c:\recycler\NPROTECT\00496909.bat
c:\recycler\NPROTECT\00496910.bat
c:\recycler\NPROTECT\00496911.bat
c:\recycler\NPROTECT\00496912.bat
c:\recycler\NPROTECT\00496913.bat
c:\recycler\NPROTECT\00496914.bat
c:\recycler\NPROTECT\00496915.vbs
c:\recycler\NPROTECT\00496916.DAT
c:\recycler\NPROTECT\00496919.pif
c:\recycler\NPROTECT\00496920.CFE
c:\recycler\NPROTECT\00496921.bat
c:\recycler\NPROTECT\00496922.CFE
c:\recycler\NPROTECT\00496923.com
c:\recycler\NPROTECT\00496924.DAT
c:\recycler\NPROTECT\00496925.bat
c:\recycler\NPROTECT\00496926.DAT
c:\recycler\NPROTECT\00496928.DAT
c:\recycler\NPROTECT\00496929.DAT
c:\recycler\NPROTECT\00496931.CFE
c:\recycler\NPROTECT\00496932.com
c:\recycler\NPROTECT\00496933.CFE
c:\recycler\NPROTECT\00496935.cmd
c:\recycler\NPROTECT\00496936.vbs
c:\recycler\NPROTECT\00496938.CFE
c:\recycler\NPROTECT\00496939.exe
c:\recycler\NPROTECT\00496940.dat
c:\recycler\NPROTECT\00496941.inf
c:\recycler\NPROTECT\00496942.dat
c:\recycler\NPROTECT\00496943.CFE
c:\recycler\NPROTECT\00496944.dat
c:\recycler\NPROTECT\00496945.sed
c:\recycler\NPROTECT\00496946.sed
c:\recycler\NPROTECT\00496947.dat
c:\recycler\NPROTECT\00496948.cmd
c:\recycler\NPROTECT\00496950.BAT
c:\recycler\NPROTECT\00496951.VBS
c:\recycler\NPROTECT\00496952.cmd
c:\recycler\NPROTECT\00496953.dat
c:\recycler\NPROTECT\00496954.sed
c:\recycler\NPROTECT\00496955.dat
c:\recycler\NPROTECT\00496956.DAT
c:\recycler\NPROTECT\00496957.DAT
c:\recycler\NPROTECT\00496958.BAT
c:\recycler\NPROTECT\00496959.CFE
c:\recycler\NPROTECT\00496960.bat
c:\recycler\NPROTECT\00496961.CFE
c:\recycler\NPROTECT\00496962.exe
c:\recycler\NPROTECT\00496964.cmd
c:\recycler\NPROTECT\00496965.cmd
c:\recycler\NPROTECT\00496966.md5
c:\recycler\NPROTECT\00496967.cmd
c:\recycler\NPROTECT\00496968.vbs
c:\recycler\NPROTECT\00496969.dat
c:\recycler\NPROTECT\00496970.DAT
c:\recycler\NPROTECT\00496971.dat
c:\recycler\NPROTECT\00496972.CFE
c:\recycler\NPROTECT\00496973.exe
c:\recycler\NPROTECT\00496974.CFE
c:\recycler\NPROTECT\00496975.CFE
c:\recycler\NPROTECT\00496976.DAT
c:\recycler\NPROTECT\00496977.CFE
c:\recycler\NPROTECT\00496978.sed
c:\recycler\NPROTECT\00496979.CFE
c:\recycler\NPROTECT\00496980.CMD
c:\recycler\NPROTECT\00496981.dat
c:\recycler\NPROTECT\00496982.dat
c:\recycler\NPROTECT\00496983.vbs
c:\recycler\NPROTECT\00496984.dat
c:\recycler\NPROTECT\00496985.dat
c:\recycler\NPROTECT\00496986.dat
c:\recycler\NPROTECT\00496987.CFE
c:\recycler\NPROTECT\00496989
c:\recycler\NPROTECT\00496990
c:\recycler\NPROTECT\00496998.cmd
c:\recycler\NPROTECT\00497001.TXT
c:\recycler\NPROTECT\00497002.TXT
c:\recycler\NPROTECT\00497003.TXT
c:\recycler\NPROTECT\00497004.TXT
c:\recycler\NPROTECT\00497005.TXT
c:\recycler\NPROTECT\00497006.zip
c:\recycler\NPROTECT\00497007.ZIP
c:\recycler\NPROTECT\00497008.HTM
c:\recycler\NPROTECT\00497009.TXT
c:\recycler\NPROTECT\00497011
c:\recycler\NPROTECT\00497014
c:\recycler\NPROTECT\00497015
c:\recycler\NPROTECT\00497017.cmd
c:\recycler\NPROTECT\00497019.txt
c:\recycler\NPROTECT\00497020.EXE
c:\recycler\NPROTECT\00497023.XML
c:\recycler\NPROTECT\00497025.XML
c:\recycler\NPROTECT\00497028.XML
c:\recycler\NPROTECT\00497031.edb
c:\recycler\NPROTECT\00497034.XML
c:\recycler\NPROTECT\00497061.cab
c:\recycler\NPROTECT\00497067.XML
c:\recycler\NPROTECT\00497070.JOB
c:\recycler\NPROTECT\00497071.XML
c:\recycler\NPROTECT\00497072.XML
c:\recycler\NPROTECT\00497097
c:\recycler\NPROTECT\00497098
c:\recycler\NPROTECT\00497102.DAT
c:\recycler\NPROTECT\00497103
c:\recycler\NPROTECT\00497104.chm
c:\recycler\NPROTECT\00497107
c:\recycler\NPROTECT\00497112.edb
c:\recycler\NPROTECT\00497119.dat
c:\recycler\NPROTECT\00497120.dat
c:\recycler\NPROTECT\00497121.bad
c:\recycler\NPROTECT\00497122.cmd
c:\recycler\NPROTECT\00497123.CFE
c:\recycler\NPROTECT\00497124.cmd
c:\recycler\NPROTECT\00497125.cmd
c:\recycler\NPROTECT\00497126.vbs
c:\recycler\NPROTECT\00497127.cmd
c:\recycler\NPROTECT\00497128.c
c:\recycler\NPROTECT\00497129.cmd
c:\recycler\NPROTECT\00497130.bat
c:\recycler\NPROTECT\00497131.dll
c:\recycler\NPROTECT\00497132.bat
c:\recycler\NPROTECT\00497133.CMD
c:\recycler\NPROTECT\00497134.CFE
c:\recycler\NPROTECT\00497136.CMD
c:\recycler\NPROTECT\00497138.c
c:\recycler\NPROTECT\00497139.SYS
c:\recycler\NPROTECT\00497140.BAT
c:\recycler\NPROTECT\00497141.CFE
c:\recycler\NPROTECT\00497142.cmd
c:\recycler\NPROTECT\00497143.dat
c:\recycler\NPROTECT\00497144.cmd
c:\recycler\NPROTECT\00497145.dat
c:\recycler\NPROTECT\00497146.cmd
c:\recycler\NPROTECT\00497147.CFE
c:\recycler\NPROTECT\00497148.sed
c:\recycler\NPROTECT\00497149.bat
c:\recycler\NPROTECT\00497150.str
c:\recycler\NPROTECT\00497151.CFE
c:\recycler\NPROTECT\00497152.sed
c:\recycler\NPROTECT\00497153.e_e
c:\recycler\NPROTECT\00497154.LOC
c:\recycler\NPROTECT\00497155.LOC
c:\recycler\NPROTECT\00497156.CFE
c:\recycler\NPROTECT\00497158.LOC
c:\recycler\NPROTECT\00497159.reg
c:\recycler\NPROTECT\00497160.CFE
c:\recycler\NPROTECT\00497161.cmd
c:\recycler\NPROTECT\00497162.dll
c:\recycler\NPROTECT\00497163.pif
c:\recycler\NPROTECT\00497164.dat
c:\recycler\NPROTECT\00497165.bat
c:\recycler\NPROTECT\00497166.CFE
c:\recycler\NPROTECT\00497167.bat
c:\recycler\NPROTECT\00497168.cmd
c:\recycler\NPROTECT\00497169
c:\recycler\NPROTECT\00497170
c:\recycler\NPROTECT\00497171.cmd
c:\recycler\NPROTECT\00497172.CFE
c:\recycler\NPROTECT\00497173.CFE
c:\recycler\NPROTECT\00497174.CFE
c:\recycler\NPROTECT\00497175.exe
c:\recycler\NPROTECT\00497176.bat
c:\recycler\NPROTECT\00497177.gif
c:\recycler\NPROTECT\00497178.CMD
c:\recycler\NPROTECT\00497179.cmd
c:\recycler\NPROTECT\00497180.cmd
c:\recycler\NPROTECT\00497182.bat
c:\recycler\NPROTECT\00497183.bat
c:\recycler\NPROTECT\00497184.bat
c:\recycler\NPROTECT\00497185.bat
c:\recycler\NPROTECT\00497186.bat
c:\recycler\NPROTECT\00497187.bat
c:\recycler\NPROTECT\00497188.vbs
c:\recycler\NPROTECT\00497189.DAT
c:\recycler\NPROTECT\00497192.pif
c:\recycler\NPROTECT\00497193.CFE
c:\recycler\NPROTECT\00497194.bat
c:\recycler\NPROTECT\00497195.CFE
c:\recycler\NPROTECT\00497196.com
c:\recycler\NPROTECT\00497197.DAT
c:\recycler\NPROTECT\00497198.bat
c:\recycler\NPROTECT\00497199.DAT
c:\recycler\NPROTECT\00497201.DAT
c:\recycler\NPROTECT\00497202.DAT
c:\recycler\NPROTECT\00497204.CFE
c:\recycler\NPROTECT\00497205.com
c:\recycler\NPROTECT\00497206.CFE
c:\recycler\NPROTECT\00497208.cmd
c:\recycler\NPROTECT\00497209.vbs
c:\recycler\NPROTECT\00497211.CFE
c:\recycler\NPROTECT\00497212.exe
c:\recycler\NPROTECT\00497213.dat
c:\recycler\NPROTECT\00497214.inf
c:\recycler\NPROTECT\00497215.dat
c:\recycler\NPROTECT\00497216.CFE
c:\recycler\NPROTECT\00497217.dat
c:\recycler\NPROTECT\00497218.sed
c:\recycler\NPROTECT\00497219.sed
c:\recycler\NPROTECT\00497220.dat
c:\recycler\NPROTECT\00497221.cmd
c:\recycler\NPROTECT\00497223.BAT
c:\recycler\NPROTECT\00497224.VBS
c:\recycler\NPROTECT\00497225.cmd
c:\recycler\NPROTECT\00497226.dat
c:\recycler\NPROTECT\00497227.sed
c:\recycler\NPROTECT\00497228.dat
c:\recycler\NPROTECT\00497229.DAT
c:\recycler\NPROTECT\00497230.DAT
c:\recycler\NPROTECT\00497231.BAT
c:\recycler\NPROTECT\00497232.CFE
c:\recycler\NPROTECT\00497233.bat
c:\recycler\NPROTECT\00497234.CFE
c:\recycler\NPROTECT\00497235.exe
c:\recycler\NPROTECT\00497237.cmd
c:\recycler\NPROTECT\00497238.cmd
c:\recycler\NPROTECT\00497239.md5
c:\recycler\NPROTECT\00497240.cmd
c:\recycler\NPROTECT\00497241.vbs
c:\recycler\NPROTECT\00497242.dat
c:\recycler\NPROTECT\00497243.DAT
c:\recycler\NPROTECT\00497244.dat
c:\recycler\NPROTECT\00497245.CFE
c:\recycler\NPROTECT\00497246.exe
c:\recycler\NPROTECT\00497247.CFE
c:\recycler\NPROTECT\00497248.CFE
c:\recycler\NPROTECT\00497249.DAT
c:\recycler\NPROTECT\00497250.CFE
c:\recycler\NPROTECT\00497251.sed
c:\recycler\NPROTECT\00497252.CFE
c:\recycler\NPROTECT\00497253.CMD
c:\recycler\NPROTECT\00497254.dat
c:\recycler\NPROTECT\00497255.dat
c:\recycler\NPROTECT\00497256.vbs
c:\recycler\NPROTECT\00497257.dat
c:\recycler\NPROTECT\00497258.dat
c:\recycler\NPROTECT\00497259.dat
c:\recycler\NPROTECT\00497260.CFE
c:\recycler\NPROTECT\00497262
c:\recycler\NPROTECT\00497263
c:\recycler\NPROTECT\00497271.cmd
c:\recycler\NPROTECT\00497273.TXT
c:\recycler\NPROTECT\00497274.TXT
c:\recycler\NPROTECT\00497275.TXT
c:\recycler\NPROTECT\00497276.TXT
c:\recycler\NPROTECT\00497277.TXT
c:\recycler\NPROTECT\00497278.zip
c:\recycler\NPROTECT\00497279.ZIP
c:\recycler\NPROTECT\00497280.HTM
c:\recycler\NPROTECT\00497281.TXT
c:\recycler\NPROTECT\00497283
c:\recycler\NPROTECT\00497285
c:\recycler\NPROTECT\00497288
c:\recycler\NPROTECT\00497289.cmd
c:\recycler\NPROTECT\00497291.txt
c:\recycler\NPROTECT\00497292.EXE
c:\recycler\NPROTECT\00497295.XML
c:\recycler\NPROTECT\00497299.XML
c:\recycler\NPROTECT\00497304.XML
c:\recycler\NPROTECT\00497307.XML
c:\recycler\NPROTECT\00497309.XML
c:\recycler\NPROTECT\00497310.LNK
c:\recycler\NPROTECT\00497311.LNK
c:\recycler\NPROTECT\00497312.LNK
c:\recycler\NPROTECT\00497313.LNK
c:\recycler\NPROTECT\00497314.LNK
c:\recycler\NPROTECT\00497315.XML
c:\recycler\NPROTECT\00497316.loc
c:\recycler\NPROTECT\00497317.KC
c:\recycler\NPROTECT\00497319.dll
c:\recycler\NPROTECT\00497320.DAT
c:\recycler\NPROTECT\00497321.DLL
c:\recycler\NPROTECT\00497322.VXD
c:\recycler\NPROTECT\00497323.DLL
c:\recycler\NPROTECT\00497324.SYS
c:\recycler\NPROTECT\00497325.GRD
c:\recycler\NPROTECT\00497326.SIG
c:\recycler\NPROTECT\00497327.SPM
c:\recycler\NPROTECT\00497328.SYS
c:\recycler\NPROTECT\00497329.BIN
c:\recycler\NPROTECT\00497330
c:\recycler\NPROTECT\00497331.EXP
c:\recycler\NPROTECT\00497332.SYS
c:\recycler\NPROTECT\00497333.VXD
c:\recycler\NPROTECT\00497334.DLL
c:\recycler\NPROTECT\00497335.EXP
c:\recycler\NPROTECT\00497336.SYS
c:\recycler\NPROTECT\00497337.VXD
c:\recycler\NPROTECT\00497338.DLL
c:\recycler\NPROTECT\00497339.TXT
c:\recycler\NPROTECT\00497340.DAT
c:\recycler\NPROTECT\00497341.CAT
c:\recycler\NPROTECT\00497342.INF
c:\recycler\NPROTECT\00497343.CAT
c:\recycler\NPROTECT\00497344.INF
c:\recycler\NPROTECT\00497345.DAT
c:\recycler\NPROTECT\00497346.DAT
c:\recycler\NPROTECT\00497347.DAT
c:\recycler\NPROTECT\00497348.DAT
c:\recycler\NPROTECT\00497349.TXT
c:\recycler\NPROTECT\00497350.DAT
c:\recycler\NPROTECT\00497352.DAT
c:\recycler\NPROTECT\00497353.DAT
c:\recycler\NPROTECT\00497354.DAT
c:\recycler\NPROTECT\00497355.GRD
c:\recycler\NPROTECT\00497356.SIG
c:\recycler\NPROTECT\00497357.INF
c:\recycler\NPROTECT\00497358.DAT
c:\recycler\NPROTECT\00497359.DAT
c:\recycler\NPROTECT\00497360.DAT
c:\recycler\NPROTECT\00497361.DAT
c:\recycler\NPROTECT\00497362.DAT
c:\recycler\NPROTECT\00497363.DAT
c:\recycler\NPROTECT\00497364.DAT
c:\recycler\NPROTECT\00497365.DAT
c:\recycler\NPROTECT\00497366.DAT
c:\recycler\NPROTECT\00497368.dat
c:\recycler\NPROTECT\00497369.TXT
c:\recycler\NPROTECT\00497370.DAT
c:\recycler\NPROTECT\00497371.rbf
c:\recycler\NPROTECT\00497372.rbf
c:\recycler\NPROTECT\00497373.rbf
c:\recycler\NPROTECT\00497374.rbf
c:\recycler\NPROTECT\00497375.rbf
c:\recycler\NPROTECT\00497376.rbf
c:\recycler\NPROTECT\00497377.rbf
c:\recycler\NPROTECT\00497378.rbf
c:\recycler\NPROTECT\00497379.rbf
c:\recycler\NPROTECT\00497380.rbf
c:\recycler\NPROTECT\00497381.rbf
c:\recycler\NPROTECT\00497382.rbf
c:\recycler\NPROTECT\00497383.rbf
c:\recycler\NPROTECT\00497384.rbf
c:\recycler\NPROTECT\00497385.rbf
c:\recycler\NPROTECT\00497386.rbf
c:\recycler\NPROTECT\00497387.rbf
c:\recycler\NPROTECT\00497388.rbf
c:\recycler\NPROTECT\00497389.rbf
c:\recycler\NPROTECT\00497390.rbf
c:\recycler\NPROTECT\00497391.rbf
c:\recycler\NPROTECT\00497392.rbs
c:\recycler\NPROTECT\00497393.ipi
c:\recycler\NPROTECT\00497394.msi
c:\recycler\NPROTECT\00497395.rbf
c:\recycler\NPROTECT\00497396.rbf
c:\recycler\NPROTECT\00497397.rbf
c:\recycler\NPROTECT\00497398.rbf
c:\recycler\NPROTECT\00497400.rbf
c:\recycler\NPROTECT\00497401.rbf
c:\recycler\NPROTECT\00497402.rbf
c:\recycler\NPROTECT\00497403.rbf
c:\recycler\NPROTECT\00497404.rbf
c:\recycler\NPROTECT\00497405.rbf
c:\recycler\NPROTECT\00497406.rbf
c:\recycler\NPROTECT\00497407.rbf
c:\recycler\NPROTECT\00497408.rbf
c:\recycler\NPROTECT\00497409.rbf
c:\recycler\NPROTECT\00497410.rbf
c:\recycler\NPROTECT\00497411.rbf
c:\recycler\NPROTECT\00497412.rbf
c:\recycler\NPROTECT\00497413.rbf
c:\recycler\NPROTECT\00497414.rbf
c:\recycler\NPROTECT\00497415.rbf
c:\recycler\NPROTECT\00497416.rbf
c:\recycler\NPROTECT\00497417.rbf
c:\recycler\NPROTECT\00497418.rbf
c:\recycler\NPROTECT\00497419.rbf
c:\recycler\NPROTECT\00497420.rbf
c:\recycler\NPROTECT\00497421.rbf
c:\recycler\NPROTECT\00497422.rbf
c:\recycler\NPROTECT\00497423.rbf
c:\recycler\NPROTECT\00497424.rbf
c:\recycler\NPROTECT\00497425.rbf
c:\recycler\NPROTECT\00497426.rbf
c:\recycler\NPROTECT\00497427.rbf
c:\recycler\NPROTECT\00497428.rbf
c:\recycler\NPROTECT\00497429.rbf
c:\recycler\NPROTECT\00497430.rbf
c:\recycler\NPROTECT\00497431.rbf
c:\recycler\NPROTECT\00497432.rbf
c:\recycler\NPROTECT\00497433.rbf
c:\recycler\NPROTECT\00497434.rbf
c:\recycler\NPROTECT\00497435.rbf
c:\recycler\NPROTECT\00497436.rbf
c:\recycler\NPROTECT\00497437.rbf
c:\recycler\NPROTECT\00497438.rbf
c:\recycler\NPROTECT\00497439.rbf
c:\recycler\NPROTECT\00497440.rbf
c:\recycler\NPROTECT\00497441.rbf
c:\recycler\NPROTECT\00497442.rbf
c:\recycler\NPROTECT\00497443.rbf
c:\recycler\NPROTECT\00497444.rbf
c:\recycler\NPROTECT\00497445.rbf
c:\recycler\NPROTECT\00497446.rbf
c:\recycler\NPROTECT\00497447.rbf
c:\recycler\NPROTECT\00497448.rbf
c:\recycler\NPROTECT\00497449.rbf
c:\recycler\NPROTECT\00497450.rbf
c:\recycler\NPROTECT\00497451.rbf
c:\recycler\NPROTECT\00497452.rbf
c:\recycler\NPROTECT\00497453.rbf
c:\recycler\NPROTECT\00497454.rbf
c:\recycler\NPROTECT\00497455.rbf
c:\recycler\NPROTECT\00497456.rbf
c:\recycler\NPROTECT\00497457.rbf
c:\recycler\NPROTECT\00497458.rbf
c:\recycler\NPROTECT\00497459.rbf
c:\recycler\NPROTECT\00497460.rbf
c:\recycler\NPROTECT\00497461.rbf
c:\recycler\NPROTECT\00497462.rbf
c:\recycler\NPROTECT\00497463.rbf
c:\recycler\NPROTECT\00497464.rbf
c:\recycler\NPROTECT\00497465.rbf
c:\recycler\NPROTECT\00497466.rbf
c:\recycler\NPROTECT\00497467.rbf
c:\recycler\NPROTECT\00497468.rbf
c:\recycler\NPROTECT\00497469.rbf
c:\recycler\NPROTECT\00497470.rbf
c:\recycler\NPROTECT\00497471.rbf
c:\recycler\NPROTECT\00497472.rbf
c:\recycler\NPROTECT\00497473.rbf
c:\recycler\NPROTECT\00497474.rbf
c:\recycler\NPROTECT\00497475.rbf
c:\recycler\NPROTECT\00497476.rbf
c:\recycler\NPROTECT\00497477.rbs
c:\recycler\NPROTECT\00497478.ipi
c:\recycler\NPROTECT\00497479.msi
c:\recycler\NPROTECT\00497480.JOB
c:\recycler\NPROTECT\00497481.log
c:\recycler\NPROTECT\00497482.log
c:\recycler\NPROTECT\00497483.log
c:\recycler\NPROTECT\00497484.dll
c:\recycler\NPROTECT\00497485.XML
c:\recycler\NPROTECT\00497486.wlt
c:\recycler\NPROTECT\00497487.sig
c:\recycler\NPROTECT\00497488.grd
c:\recycler\NPROTECT\00497489.XML
c:\recycler\NPROTECT\00497490.DAT
c:\recycler\NPROTECT\00497491.dll
c:\recycler\NPROTECT\00497492.cat
c:\recycler\NPROTECT\00497493.INF
c:\recycler\NPROTECT\00497494.sys
c:\recycler\NPROTECT\00497495.cat
c:\recycler\NPROTECT\00497496.INF
c:\recycler\NPROTECT\00497497.sys
c:\recycler\NPROTECT\00497498.dll
c:\recycler\NPROTECT\00497499.dat
c:\recycler\NPROTECT\00497500.dat
c:\recycler\NPROTECT\00497501.dll
c:\recycler\NPROTECT\00497502.dat
c:\recycler\NPROTECT\00497503.sys
c:\recycler\NPROTECT\00497504.vxd
c:\recycler\NPROTECT\00497505.grd
c:\recycler\NPROTECT\00497506.sig
c:\recycler\NPROTECT\00497508.dat
c:\recycler\NPROTECT\00497509.DAT
c:\recycler\NPROTECT\00497510.dll
c:\recycler\NPROTECT\00497511.cat
c:\recycler\NPROTECT\00497512.INF
c:\recycler\NPROTECT\00497513.sys
c:\recycler\NPROTECT\00497514.cat
c:\recycler\NPROTECT\00497515.INF
c:\recycler\NPROTECT\00497516.sys
c:\recycler\NPROTECT\00497517.dll
c:\recycler\NPROTECT\00497518.dat
c:\recycler\NPROTECT\00497519.dat
c:\recycler\NPROTECT\00497520.dll
c:\recycler\NPROTECT\00497521.dat
c:\recycler\NPROTECT\00497522.sys
c:\recycler\NPROTECT\00497523.vxd
c:\recycler\NPROTECT\00497524.dll
c:\recycler\NPROTECT\00497525.grd
c:\recycler\NPROTECT\00497526.sig
c:\recycler\NPROTECT\00497528.dat
c:\recycler\NPROTECT\00497530.dat
c:\recycler\NPROTECT\00497531.dll
c:\recycler\NPROTECT\00497532.CAT
c:\recycler\NPROTECT\00497533.INF
c:\recycler\NPROTECT\00497534.sys
c:\recycler\NPROTECT\00497535.CAT
c:\recycler\NPROTECT\00497536.INF
c:\recycler\NPROTECT\00497537.sys
c:\recycler\NPROTECT\00497538.dll
c:\recycler\NPROTECT\00497539.dat
c:\recycler\NPROTECT\00497540.dat
c:\recycler\NPROTECT\00497541.dll
c:\recycler\NPROTECT\00497542.dat
c:\recycler\NPROTECT\00497543.sys
c:\recycler\NPROTECT\00497544.vxd
c:\recycler\NPROTECT\00497545.dll
c:\recycler\NPROTECT\00497546.grd
c:\recycler\NPROTECT\00497547.sig
c:\recycler\NPROTECT\00497549.dat
c:\recycler\NPROTECT\00497551.SPM
c:\recycler\NPROTECT\00497552.GRD
c:\recycler\NPROTECT\00497553.SIG
c:\recycler\NPROTECT\00497554.dll
c:\recycler\NPROTECT\00497555.dll
c:\recycler\NPROTECT\00497556.dll
c:\recycler\NPROTECT\00497557.dll
c:\recycler\NPROTECT\00497558.dll
c:\recycler\NPROTECT\00497559.dat
c:\recycler\NPROTECT\00497560.MUI
c:\recycler\NPROTECT\00497561.edb
c:\recycler\NPROTECT\00497562.cat
c:\recycler\NPROTECT\00497563.def
c:\recycler\NPROTECT\00497564.txt
c:\recycler\NPROTECT\00497565.Loc
c:\recycler\NPROTECT\00497566.loc
c:\recycler\NPROTECT\00497567.Loc
c:\recycler\NPROTECT\00497568.loc
c:\recycler\NPROTECT\00497569.loc
c:\recycler\NPROTECT\00497570.loc
c:\recycler\NPROTECT\00497571.loc
c:\recycler\NPROTECT\00497572.loc
c:\recycler\NPROTECT\00497573.Loc
c:\recycler\NPROTECT\00497574.Loc
c:\recycler\NPROTECT\00497575.loc
c:\recycler\NPROTECT\00497576.Loc
c:\recycler\NPROTECT\00497577.Loc
c:\recycler\NPROTECT\00497578.loc
c:\recycler\NPROTECT\00497579.loc
c:\recycler\NPROTECT\00497580.dll
c:\recycler\NPROTECT\00497582.dll
c:\recycler\NPROTECT\00497583.spm
c:\recycler\NPROTECT\00497584.grd
c:\recycler\NPROTECT\00497585.sig
c:\recycler\NPROTECT\00497586.sig
c:\recycler\NPROTECT\00497587.exe
c:\recycler\NPROTECT\00497588.grd
c:\recycler\NPROTECT\00497589.spm
c:\recycler\NPROTECT\00497590.sig
c:\recycler\NPROTECT\00497591.spm
c:\recycler\NPROTECT\00497592.loc
c:\recycler\NPROTECT\00497594.dll
c:\recycler\NPROTECT\00497595.exe
c:\recycler\NPROTECT\00497596.grd
c:\recycler\NPROTECT\00497597.reg
c:\recycler\NPROTECT\00497598.inf
c:\recycler\NPROTECT\00497599.sys
c:\recycler\NPROTECT\00497600.reg
c:\recycler\NPROTECT\00497601.exe
c:\recycler\NPROTECT\00497602.grd
c:\recycler\NPROTECT\00497603.sig
c:\recycler\NPROTECT\00497604.sig
c:\recycler\NPROTECT\00497605.grd
c:\recycler\NPROTECT\00497606.sig
c:\recycler\NPROTECT\00497607.spm
c:\recycler\NPROTECT\00497608.sig
c:\recycler\NPROTECT\00497609.grd
c:\recycler\NPROTECT\00497610.spm
c:\recycler\NPROTECT\00497611.dll
c:\recycler\NPROTECT\00497612.grd
c:\recycler\NPROTECT\00497613.spm
c:\recycler\NPROTECT\00497614.dat
c:\recycler\NPROTECT\00497615.spm
c:\recycler\NPROTECT\00497616.loc
c:\recycler\NPROTECT\00497617.htm
c:\recycler\NPROTECT\00497618.dll
c:\recycler\NPROTECT\00497619.dll
c:\recycler\NPROTECT\00497620.dll
c:\recycler\NPROTECT\00497621.dll
c:\recycler\NPROTECT\00497622.dll
c:\recycler\NPROTECT\00497623.exe
c:\recycler\NPROTECT\00497624.dll
c:\recycler\NPROTECT\00497625.dll
c:\recycler\NPROTECT\00497626.dll
c:\recycler\NPROTECT\00497627.exe
c:\recycler\NPROTECT\00497628.dll
c:\recycler\NPROTECT\00497629.spm
c:\recycler\NPROTECT\00497630.sig
c:\recycler\NPROTECT\00497631.grd
c:\recycler\NPROTECT\00497632.dll
c:\recycler\NPROTECT\00497633.dll
c:\recycler\NPROTECT\00497634.dll
c:\recycler\NPROTECT\00497635.dll
c:\recycler\NPROTECT\00497636.dll
c:\recycler\NPROTECT\00497637.dll
c:\recycler\NPROTECT\00497638.dll
c:\recycler\NPROTECT\00497639.grd
c:\recycler\NPROTECT\00497640.spm
c:\recycler\NPROTECT\00497641.exe
c:\recycler\NPROTECT\00497642.sig
c:\recycler\NPROTECT\00497643.dll
c:\recycler\NPROTECT\00497644.spm
c:\recycler\NPROTECT\00497645.dll
c:\recycler\NPROTECT\00497646.sig
c:\recycler\NPROTECT\00497647.grd
c:\recycler\NPROTECT\00497648.grd
c:\recycler\NPROTECT\00497649.spm
c:\recycler\NPROTECT\00497650.dll
c:\recycler\NPROTECT\00497651.sig
c:\recycler\NPROTECT\00497652.spm
c:\recycler\NPROTECT\00497653.sig
c:\recycler\NPROTECT\00497654.grd
c:\recycler\NPROTECT\00497655.loc
c:\recycler\NPROTECT\00497656.dll
c:\recycler\NPROTECT\00497657.spm
c:\recycler\NPROTECT\00497658.grd
c:\recycler\NPROTECT\00497659.sig
c:\recycler\NPROTECT\00497660.grd
c:\recycler\NPROTECT\00497661.spm
c:\recycler\NPROTECT\00497662.sig
c:\recycler\NPROTECT\00497663.exe
c:\recycler\NPROTECT\00497664.dll
c:\recycler\NPROTECT\00497665.dll
c:\recycler\NPROTECT\00497666.dll
c:\recycler\NPROTECT\00497667.dll
c:\recycler\NPROTECT\00497668.dll
c:\recycler\NPROTECT\00497669.dll
c:\recycler\NPROTECT\00497670.grd
c:\recycler\NPROTECT\00497671.spm
c:\recycler\NPROTECT\00497672.sig
c:\recycler\NPROTECT\00497673.loc
c:\recycler\NPROTECT\00497674.dll
c:\recycler\NPROTECT\00497675.dll
c:\recycler\NPROTECT\00497676.grd
c:\recycler\NPROTECT\00497677.spm
c:\recycler\NPROTECT\00497678.sig
c:\recycler\NPROTECT\00497679.sys
c:\recycler\NPROTECT\00497680.INF
c:\recycler\NPROTECT\00497681.spm
c:\recycler\NPROTECT\00497682.dll
c:\recycler\NPROTECT\00497683.vxd
c:\recycler\NPROTECT\00497684.grd
c:\recycler\NPROTECT\00497685.dat
c:\recycler\NPROTECT\00497687.dat
c:\recycler\NPROTECT\00497688.sig
c:\recycler\NPROTECT\00497689.DAT
c:\recycler\NPROTECT\00497690.sig
c:\recycler\NPROTECT\00497691.grd
c:\recycler\NPROTECT\00497692.dat
c:\recycler\NPROTECT\00497693.sys
c:\recycler\NPROTECT\00497694.sys
c:\recycler\NPROTECT\00497695.INF
c:\recycler\NPROTECT\00497696.cat
c:\recycler\NPROTECT\00497697.cat
c:\recycler\NPROTECT\00497698.dll
c:\recycler\NPROTECT\00497699.dll
c:\recycler\NPROTECT\00497700.dat
c:\recycler\NPROTECT\00497701.dll
c:\recycler\NPROTECT\00497702.grd
c:\recycler\NPROTECT\00497703.spm
c:\recycler\NPROTECT\00497704.sig
c:\recycler\NPROTECT\00497705.dll
c:\recycler\NPROTECT\00497706.dll
c:\recycler\NPROTECT\00497707.dll
c:\recycler\NPROTECT\00497708.dll
c:\recycler\NPROTECT\00497709.loc
c:\recycler\NPROTECT\00497711.dll
c:\recycler\NPROTECT\00497712.dll
c:\recycler\NPROTECT\00497713.dll
c:\recycler\NPROTECT\00497714.dll
c:\recycler\NPROTECT\00497715.dll
c:\recycler\NPROTECT\00497716.exe
c:\recycler\NPROTECT\00497717.dll
c:\recycler\NPROTECT\00497718.dll
c:\recycler\NPROTECT\00497719.dll
c:\recycler\NPROTECT\00497720.dll
c:\recycler\NPROTECT\00497721.dll
c:\recycler\NPROTECT\00497723.loc
c:\recycler\NPROTECT\00497724.grd
c:\recycler\NPROTECT\00497725.spm
c:\recycler\NPROTECT\00497726.sig
c:\recycler\NPROTECT\00497727.dll
c:\recycler\NPROTECT\00497728.xml
c:\recycler\NPROTECT\00497729.bin
c:\recycler\NPROTECT\00497730.dll
c:\recycler\NPROTECT\00497731.dll
c:\recycler\NPROTECT\00497732.dll
c:\recycler\NPROTECT\00497733.dll
c:\recycler\NPROTECT\00497734.dll
c:\recycler\NPROTECT\00497735.dll
c:\recycler\NPROTECT\00497736.dll
c:\recycler\NPROTECT\00497737.dll
c:\recycler\NPROTECT\00497738.exe
c:\recycler\NPROTECT\00497739.dll
c:\recycler\NPROTECT\00497740.ini
c:\recycler\NPROTECT\00497741.dll
c:\recycler\NPROTECT\00497742.dll
c:\recycler\NPROTECT\00497743.grd
c:\recycler\NPROTECT\00497744.sig
c:\recycler\NPROTECT\00497745.spm
c:\recycler\NPROTECT\00497746.scd
c:\recycler\NPROTECT\00497747.MAN
c:\recycler\NPROTECT\00497748.exe
c:\recycler\NPROTECT\00497749.dll
c:\recycler\NPROTECT\00497750.spm
c:\recycler\NPROTECT\00497751.scd
c:\recycler\NPROTECT\00497752.grd
c:\recycler\NPROTECT\00497753.sig
c:\recycler\NPROTECT\00497754.exe
c:\recycler\NPROTECT\00497755.dll
c:\recycler\NPROTECT\00497756.loc
c:\recycler\NPROTECT\00497757.loc
c:\recycler\NPROTECT\00497758.exe
c:\recycler\NPROTECT\00497759.dll
c:\recycler\NPROTECT\00497760.sig
c:\recycler\NPROTECT\00497761.spm
c:\recycler\NPROTECT\00497762.grd
c:\recycler\NPROTECT\00497763.dll
c:\recycler\NPROTECT\00497764.dll
c:\recycler\NPROTECT\00497765.dll
c:\recycler\NPROTECT\00497766.dll
c:\recycler\NPROTECT\00497767.dll
c:\recycler\NPROTECT\00497768.dll
c:\recycler\NPROTECT\00497769.dll
c:\recycler\NPROTECT\00497770.dll
c:\recycler\NPROTECT\00497771.dll
c:\recycler\NPROTECT\00497772.dll
c:\recycler\NPROTECT\00497773.exe
c:\recycler\NPROTECT\00497774.dll
c:\recycler\NPROTECT\00497775.dll
c:\recycler\NPROTECT\00497776.grd
c:\recycler\NPROTECT\00497777.loc
c:\recycler\NPROTECT\00497778.sig
c:\recycler\NPROTECT\00497779.spm
c:\recycler\NPROTECT\00497780.loc
c:\recycler\NPROTECT\00497781.exe
c:\recycler\NPROTECT\00497783.dll
c:\recycler\NPROTECT\00497784.grd
c:\recycler\NPROTECT\00497785.spm
c:\recycler\NPROTECT\00497786.sig
c:\recycler\NPROTECT\00497787.dll
c:\recycler\NPROTECT\00497788.dll
c:\recycler\NPROTECT\00497789.spm
c:\recycler\NPROTECT\00497790.sig
c:\recycler\NPROTECT\00497791.grd
c:\recycler\NPROTECT\00497792.dll
c:\recycler\NPROTECT\00497793.mui
c:\recycler\NPROTECT\00497794.dll
c:\recycler\NPROTECT\00497795.dll
c:\recycler\NPROTECT\00497796.spm
c:\recycler\NPROTECT\00497797.sig
c:\recycler\NPROTECT\00497798.grd
c:\recycler\NPROTECT\00497799.dll
c:\recycler\NPROTECT\00497800.dll
c:\recycler\NPROTECT\00497801.dll
c:\recycler\NPROTECT\00497802.dll
c:\recycler\NPROTECT\00497803.loc
c:\recycler\NPROTECT\00497804.dll
c:\recycler\NPROTECT\00497805.dll
c:\recycler\NPROTECT\00497806.dll
c:\recycler\NPROTECT\00497808.htm
c:\recycler\NPROTECT\00497809.dll
c:\recycler\NPROTECT\00497810.sig
c:\recycler\NPROTECT\00497811.grd
c:\recycler\NPROTECT\00497812.spm
c:\recycler\NPROTECT\00497813.exe
c:\recycler\NPROTECT\00497814.dll
c:\recycler\NPROTECT\00497815.dll
c:\recycler\NPROTECT\00497817.sig
c:\recycler\NPROTECT\00497818.grd
c:\recycler\NPROTECT\00497819.spm
c:\recycler\NPROTECT\00497820.loc
c:\recycler\NPROTECT\00497821.dll
c:\recycler\NPROTECT\00497822.dll
c:\recycler\NPROTECT\00497823.dll
c:\recycler\NPROTECT\00497824.dll
c:\recycler\NPROTECT\00497825.dat
c:\recycler\NPROTECT\00497826.dll
c:\recycler\NPROTECT\00497827.dll
c:\recycler\NPROTECT\00497828.grd
c:\recycler\NPROTECT\00497829.sig
c:\recycler\NPROTECT\00497830.spm
c:\recycler\NPROTECT\00497831.loc
c:\recycler\NPROTECT\00497832.dll
c:\recycler\NPROTECT\00497833.dll
c:\recycler\NPROTECT\00497834.dll
c:\recycler\NPROTECT\00497835.spm
c:\recycler\NPROTECT\00497836.grd
c:\recycler\NPROTECT\00497837.sig
c:\recycler\NPROTECT\00497838.loc
c:\recycler\NPROTECT\00497839.loc
c:\recycler\NPROTECT\00497840.exe
c:\recycler\NPROTECT\00497841.exe
c:\recycler\NPROTECT\00497842.grd
c:\recycler\NPROTECT\00497843.dll
c:\recycler\NPROTECT\00497844.sig
c:\recycler\NPROTECT\00497845.spm
c:\recycler\NPROTECT\00497846.dll
c:\recycler\NPROTECT\00497847.sig
c:\recycler\NPROTECT\00497848.grd
c:\recycler\NPROTECT\00497849.spm
c:\recycler\NPROTECT\00497850.loc
c:\recycler\NPROTECT\00497851.dll
c:\recycler\NPROTECT\00497852.sig
c:\recycler\NPROTECT\00497853.spm
c:\recycler\NPROTECT\00497854.grd
c:\recycler\NPROTECT\00497855.loc
c:\recycler\NPROTECT\00497856.dll
c:\recycler\NPROTECT\00497857.sig
c:\recycler\NPROTECT\00497858.grd
c:\recycler\NPROTECT\00497859.spm
c:\recycler\NPROTECT\00497860.dll
c:\recycler\NPROTECT\00497861.dll
c:\recycler\NPROTECT\00497862.exe
c:\recycler\NPROTECT\00497863.loc
c:\recycler\NPROTECT\00497864.loc
c:\recycler\NPROTECT\00497865.grd
c:\recycler\NPROTECT\00497866.spm
c:\recycler\NPROTECT\00497868.sig
c:\recycler\NPROTECT\00497869.dll
c:\recycler\NPROTECT\00497870.dll
c:\recycler\NPROTECT\00497871.loc
c:\recycler\NPROTECT\00497872.dll
c:\recycler\NPROTECT\00497873.loc
c:\recycler\NPROTECT\00497874.dll
c:\recycler\NPROTECT\00497875.exe
c:\recycler\NPROTECT\00497876.grd
c:\recycler\NPROTECT\00497877.sig
c:\recycler\NPROTECT\00497878.spm
c:\recycler\NPROTECT\00497879.spm
c:\recycler\NPROTECT\00497880.grd
c:\recycler\NPROTECT\00497881.sig
c:\recycler\NPROTECT\00497882.dll
c:\recycler\NPROTECT\00497883.grd
c:\recycler\NPROTECT\00497884.spm
c:\recycler\NPROTECT\00497885.sig
c:\recycler\NPROTECT\00497886.spm
c:\recycler\NPROTECT\00497887.sig
c:\recycler\NPROTECT\00497888.grd
c:\recycler\NPROTECT\00497889.loc
c:\recycler\NPROTECT\00497891.dll
c:\recycler\NPROTECT\00497892.grd
c:\recycler\NPROTECT\00497893.sig
c:\recycler\NPROTECT\00497894.spm
c:\recycler\NPROTECT\00497895.dll
c:\recycler\NPROTECT\00497896.spm
c:\recycler\NPROTECT\00497897.sig
c:\recycler\NPROTECT\00497898.grd
c:\recycler\NPROTECT\00497899.log
c:\recycler\NPROTECT\00497900.ipi
c:\recycler\NPROTECT\00497901.XML
c:\recycler\NPROTECT\00497903.DAT
c:\recycler\NPROTECT\00497904.DLL
c:\recycler\NPROTECT\00497905.VXD
c:\recycler\NPROTECT\00497906.DLL
c:\recycler\NPROTECT\00497907.SYS
c:\recycler\NPROTECT\00497908.GRD
c:\recycler\NPROTECT\00497909.SIG
c:\recycler\NPROTECT\00497910.SPM
c:\recycler\NPROTECT\00497911.SYS
c:\recycler\NPROTECT\00497912.BIN
c:\recycler\NPROTECT\00497913
c:\recycler\NPROTECT\00497914.EXP
c:\recycler\NPROTECT\00497915.SYS
c:\recycler\NPROTECT\00497916.VXD
c:\recycler\NPROTECT\00497917.DLL
c:\recycler\NPROTECT\00497918.EXP
c:\recycler\NPROTECT\00497919.SYS
c:\recycler\NPROTECT\00497920.VXD
c:\recycler\NPROTECT\00497921.DLL
c:\recycler\NPROTECT\00497922.TXT
c:\recycler\NPROTECT\00497923.DAT
c:\recycler\NPROTECT\00497924.CAT
c:\recycler\NPROTECT\00497925.INF
c:\recycler\NPROTECT\00497926.CAT
c:\recycler\NPROTECT\00497927.INF
c:\recycler\NPROTECT\00497928.DAT
c:\recycler\NPROTECT\00497929.DAT
c:\recycler\NPROTECT\00497930.DAT
c:\recycler\NPROTECT\00497931.DAT
c:\recycler\NPROTECT\00497932.TXT
c:\recycler\NPROTECT\00497933.DAT
c:\recycler\NPROTECT\00497935.DAT
c:\recycler\NPROTECT\00497936.DAT
c:\recycler\NPROTECT\00497937.DAT
c:\recycler\NPROTECT\00497938.GRD
c:\recycler\NPROTECT\00497939.SIG
c:\recycler\NPROTECT\00497940.INF
c:\recycler\NPROTECT\00497941.DAT
c:\recycler\NPROTECT\00497942.DAT
c:\recycler\NPROTECT\00497943.DAT
c:\recycler\NPROTECT\00497944.DAT
c:\recycler\NPROTECT\00497945.DAT
c:\recycler\NPROTECT\00497946.DAT
c:\recycler\NPROTECT\00497947.DAT
c:\recycler\NPROTECT\00497948.DAT
c:\recycler\NPROTECT\00497949.DAT
c:\recycler\NPROTECT\00497951.TXT
c:\recycler\NPROTECT\00497952.DAT
c:\recycler\NPROTECT\00497953.DAT
c:\recycler\NPROTECT\00497954.DLL
c:\recycler\NPROTECT\00497955.VXD
c:\recycler\NPROTECT\00497956.DLL
c:\recycler\NPROTECT\00497957.SYS
c:\recycler\NPROTECT\00497958.GRD
c:\recycler\NPROTECT\00497959.SIG
c:\recycler\NPROTECT\00497960.SPM
c:\recycler\NPROTECT\00497961.SYS
c:\recycler\NPROTECT\00497962.BIN
c:\recycler\NPROTECT\00497963
c:\recycler\NPROTECT\00497964.EXP
c:\recycler\NPROTECT\00497965.SYS
c:\recycler\NPROTECT\00497966.VXD
c:\recycler\NPROTECT\00497967.DLL
c:\recycler\NPROTECT\00497968.EXP
c:\recycler\NPROTECT\00497969.SYS
c:\recycler\NPROTECT\00497970.VXD
c:\recycler\NPROTECT\00497971.DLL
c:\recycler\NPROTECT\00497972.TXT
c:\recycler\NPROTECT\00497973.DAT
c:\recycler\NPROTECT\00497974.CAT
c:\recycler\NPROTECT\00497975.INF
c:\recycler\NPROTECT\00497976.CAT
c:\recycler\NPROTECT\00497977.INF
c:\recycler\NPROTECT\00497978.DAT
c:\recycler\NPROTECT\00497979.DAT
c:\recycler\NPROTECT\00497980.DAT
c:\recycler\NPROTECT\00497981.DAT
c:\recycler\NPROTECT\00497982.TXT
c:\recycler\NPROTECT\00497983.DAT
c:\recycler\NPROTECT\00497985.DAT
c:\recycler\NPROTECT\00497986.DAT
c:\recycler\NPROTECT\00497987.DAT
c:\recycler\NPROTECT\00497988.GRD
c:\recycler\NPROTECT\00497989.SIG
c:\recycler\NPROTECT\00497990.INF
c:\recycler\NPROTECT\00497991.DAT
c:\recycler\NPROTECT\00497992.DAT
c:\recycler\NPROTECT\00497993.DAT
c:\recycler\NPROTECT\00497994.DAT
c:\recycler\NPROTECT\00497995.DAT
c:\recycler\NPROTECT\00497996.DAT
c:\recycler\NPROTECT\00497997.DAT
c:\recycler\NPROTECT\00497998.DAT
c:\recycler\NPROTECT\00497999.DAT
c:\recycler\NPROTECT\00498001.TXT
c:\recycler\NPROTECT\00498002.DAT
c:\recycler\NPROTECT\00498003.DAT
c:\recycler\NPROTECT\00498004.DLL
c:\recycler\NPROTECT\00498005.VXD
c:\recycler\NPROTECT\00498006.DLL
c:\recycler\NPROTECT\00498007.SYS
c:\recycler\NPROTECT\00498008.GRD
c:\recycler\NPROTECT\00498009.SIG
c:\recycler\NPROTECT\00498010.SPM
c:\recycler\NPROTECT\00498011.SYS
c:\recycler\NPROTECT\00498012.BIN
c:\recycler\NPROTECT\00498013
c:\recycler\NPROTECT\00498014.EXP
c:\recycler\NPROTECT\00498015.SYS
c:\recycler\NPROTECT\00498016.VXD
c:\recycler\NPROTECT\00498017.DLL
c:\recycler\NPROTECT\00498018.EXP
c:\recycler\NPROTECT\00498019.SYS
c:\recycler\NPROTECT\00498020.VXD
c:\recycler\NPROTECT\00498021.DLL
c:\recycler\NPROTECT\00498022.TXT
c:\recycler\NPROTECT\00498023.DAT
c:\recycler\NPROTECT\00498024.CAT
c:\recycler\NPROTECT\00498025.INF
c:\recycler\NPROTECT\00498026.CAT
c:\recycler\NPROTECT\00498027.INF
c:\recycler\NPROTECT\00498028.DAT
c:\recycler\NPROTECT\00498029.DAT
c:\recycler\NPROTECT\00498030.DAT
c:\recycler\NPROTECT\00498031.DAT
c:\recycler\NPROTECT\00498032.TXT
c:\recycler\NPROTECT\00498033.DAT
c:\recycler\NPROTECT\00498035.DAT
c:\recycler\NPROTECT\00498036.DAT
c:\recycler\NPROTECT\00498037.DAT
c:\recycler\NPROTECT\00498038.GRD
c:\recycler\NPROTECT\00498039.SIG
c:\recycler\NPROTECT\00498040.INF
c:\recycler\NPROTECT\00498041.DAT
c:\recycler\NPROTECT\00498042.DAT
c:\recycler\NPROTECT\00498043.DAT
c:\recycler\NPROTECT\00498044.DAT
c:\recycler\NPROTECT\00498045.DAT
c:\recycler\NPROTECT\00498046.DAT
c:\recycler\NPROTECT\00498047.DAT
c:\recycler\NPROTECT\00498048.DAT
c:\recycler\NPROTECT\00498049.DAT
c:\recycler\NPROTECT\00498051.TXT
c:\recycler\NPROTECT\00498052.DAT
c:\recycler\NPROTECT\00498054.dat
c:\recycler\NPROTECT\00498055.dll
c:\recycler\NPROTECT\00498056.dll
c:\recycler\NPROTECT\00498057.sys
c:\recycler\NPROTECT\00498058.grd
c:\recycler\NPROTECT\00498059.sig
c:\recycler\NPROTECT\00498060.spm
c:\recycler\NPROTECT\00498061.sys
c:\recycler\NPROTECT\00498062.bin
c:\recycler\NPROTECT\00498063
c:\recycler\NPROTECT\00498064.sys
c:\recycler\NPROTECT\00498065.dll
c:\recycler\NPROTECT\00498066.sys
c:\recycler\NPROTECT\00498067.dll
c:\recycler\NPROTECT\00498068.txt
c:\recycler\NPROTECT\00498069.dat
c:\recycler\NPROTECT\00498070.cat
c:\recycler\NPROTECT\00498071.inf
c:\recycler\NPROTECT\00498072.cat
c:\recycler\NPROTECT\00498073.inf
c:\recycler\NPROTECT\00498074.dat
c:\recycler\NPROTECT\00498075.dat
c:\recycler\NPROTECT\00498076.dat
c:\recycler\NPROTECT\00498077.dat
c:\recycler\NPROTECT\00498078.txt
c:\recycler\NPROTECT\00498079.dat
c:\recycler\NPROTECT\00498081.dat
c:\recycler\NPROTECT\00498082.dat
c:\recycler\NPROTECT\00498083.dat
c:\recycler\NPROTECT\00498084.grd
c:\recycler\NPROTECT\00498085.sig
c:\recycler\NPROTECT\00498086.inf
c:\recycler\NPROTECT\00498087.dat
c:\recycler\NPROTECT\00498088.dat
c:\recycler\NPROTECT\00498089.dat
c:\recycler\NPROTECT\00498090.dat
c:\recycler\NPROTECT\00498091.dat
c:\recycler\NPROTECT\00498092.dat
c:\recycler\NPROTECT\00498093.dat
c:\recycler\NPROTECT\00498094.dat
c:\recycler\NPROTECT\00498095.dat
c:\recycler\NPROTECT\00498096.txt
c:\recycler\NPROTECT\00498097.dat
c:\recycler\NPROTECT\00498099.grd
c:\recycler\NPROTECT\00498100.sig
c:\recycler\NPROTECT\00498101.spm
c:\recycler\NPROTECT\00498103
c:\recycler\NPROTECT\00498104.sys
c:\recycler\NPROTECT\00498106.rbf
c:\recycler\NPROTECT\00498107.rbf
c:\recycler\NPROTECT\00498108.rbf
c:\recycler\NPROTECT\00498109.rbf
c:\recycler\NPROTECT\00498110.rbf
c:\recycler\NPROTECT\00498111.rbf
c:\recycler\NPROTECT\00498112.rbf
c:\recycler\NPROTECT\00498113.rbf
c:\recycler\NPROTECT\00498114.rbf
c:\recycler\NPROTECT\00498115.rbf
c:\recycler\NPROTECT\00498116.rbf
c:\recycler\NPROTECT\00498117.rbf
c:\recycler\NPROTECT\00498118.rbf
c:\recycler\NPROTECT\00498119.rbf
c:\recycler\NPROTECT\00498120.rbf
c:\recycler\NPROTECT\00498121.rbs
c:\recycler\NPROTECT\00498122.ipi
c:\recycler\NPROTECT\00498123.msi
c:\recycler\NPROTECT\00498124.rbf
c:\recycler\NPROTECT\00498125.rbf
c:\recycler\NPROTECT\00498126.rbf
c:\recycler\NPROTECT\00498127.rbf
c:\recycler\NPROTECT\00498128.rbf
c:\recycler\NPROTECT\00498129.rbf
c:\recycler\NPROTECT\00498130.rbf
c:\recycler\NPROTECT\00498131.rbs
c:\recycler\NPROTECT\00498132.ipi
c:\recycler\NPROTECT\00498133.msi
c:\recycler\NPROTECT\00498134.sys
c:\recycler\NPROTECT\00498135.CAT
c:\recycler\NPROTECT\00498136.PNF
c:\recycler\NPROTECT\00498137.INF
c:\recycler\NPROTECT\00498138.CAT
c:\recycler\NPROTECT\00498139.PNF
c:\recycler\NPROTECT\00498140.INF
c:\recycler\NPROTECT\00498141.1
c:\recycler\NPROTECT\00498142.XML
c:\recycler\NPROTECT\00498143.Dat
c:\recycler\NPROTECT\00498144.rul
c:\recycler\NPROTECT\00498147.DAT
c:\recycler\NPROTECT\00498148.log
c:\recycler\NPROTECT\00498149.log
c:\recycler\NPROTECT\00498151.log
c:\recycler\NPROTECT\00498152.log
c:\recycler\NPROTECT\00498153.log
c:\recycler\NPROTECT\00498154.rbf
c:\recycler\NPROTECT\00498155.rbf
c:\recycler\NPROTECT\00498156.rbf
c:\recycler\NPROTECT\00498157.rbf
c:\recycler\NPROTECT\00498158.rbf
c:\recycler\NPROTECT\00498159.rbf
c:\recycler\NPROTECT\00498160.rbf
c:\recycler\NPROTECT\00498161.rbf
c:\recycler\NPROTECT\00498162.rbf
c:\recycler\NPROTECT\00498163.rbf
c:\recycler\NPROTECT\00498164.rbf
c:\recycler\NPROTECT\00498165.rbf
c:\recycler\NPROTECT\00498166.rbf
c:\recycler\NPROTECT\00498167.rbf
c:\recycler\NPROTECT\00498168.rbf
c:\recycler\NPROTECT\00498169.rbf
c:\recycler\NPROTECT\00498170.rbf
c:\recycler\NPROTECT\00498171.rbf
c:\recycler\NPROTECT\00498172.rbf
c:\recycler\NPROTECT\00498173.rbf
c:\recycler\NPROTECT\00498174.rbf
c:\recycler\NPROTECT\00498175.rbf
c:\recycler\NPROTECT\00498176.rbf
c:\recycler\NPROTECT\00498177.rbs
c:\recycler\NPROTECT\00498178.ipi
c:\recycler\NPROTECT\00498179.msi
c:\recycler\NPROTECT\00498181.rbf
c:\recycler\NPROTECT\00498182.rbf
c:\recycler\NPROTECT\00498183.rbf
c:\recycler\NPROTECT\00498184.rbf
c:\recycler\NPROTECT\00498185.rbf
c:\recycler\NPROTECT\00498186.rbf
c:\recycler\NPROTECT\00498187.rbf
c:\recycler\NPROTECT\00498188.rbf
c:\recycler\NPROTECT\00498189.rbf
c:\recycler\NPROTECT\00498190.rbf
c:\recycler\NPROTECT\00498191.rbf
c:\recycler\NPROTECT\00498192.rbf
c:\recycler\NPROTECT\00498193.rbf
c:\recycler\NPROTECT\00498194.rbf
c:\recycler\NPROTECT\00498195.rbf
c:\recycler\NPROTECT\00498196.rbf
c:\recycler\NPROTECT\00498197.rbf
c:\recycler\NPROTECT\00498198.rbf
c:\recycler\NPROTECT\00498199.rbf
c:\recycler\NPROTECT\00498200.rbf
c:\recycler\NPROTECT\00498201.rbf
c:\recycler\NPROTECT\00498202.rbf
c:\recycler\NPROTECT\00498203.rbf
c:\recycler\NPROTECT\00498204.rbf
c:\recycler\NPROTECT\00498205.rbf
c:\recycler\NPROTECT\00498206.rbf
c:\recycler\NPROTECT\00498207.rbf
c:\recycler\NPROTECT\00498208.rbf
c:\recycler\NPROTECT\00498209.rbf
c:\recycler\NPROTECT\00498210.rbf
c:\recycler\NPROTECT\00498212.rbf
c:\recycler\NPROTECT\00498213.rbf
c:\recycler\NPROTECT\00498214.rbf
c:\recycler\NPROTECT\00498215.rbf
c:\recycler\NPROTECT\00498216.rbf
c:\recycler\NPROTECT\00498217.rbf
c:\recycler\NPROTECT\00498218.rbf
c:\recycler\NPROTECT\00498219.rbf
c:\recycler\NPROTECT\00498220.rbf
c:\recycler\NPROTECT\00498221.rbf
c:\recycler\NPROTECT\00498222.rbf
c:\recycler\NPROTECT\00498223.rbf
c:\recycler\NPROTECT\00498224.rbf
c:\recycler\NPROTECT\00498225.rbf
c:\recycler\NPROTECT\00498226.rbf
c:\recycler\NPROTECT\00498227.rbs
c:\recycler\NPROTECT\00498228.ipi
c:\recycler\NPROTECT\00498229.msi
c:\recycler\NPROTECT\00498230.rbf
c:\recycler\NPROTECT\00498231.rbf
c:\recycler\NPROTECT\00498232.rbf
c:\recycler\NPROTECT\00498233.rbf
c:\recycler\NPROTECT\00498234.rbf
c:\recycler\NPROTECT\00498235.rbf
c:\recycler\NPROTECT\00498236.rbf
c:\recycler\NPROTECT\00498237.rbf
c:\recycler\NPROTECT\00498238.rbf
c:\recycler\NPROTECT\00498239.rbf
c:\recycler\NPROTECT\00498240.rbf
c:\recycler\NPROTECT\00498241.rbf
c:\recycler\NPROTECT\00498242.rbs
c:\recycler\NPROTECT\00498243.ipi
c:\recycler\NPROTECT\00498244.msi
c:\recycler\NPROTECT\00498245.XML
c:\recycler\NPROTECT\00498246.rbf
c:\recycler\NPROTECT\00498247.rbf
c:\recycler\NPROTECT\00498248.rbf
c:\recycler\NPROTECT\00498249.rbf
c:\recycler\NPROTECT\00498250.rbf
c:\recycler\NPROTECT\00498251.rbf
c:\recycler\NPROTECT\00498252.rbf
c:\recycler\NPROTECT\00498253.rbf
c:\recycler\NPROTECT\00498254.rbf
c:\recycler\NPROTECT\00498255.rbf
c:\recycler\NPROTECT\00498256.rbf
c:\recycler\NPROTECT\00498257.rbf
c:\recycler\NPROTECT\00498258.rbf
c:\recycler\NPROTECT\00498259.rbf
c:\recycler\NPROTECT\00498260.rbf
c:\recycler\NPROTECT\00498261.rbf
c:\recycler\NPROTECT\00498262.rbf
c:\recycler\NPROTECT\00498263.rbf
c:\recycler\NPROTECT\00498264.rbf
c:\recycler\NPROTECT\00498265.rbf
c:\recycler\NPROTECT\00498266.rbf
c:\recycler\NPROTECT\00498267.rbf
c:\recycler\NPROTECT\00498268.rbf
c:\recycler\NPROTECT\00498269.rbf
c:\recycler\NPROTECT\00498270.rbf
c:\recycler\NPROTECT\00498271.rbf
c:\recycler\NPROTECT\00498272.rbf
c:\recycler\NPROTECT\00498273.rbf
c:\recycler\NPROTECT\00498274.rbs
c:\recycler\NPROTECT\00498275.ipi
c:\recycler\NPROTECT\00498276.msi
c:\recycler\NPROTECT\00498277.DLL
c:\recycler\NPROTECT\00498278.DLL
c:\recycler\NPROTECT\00498279.SYS
c:\recycler\NPROTECT\00498280.SYS
c:\recycler\NPROTECT\00498281.SPM
c:\recycler\NPROTECT\00498282.GRD
c:\recycler\NPROTECT\00498283.SIG
c:\recycler\NPROTECT\00498284.INF
c:\recycler\NPROTECT\00498285.CAT
c:\recycler\NPROTECT\00498286.INF
c:\recycler\NPROTECT\00498287.CAT
c:\recycler\NPROTECT\00498288.EXE
c:\recycler\NPROTECT\00498294.XML
c:\recycler\NPROTECT\00498297.XML
c:\recycler\NPROTECT\00498300.XML
c:\recycler\NPROTECT\00498302.XML
c:\recycler\NPROTECT\00498304.edb
Here is the second part of the combo fix log:
c:\windows\patch.exe
c:\windows\system32\drivers\iqlyslad.sys
c:\windows\system32\drivers\oprybgvb.sys
c:\windows\system32\dxqyuods.dll
c:\windows\system32\eaglgdq.dll
c:\windows\system32\ngpcyye.dll
c:\windows\Tasks\At1.job
h:\recycler\NPROTECT\00642359.exe
h:\recycler\NPROTECT\00642360._P
h:\recycler\NPROTECT\00642361.exe
c:\recycler\NPROTECT\NPROTECT.LOG . . . . failed to delete
h:\recycler\NPROTECT\NPROTECT.LOG . . . . failed to delete
i:\recycler\NPROTECT\NPROTECT.LOG . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IQLYSLAD
-------\Legacy_UKAGZKRH
-------\Service_iqlyslad
-------\Service_ukagzkrh
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.
2009-05-18 18:36 . 2009-05-18 18:36 -------- d-----w c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-05-16 23:22 . 2009-05-16 23:22 -------- d-----w c:\program files\Trend Micro
2009-05-16 23:19 . 2009-05-16 23:19 -------- d-----w c:\program files\ERUNT
2009-05-15 11:22 . 2009-05-15 11:22 -------- d-----w c:\documents and settings\Moseley\Application Data\wuqyvfax
2009-05-15 11:22 . 2009-05-15 11:22 -------- d-----w c:\documents and settings\Moseley\Local Settings\Application Data\wuqyvfax
2009-05-15 11:16 . 2009-05-15 11:16 -------- d-----w c:\documents and settings\NetworkService\Application Data\wuqyvfax
2009-05-15 11:16 . 2009-05-15 11:16 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\wuqyvfax
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 18:45 . 2004-12-30 04:46 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-18 18:45 . 2004-12-30 04:46 -------- d-----w c:\program files\Norton AntiVirus
2009-05-18 18:36 . 2004-12-30 04:45 -------- d-----w c:\program files\Symantec
2009-05-10 17:46 . 2005-01-30 03:35 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-06 14:22 . 2002-09-03 16:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-24 03:32 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
2005-07-26 20:10 . 2005-08-25 20:09 550419 ----a-w c:\program files\Pocket Mechanic.2577.CAB
2005-07-26 20:10 . 2005-08-25 20:09 215 ----a-w c:\program files\Pocket Mechanic.INI
2003-10-17 21:54 . 2005-08-25 20:09 1078 ----a-w c:\program files\Pocket Mechanic.ico
2003-07-25 23:49 . 2003-07-22 22:40 2037796 ----a-w c:\program files\SPR10.exe
2001-09-29 00:00 . 2005-08-25 20:09 164864 ----a-w c:\program files\UNWISE.EXE
2006-05-03 10:06 . 2007-03-17 23:41 163328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2007-03-17 23:41 31744 --sh--r c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 307200]
"Print Screen Deluxe"="c:\program files\American Systems\Print Screen Deluxe\PrintScreenDeluxe.exe" [2007-03-26 1863680]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-08 118784]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-10 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-12-31 98304]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 451896]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 451896]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-07-18 55824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-07-18 55824]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-3-29 528384]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2007-8-30 319488]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Harmony Remote.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Harmony Remote.lnk
backup=c:\windows\pss\Logitech Harmony Remote.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Moseley^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\Moseley\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Moseley^Start Menu^Programs^Startup^Konfabulator.lnk]
path=c:\documents and settings\Moseley\Start Menu\Programs\Startup\Konfabulator.lnk
backup=c:\windows\pss\Konfabulator.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [4/26/2005 6:15 PM 19507]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [4/26/2005 6:15 PM 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [4/26/2005 6:15 PM 423454]
R2 NProtectService;Norton Unerase Protection;c:\program files\Norton AntiVirus\AdvTools\NPROTECT.EXE [12/29/2004 9:47 PM 135168]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [12/29/2004 9:58 PM 14095]
S1 sonypvd3;Sony DVD Handycam;c:\windows\system32\drivers\sonypvd3.sys [4/26/2005 6:15 PM 64964]
S3 AvcPWilo;Adaptec Willow PCI;c:\windows\system32\drivers\avcpwilo.sys [2/26/2005 2:01 PM 722144]
S3 Phal;Phal - Logitech io2 USB driver;c:\windows\system32\Drivers\LPhalUsb.sys --> c:\windows\system32\Drivers\LPhalUsb.sys [?]
S4 Mrcdseac;Mrcdseac;c:\windows\system32\calc.exe [12/29/2004 5:46 PM 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2009-05-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-20 18:44]
.
- - - - ORPHANS REMOVED - - - -
BHO-{018C1171-3234-4371-A179-3EE4428F4BA0} - c:\windows\system32\dxqyuods.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: musicmatch.com\online
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {163A949D-2A1F-4B4C-AE46-83D0F59BE189} - hxxp://67.116.64.98/XHD.cab
DPF: {7EC687F9-9EFB-4FA3-A5BA-197C3461448A} - hxxp://67.116.64.98/RM.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 13:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SAVRT]
"ImagePath"="-"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SNDSrvc]
"ImagePath"="-"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-842925246-1532298954-682003330-1004\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:a7,7c,01,85,39,ec,1c,83,1a,18,19,c5,13,29,f8,08,0a,af,6b,07,
bc,5d,01,e2,95,fa,fb,85,a3,c6,3a,fa,cf,d0,46,31,c1,27,c6,e4,19,89,a6,ba,a7,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\�:õwjY�*]
"DisplayName"="\09"
"DeviceDesc"="\09"
"ProviderName"=""
"MFG"="?"
"ReinstallString"="2002, 6.13.10.6143"
"DeviceInstanceIds"=multi:"\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2196)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Dantz\Retrospect\retrorun.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-05-18 13:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-18 20:16
Pre-Run: 18,982,465,536 bytes free
Post-Run: 22,192,738,304 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
1625 --- E O F --- 2009-05-13 17:03
Here is the new Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:25 PM, on 5/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\American Systems\Print Screen Deluxe\PrintScreenDeluxe.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Print Screen Deluxe] "C:\Program Files\American Systems\Print Screen Deluxe\PrintScreenDeluxe.exe" /m
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {163A949D-2A1F-4B4C-AE46-83D0F59BE189} (X4 Control) - http://67.116.64.98/XHD.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104379075846
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129606054218
O16 - DPF: {7EC687F9-9EFB-4FA3-A5BA-197C3461448A} (Rm Control) - http://67.116.64.98/RM.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11738 bytes
Many thanks for your help. Here is the uninstall log:
Ad-Aware 2007
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Photoshop Elements 2.0
Adobe Reader 7.0.5
Adobe Reader for Pocket PC 2.0
Adobe® Photoshop® Album Starter Edition 3.0
Age of Empires Gold Edition for Pocket PC
Agenda Fusion for Pocket PC
AI RoboForm (All Users)
Allway Sync version 5.0.10
Application Suite
Application Suite
Application Suite
ArcSoft ShowBiz
Art of Positions 2.0.5
ATI Control Panel
ATI Display Driver
AviSynth 2.5
Beiks Bouvier's Legal Dictionary WCE
BEIKS English Dictionary Pro WCE
BT headset fix
BT PhoneManager LiveUpdate
Burr Oak Software Conversions In Hand
Burr Oak Software pTravelAlarm
Burr Oak Software WakeupTweak
Cambridge Dictionary of American English
Canon EOS 20D WIA Driver
Canon EOS-1D Mark II WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon Utilities EOS Capture 1.2
Canon Utilities EOS Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Cat Breeds - Illustrated reference 1.0
CC_ccStart
Chix
Concise Oxford English Dictionary
Concise Oxford Thesaurus
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Construction Master Pro for Pocket PC
CopyText Pro Installer
Crazy Ball 3D Full Version
Critical Update for Windows Media Player 11 (KB959772)
Dartz
Date-a-Babe
Dell Driver Reset Tool
Dell ResourceCD
DesignCAD 3D Max 16
DesignCAD 3D Max 17.0
Developer One Agenda Fusion
Developer One Agenda One Theme Builder 1.0.1.16
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dominoes for Pocket PC
DVD X Copy Platinum RF 4.0.4
DVD X Rescue
EasyTweak Pocket PC Edition
EasyTweak2
ED
Efficasoft GPS Utilities for Pocket PC v1.2
EMS
Emu48CE 1.23
ER Suite for Windows Mobile
er100LT
ERUNT 1.1j
eV41 0.93
EverQuest® for the Pocket PC
EZ Macros
Felix the Cat
Fifty Castles
First Step Guide
FLV Player 1.3.3
Fun2Link for Pocket PC
Games
Gangsta Race for PocketPC version 1.1
GdiplusUpgrade
Gilbert Goodmate PDA
Google Desktop
Google Earth
Google SketchUp 6
Google SketchUp 6 Exporters
Google SketchUp LayOut 6
Google SketchUp Pro 6
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
GPSdash2 (remove only)
Handmark® BATTLESHIP® for Pocket PC
Handmark® Oxford American Desk Dictionary and Thesaurus for Pocket PC
Handy Entertainment Riverland Screensaver
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Image Zone 4.2
HP Imaging Device Functions 7.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP PSC & OfficeJet 4.2
HP Software Update
HP Solution Center 7.0
HP Update
ImageMixer EasyStepDVD
Intel(R) PRO Ethernet Adapter and Software
Intellisync Lite
iPAQ WebReg
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
King Sol Solitaire 2004 for PocketPC
LearnWords
Leonard Maltin Guide 2006 for Pocket PC
Lexi-Comp Interact Reader (remove only)
Lexi-Comp Lexi-Drugs Platinum (Essential) (remove only)
Lexi-Comp Lexi-Interact Database (remove only)
Lexi-Comp Reader (remove only)
Lexipedia
Lextionary
LingvoSoft Talking Dictionary 2006 (English<->Chinese (Simplified)) for Pocket PC
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Lizardtech DjVu Control (autoinstall)
Logitech Harmony Remote Client
Logitech MouseWare 9.79.1
Logitech SetPoint
Logitech SetPoint 5.00
Macromedia Flash Player
Madden NFL 2005
Madden2006
MapAsia
MASPware GPSmeter
Mastersoft Mobile Solutions SuDoku
Mathcad 13
Maxtor OneTouch
MDict
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Arcade PocketPak
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Freecell for Pocket PC (Remove Only)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Reader for Pocket PC
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MIMS NZ Interact on PDA for Pocket PC
Miniature Golf
MPM
MSDict Professional English Dictionary Bundle
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Mummy Maze for Pocket PC
Musicmatch® Jukebox
NetFront v3.3 for Pocket PC (PPC3ARENR106JV)
Network Magic
NR Deluxe
OCR Software by I.R.I.S 7.0
OctoPuzzle
OctoPuzzle Deluxe
OLYMPUS CAMEDIA Master 4.3
Oscilloscope
overland
Oxford Dictionary of Business
Oxford Dictionary of Idioms
Patiences
PDAwin Globe
PDAwin Globe map B
PDAwin TV remote controller
PHM Registry Editor
Picture Package
Pocket Earth
Pocket Hack Master v4.11.029 WM5
Pocket Mechanic v1.60
Pocket Mechanic v2.17.153 (WM2003)
Pocket World Info
PocketLingo 2.0
PocketSnow
PontiSoft Sniffi v2.05 - SyMBiAN
PortaPlus PrivateNotes 4.1
Previsionary, Inc. Typango 3.0
Print Screen Deluxe
PVG Classic Arcade Invaders
QuickTime
Rapture's King Sol for PocketPC (ARM)
Resco Explorer
Resco Sokoban
Retrospect 6.0
Runtime Files
Safe Cracker v0.9.96
SafeCast Shared Components
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Simbsoft MouseMaze 1.2
SketchArtist (remove only)
SketchUp 5
Socket Wi-Fi® Companion Software
Socket Wi-Fi® Companion Software for Windows Mobile 2003
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony DVD Handycam USB Driver 2
SpaceTime
SpaceTime 2.0
Spb Full Screen Keyboard
Sprite Backup
Sprite Clone
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
StoneShift
Stripteaser
SUPER © Version 2007.bld.22 (Mar 14, 2007)
Super Slyder for Pocket PC
SurveyArea
Symantec KB-DocID:2003093015493306
TeleType GPS Pro
TenGO
The Rosetta Stone
Toki Tori
TomeRaider3
Total Remote
TrakPal
TrakPal PDA
Tweaks2k2 .NET PC Edition 1.5.0.0
Ultimate Advantage for Pocket PCs
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Storage Adapter FX (MXO)
VERITAS RecordNow
VersaCheck 2005 Gold
VITO Remote
WinAce Archiver
Windows Communication Foundation
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
Wine Enthusiast Guide 2005 for Pocket PC
WinMobileLens
WinZip
WOPR 2000
WorldMate® Pro for Pocket PC
Yahoo! Toolbar
ZAGAT TO GO for Pocket PC
ZAGAT TO GO v5.0.14
ZIOGolf 2 for Pocket PC
pskelley
2009-05-18, 23:17
Appears you changed System Configuration Utility (MSConfig)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
to Selective Startup in the second log? Please return to Normal Startup and then post a new HJT log. Stay in Normal Startup until we finish working together.
http://www.bleepingcomputer.com/startups/NPROTECT.EXE-17556.html <<< see this
Appears you were storing a load of malware in c:\recycler\NPROTECT
and combofix can not access this junk:
c:\recycler\NPROTECT\NPROTECT.LOG . . . . failed to delete
h:\recycler\NPROTECT\NPROTECT.LOG . . . . failed to delete
i:\recycler\NPROTECT\NPROTECT.LOG . . . . failed to delete
They might be safe logs, I do not use Symantec/Norton? If you wish to know, contact tech support.
http://www.symantec.com/enterprise/support/index.jsp
The NPROTECT program may not let them be deleted, and they might not have to be, but I have no way of knowing.
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.
Adobe Flash Player 10 ActiveX
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html
Adobe Reader 7.0.5 <<< out of date and unsafe, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
both are VERY old and out of date and unsafe:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php
http://raproducts.org/ <<< you may need this tool to uninstall these old versions.
Spybot - Search & Destroy 1.4 <<< uninstall this old version
Spybot - Search & Destroy <<< Please be sure Spybot S&D is up to date and fully immunized.
http://www.safer-networking.org/en/
http://www.safer-networking.org/en/news/2008-07-08.html
http://www.safer-networking.org/en/faq/index.html
http://www.safer-networking.org/en/tutorial/index.html
PSI said I should update 3 programs. I hope I have done what you requested. There is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:42 PM, on 5/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\American Systems\Print Screen Deluxe\PrintScreenDeluxe.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Secunia\PSI\psi.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Print Screen Deluxe] "C:\Program Files\American Systems\Print Screen Deluxe\PrintScreenDeluxe.exe" /m
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {163A949D-2A1F-4B4C-AE46-83D0F59BE189} (X4 Control) - http://67.116.64.98/XHD.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104379075846
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129606054218
O16 - DPF: {7EC687F9-9EFB-4FA3-A5BA-197C3461448A} (Rm Control) - http://67.116.64.98/RM.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11866 bytes
pskelley
2009-05-19, 11:06
This HJT log appears clean to me, you may return to Selective Startup (MSConfig) to save your resources.
PSI said I should update 3 programs
I can't remember if PSI sees old Spybot S&D programs, make sure you followed the directions I posted for Spybot. Let's clean and do another check for Virtumonde.
Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html
Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html
How is the computer running, any malware issues?
Thanks...Phil
Thanks very much for your help. I am currently running Malwarebyte and I will post the log soon.
(1) I ran Spybot 1.6.2 and this time it did not find any evidence of Virtumonde.
(2) Sometimes when I do a web page search I get several warnings about a file named "Windows\system32\ngpcyye.dll". A Google search does not turn up any mention of that file. The file was NOT in my computer on May 2, 2009 when I made a copy of my C drive using Maxtor Backup. No new programs had been loaded onto this computer by me when I started getting the warnings.
Do you have any information on "ngpcyye.dll"?
Thanks
pskelley
2009-05-20, 17:59
Do you have any information on "ngpcyye.dll"?
Not really, Google finds nothing so we call it a random named trojan. Once you complete the instructions you are working on, make sure you are seeing all files and folders:
http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp
Then use Search Companion: Start > Search > All Files and Folders
to see if that finds the location of that file. Be patient, lots of files to look through.
Take a look at this folder to see what it is:
c:\documents and settings\NetworkService\Local Settings\Application Data\wuqyvfax <<< here
Perhaps updated MBAM will find the junk, let's see how it goes.
Thanks
The Malwarebyte scan just finished. I'll move on to your next instructions now:
Malwarebytes' Anti-Malware 1.36
Database version: 2157
Windows 5.1.2600 Service Pack 3
5/20/2009 4:40:51 PM
mbam-log-2009-05-20 (16-40-51).txt
Scan type: Full Scan (C:\|H:\|I:\|)
Objects scanned: 698720
Time elapsed: 8 hour(s), 5 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
The search turned up three files "ngpcyye.xxx" all of which had been moved to "C:\QooBox\quarantine\system32".
I still need to update the programs you discused in post #7, several other programs and re-install Norton AV.
Then I'll see if I'm back to a good running machine.
Many thanks for your help.
I'll get back with you wih the results.
pskelley
2009-05-21, 11:47
Thanks for the feedback, we will try to wrap up like this.
Remove combofix from the computer like this:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Clean the System Restore files like this:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
(you may make this scan option if you wish, since you just ran it)
Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, keep it updated and run it once a month or so)
Update Norton AntiVirus and scan the system, to be sure it is running right and scanning clean. If you have problems with the program, contact tech support for instructions.
http://www.symantec.com/enterprise/support/index.jsp
If all is well at this point, let me know and I will close the topic.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
How hard are your passwords to crack?
http://www.microsoft.com/protect/yourself/password/checker.mspx
http://users.telenet.be/bluepatchy/miekiemoes/Links.html
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
Improve the safety of your browsing and e-mail activities
http://www.microsoft.com/protect/computer/advanced/browsing.mspx