Antivirus System Pro help

View previous topic View next topic Go down

Antivirus System Pro help

Post by squidboy on Mon Nov 02, 2009 3:22 am

Hello,

I've been infected with this fun little virus. I have downloaded the malwarebyte software (from another pc, as it redirects me to it's special page on the infected pc) and installed it. It seemed like it was going to scan, then was disrupted by the Antivirus Pro. I have tried the "hijack this" utility to create a log file, but when I run it, it has a splash screen for 1-2 seconds & disappears. Not sure what to try next. ANy help would be much appreciated.

Thanks!

squidboy
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-02
OS : XP Home

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by Dr Jay on Mon Nov 02, 2009 3:26 am

Please download [You must be registered and logged in to see this link.] (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13708
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by squidboy on Mon Nov 02, 2009 3:33 am

I just tried that and when I click on smitfraudfix, I get a small "DOS-type" splash screen that comes up with "c:windows\system32\cmd.exe" as the header, but it goes away immediately.

squidboy
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-02
OS : XP Home

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by Dr Jay on Mon Nov 02, 2009 3:39 am

Please download ComboFix from [You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13708
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by squidboy on Mon Nov 02, 2009 3:49 am

OK, I got combofix started & everything looked to be going well, but it stopped me and told me to close my Kaspersky anti-virus. I would, but it is not active on the task-bar & it is nowhere to be seen in the task manager. Is there another (hȋdden?) place to disable it so I can continue with the combofix? Thanks!

squidboy
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-02
OS : XP Home

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by Dr Jay on Mon Nov 02, 2009 4:17 am

ComboFix will probably disable it for you. Go ahead.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13708
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by squidboy on Mon Nov 02, 2009 4:59 am

It keeps telling me "the posted message is too big" when I try to inser the contents of the log file, so I'll put them in a few different posts, beginning here:

ComboFix 09-10-30.01 - Steve 11/01/2009 23:29.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.717 [GMT -5:00]
Running from: c:\documents and settings\Steve\desktop\commy.exe
Command switches used :: /stepdel
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Images
c:\program files\gihogn
c:\program files\gihogn\fhicsysguard.exe
c:\program files\wxwrmo
c:\program files\wxwrmo\eefdsysguard.exe
c:\recycler\NPROTECT
c:\windows\system32\lowsec
c:\docume~1\Steve\LOCALS~1\Temp\svchost.exe
c:\docume~1\Steve\LOCALS~1\Temp\winlogon.exe
c:\documents and settings\All Users\Application Data\Microsoft\Media\WPTEct.dll
c:\documents and settings\Steve\Application Data\inst.exe
c:\documents and settings\Steve\ntuser.dll
c:\documents and settings\Steve\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\Steve\Start Menu\Programs\Startup\scandisk.lnk
C:\ntldrs
c:\recycler\NPROTECT\00000132.rbf
c:\recycler\NPROTECT\00000133.rbf
c:\recycler\NPROTECT\00000134.rbf
c:\recycler\NPROTECT\00000135.rbf
c:\recycler\NPROTECT\00000136.rbf
c:\recycler\NPROTECT\00000137.rbf
c:\recycler\NPROTECT\00000138.rbf
c:\recycler\NPROTECT\00000139.rbf
c:\recycler\NPROTECT\00000140.rbf
c:\recycler\NPROTECT\00000141.rbf
c:\recycler\NPROTECT\00000142.rbf
c:\recycler\NPROTECT\00000143.rbf
c:\recycler\NPROTECT\00000144.rbf
c:\recycler\NPROTECT\00000145.rbf
c:\recycler\NPROTECT\00000146.rbf
c:\recycler\NPROTECT\00000147.rbf
c:\recycler\NPROTECT\00000148.rbf
c:\recycler\NPROTECT\00000149.rbf
c:\recycler\NPROTECT\00000150.rbf
c:\recycler\NPROTECT\00000151.rbf
c:\recycler\NPROTECT\00000152.rbf
c:\recycler\NPROTECT\00000153.rbf
c:\recycler\NPROTECT\00000154.rbf
c:\recycler\NPROTECT\00000155.rbf
c:\recycler\NPROTECT\00000156.rbf
c:\recycler\NPROTECT\00000157.rbf
c:\recycler\NPROTECT\00000158.rbf
c:\recycler\NPROTECT\00000159.rbf
c:\recycler\NPROTECT\00000160.rbf
c:\recycler\NPROTECT\00000161.rbf
c:\recycler\NPROTECT\00000162.rbf
c:\recycler\NPROTECT\00000163.rbs
c:\recycler\NPROTECT\00000164.ipi
c:\recycler\NPROTECT\00000165.msi
c:\recycler\NPROTECT\00000171.rbs
c:\recycler\NPROTECT\00000172.ipi
c:\recycler\NPROTECT\00000173.msi
c:\recycler\NPROTECT\00000186.DLL
c:\recycler\NPROTECT\00000187.SYS
c:\recycler\NPROTECT\00000188.SPM
c:\recycler\NPROTECT\00000189.GRD
c:\recycler\NPROTECT\00000190.SIG
c:\recycler\NPROTECT\00000191.INF
c:\recycler\NPROTECT\00000192.CAT
c:\recycler\NPROTECT\00000196.rbs
c:\recycler\NPROTECT\00000197.ipi
c:\recycler\NPROTECT\00000198.msi
c:\recycler\NPROTECT\00000205.rbs
c:\recycler\NPROTECT\00000206.ipi
c:\recycler\NPROTECT\00000207.msi
c:\recycler\NPROTECT\00000210.rbf
c:\recycler\NPROTECT\00000211.rbf
c:\recycler\NPROTECT\00000212.rbf
c:\recycler\NPROTECT\00000213.rbf
c:\recycler\NPROTECT\00000214.rbf
c:\recycler\NPROTECT\00000215.rbf
c:\recycler\NPROTECT\00000216.rbs
c:\recycler\NPROTECT\00000217.ipi
c:\recycler\NPROTECT\00000218.msi
c:\recycler\NPROTECT\00000221.rbf
c:\recycler\NPROTECT\00000222.rbf
c:\recycler\NPROTECT\00000223.rbs
c:\recycler\NPROTECT\00000224.ipi
c:\recycler\NPROTECT\00000225.msi
c:\recycler\NPROTECT\00000227.dat
c:\recycler\NPROTECT\00000229.EXE
c:\recycler\NPROTECT\00000230.LOC
c:\recycler\NPROTECT\00000231.dll
c:\recycler\NPROTECT\00000232.dll
c:\recycler\NPROTECT\00000233.loc
c:\recycler\NPROTECT\00000234.exe
c:\recycler\NPROTECT\00000235.dll
c:\recycler\NPROTECT\00000236.dll
c:\recycler\NPROTECT\00000237.dll
c:\recycler\NPROTECT\00000238.dll
c:\recycler\NPROTECT\00000351.ecf
c:\recycler\NPROTECT\00000434.RPT
c:\recycler\NPROTECT\00000435.RPT
c:\recycler\NPROTECT\00000437.KLZ
c:\recycler\NPROTECT\00000438.xml
c:\recycler\NPROTECT\00000440.XML
c:\recycler\NPROTECT\00000441.XML
c:\recycler\NPROTECT\00000442.XML
c:\recycler\NPROTECT\00000446.dat
c:\recycler\NPROTECT\00000450.avc
c:\recycler\NPROTECT\00000453.avc
c:\recycler\NPROTECT\00000457.BES
c:\recycler\NPROTECT\00000458.DIF
c:\recycler\NPROTECT\00000459.2V8
c:\recycler\NPROTECT\00000460.AZI
c:\recycler\NPROTECT\00000461.DIF
c:\recycler\NPROTECT\00000462.DIF
c:\recycler\NPROTECT\00000463.370
c:\recycler\NPROTECT\00000464.ODR
c:\recycler\NPROTECT\00000465.T6K
c:\recycler\NPROTECT\00000466.Y2E
c:\recycler\NPROTECT\00000467.DIF
c:\recycler\NPROTECT\00000468.gsg
c:\recycler\NPROTECT\00000469.KRG
c:\recycler\NPROTECT\00000470.XML
c:\recycler\NPROTECT\00000471.KRG
c:\recycler\NPROTECT\00000472.stt
c:\recycler\NPROTECT\00000473.krg
c:\recycler\NPROTECT\00000474.stt
c:\recycler\NPROTECT\00000475.dat
c:\recycler\NPROTECT\00000476.XML
c:\recycler\NPROTECT\00000477.KRG
c:\recycler\NPROTECT\00000478.XML
c:\recycler\NPROTECT\00000479.avc
c:\recycler\NPROTECT\00000480.avc
c:\recycler\NPROTECT\00000481.avc
c:\recycler\NPROTECT\00000482.avc
c:\recycler\NPROTECT\00000483.avc
c:\recycler\NPROTECT\00000484.xml
c:\recycler\NPROTECT\00000485.xml
c:\recycler\NPROTECT\00000486.XML
c:\recycler\NPROTECT\00000487.stt
c:\recycler\NPROTECT\00000489.XML
c:\recycler\NPROTECT\00000490.stt
c:\recycler\NPROTECT\00000491.dat
c:\recycler\NPROTECT\00000492.XML
c:\recycler\NPROTECT\00000493.gsg
c:\recycler\NPROTECT\00000494.XML
c:\recycler\NPROTECT\00000495.avc
c:\recycler\NPROTECT\00000496.avc
c:\recycler\NPROTECT\00000500.krg
c:\recycler\NPROTECT\00000501.KRG
c:\recycler\NPROTECT\00000502.KRG
c:\recycler\NPROTECT\00000503.KRG
c:\recycler\NPROTECT\00000505.XML
c:\recycler\NPROTECT\00000673.ecf
c:\recycler\NPROTECT\00000798.RPT
c:\recycler\NPROTECT\00000799.RPT
c:\recycler\NPROTECT\00000800.KLZ
c:\recycler\NPROTECT\00000801.xml
c:\recycler\NPROTECT\00000804.XML
c:\recycler\NPROTECT\00000806.XML
c:\recycler\NPROTECT\00000807.XML
c:\recycler\NPROTECT\00000816.dat
c:\recycler\NPROTECT\00000818.Z4R
c:\recycler\NPROTECT\00000819.DIF
c:\recycler\NPROTECT\00000820.DIF
c:\recycler\NPROTECT\00000821.USO
c:\recycler\NPROTECT\00000822.PBZ
c:\recycler\NPROTECT\00000823.P9O
c:\recycler\NPROTECT\00000824.M6U
c:\recycler\NPROTECT\00000825.DIF
c:\recycler\NPROTECT\00000826.DIF
c:\recycler\NPROTECT\00000827.gsg
c:\recycler\NPROTECT\00000828.KRG
c:\recycler\NPROTECT\00000829.XML
c:\recycler\NPROTECT\00000830.KRG
c:\recycler\NPROTECT\00000831.stt
c:\recycler\NPROTECT\00000832.krg
c:\recycler\NPROTECT\00000833.stt
c:\recycler\NPROTECT\00000834.dat
c:\recycler\NPROTECT\00000835.XML
c:\recycler\NPROTECT\00000836.KRG
c:\recycler\NPROTECT\00000837.XML
c:\recycler\NPROTECT\00000838.avc
c:\recycler\NPROTECT\00000839.avc
c:\recycler\NPROTECT\00000840.xml
c:\recycler\NPROTECT\00000841.xml
c:\recycler\NPROTECT\00000842.XML
c:\recycler\NPROTECT\00000843.gsg
c:\recycler\NPROTECT\00000844.XML
c:\recycler\NPROTECT\00000845.avc
c:\recycler\NPROTECT\00000846.avc
c:\recycler\NPROTECT\00000847.avc
c:\recycler\NPROTECT\00000848.avc
c:\recycler\NPROTECT\00000852.XML
c:\recycler\NPROTECT\00000853.dat
c:\recycler\NPROTECT\00000856.XML
c:\recycler\NPROTECT\00000857.dat
c:\recycler\NPROTECT\00000858.PBV
c:\recycler\NPROTECT\00000859.KRG
c:\recycler\NPROTECT\00000860.KRG
c:\recycler\NPROTECT\00000861.krg
c:\recycler\NPROTECT\00000863.XML
c:\recycler\NPROTECT\00000865.XML
c:\recycler\NPROTECT\00000991.ecf
c:\recycler\NPROTECT\00001125.CAB
c:\recycler\NPROTECT\00001128.chk
c:\recycler\NPROTECT\00001134.cab
c:\recycler\NPROTECT\00001140.cab
c:\recycler\NPROTECT\00001163.edb
c:\recycler\NPROTECT\00001164.log
c:\recycler\NPROTECT\00001191.RPT
c:\recycler\NPROTECT\00001192.RPT
c:\recycler\NPROTECT\00001194.KLZ
c:\recycler\NPROTECT\00001195.xml
c:\recycler\NPROTECT\00001198.KLZ
c:\recycler\NPROTECT\00001199.XML
c:\recycler\NPROTECT\00001200.XML
c:\recycler\NPROTECT\00001201.XML
c:\recycler\NPROTECT\00001202.XML
c:\recycler\NPROTECT\00001207.dat
c:\recycler\NPROTECT\00001216.U5N
c:\recycler\NPROTECT\00001217.DIF
c:\recycler\NPROTECT\00001218.WXW
c:\recycler\NPROTECT\00001219.ZFL
c:\recycler\NPROTECT\00001220.DIF
c:\recycler\NPROTECT\00001221.DIF
c:\recycler\NPROTECT\00001222.YY1
c:\recycler\NPROTECT\00001223.DIF
c:\recycler\NPROTECT\00001224.DIF
c:\recycler\NPROTECT\00001225.gsg
c:\recycler\NPROTECT\00001226.KRG
c:\recycler\NPROTECT\00001227.XML
c:\recycler\NPROTECT\00001228.KRG
c:\recycler\NPROTECT\00001229.XML
c:\recycler\NPROTECT\00001230.avc
c:\recycler\NPROTECT\00001231.avc
c:\recycler\NPROTECT\00001232.avc
c:\recycler\NPROTECT\00001233.avc
c:\recycler\NPROTECT\00001234.krg
c:\recycler\NPROTECT\00001235.XML
c:\recycler\NPROTECT\00001236.dat
c:\recycler\NPROTECT\00001237.xml
c:\recycler\NPROTECT\00001238.PBV
c:\recycler\NPROTECT\00001239.xml
c:\recycler\NPROTECT\00001240.XML
c:\recycler\NPROTECT\00001241.stt
c:\recycler\NPROTECT\00001243.XML
c:\recycler\NPROTECT\00001244.stt
c:\recycler\NPROTECT\00001245.dat
c:\recycler\NPROTECT\00001246.XML
c:\recycler\NPROTECT\00001247.gsg
c:\recycler\NPROTECT\00001248.XML
c:\recycler\NPROTECT\00001249.avc
c:\recycler\NPROTECT\00001253.PBV
c:\recycler\NPROTECT\00001254.krg
c:\recycler\NPROTECT\00001255.KRG
c:\recycler\NPROTECT\00001256.KRG
c:\recycler\NPROTECT\00001257.KRG
c:\recycler\NPROTECT\00001259.XML
c:\recycler\NPROTECT\00001260.XML
c:\recycler\NPROTECT\00001261.KRG
c:\recycler\NPROTECT\00001262.dat
c:\recycler\NPROTECT\00001263.dat
c:\recycler\NPROTECT\00001264.dat
c:\recycler\NPROTECT\00001266.ecf
c:\recycler\NPROTECT\00001267.DB-
c:\recycler\NPROTECT\00001268.DB-
c:\recycler\NPROTECT\00001272.DB-
c:\recycler\NPROTECT\00001287.ecf
c:\recycler\NPROTECT\00001289.RPT
c:\recycler\NPROTECT\00001304.edb
c:\recycler\NPROTECT\00001335.DLL
c:\recycler\NPROTECT\00001336.SYS
c:\recycler\NPROTECT\00001337.SPM
c:\recycler\NPROTECT\00001338.GRD
c:\recycler\NPROTECT\00001339.SIG
c:\recycler\NPROTECT\00001340.INF
c:\recycler\NPROTECT\00001341.CAT
c:\recycler\NPROTECT\00001342.dl^
c:\recycler\NPROTECT\00001343.dl^
c:\recycler\NPROTECT\00001344.dl^
c:\recycler\NPROTECT\00001345.dl^
c:\recycler\NPROTECT\00001346.DL^
c:\recycler\NPROTECT\00001347.DL^
c:\recycler\NPROTECT\00001348.dl^
c:\recycler\NPROTECT\00001349.ex^
c:\recycler\NPROTECT\00001350.ex^
c:\recycler\NPROTECT\00001351.dl^
c:\recycler\NPROTECT\00001352.dl^
c:\recycler\NPROTECT\00001353.dl^
c:\recycler\NPROTECT\00001354.dl^
c:\recycler\NPROTECT\00001355.dl^
c:\recycler\NPROTECT\00001356.gr^
c:\recycler\NPROTECT\00001357.si^
c:\recycler\NPROTECT\00001358.sp^
c:\recycler\NPROTECT\00001360.dll
c:\recycler\NPROTECT\00001361.dat
c:\recycler\NPROTECT\00001362.scr
c:\recycler\NPROTECT\00001363.txt
c:\recycler\NPROTECT\00001364.DIS
c:\recycler\NPROTECT\00001365.grd
c:\recycler\NPROTECT\00001366.sig
c:\recycler\NPROTECT\00001367.dat
c:\recycler\NPROTECT\00001368.grd
c:\recycler\NPROTECT\00001369.sig
c:\recycler\NPROTECT\00001370.wlt
c:\recycler\NPROTECT\00001371.scr
c:\recycler\NPROTECT\00001372.txt
c:\recycler\NPROTECT\00001374.DIS
c:\recycler\NPROTECT\00001375.dis
c:\recycler\NPROTECT\00001376.grd
c:\recycler\NPROTECT\00001377.sig
c:\recycler\NPROTECT\00001393.DLL
c:\recycler\NPROTECT\00001394.SYS
c:\recycler\NPROTECT\00001395.SPM
c:\recycler\NPROTECT\00001396.GRD
c:\recycler\NPROTECT\00001397.SIG
c:\recycler\NPROTECT\00001398.INF
c:\recycler\NPROTECT\00001399.CAT
c:\recycler\NPROTECT\00001401.rbf
c:\recycler\NPROTECT\00001402.rbf
c:\recycler\NPROTECT\00001403.rbf
c:\recycler\NPROTECT\00001404.rbf
c:\recycler\NPROTECT\00001405.rbf
c:\recycler\NPROTECT\00001406.rbf
c:\recycler\NPROTECT\00001407.rbf
c:\recycler\NPROTECT\00001408.rbf
c:\recycler\NPROTECT\00001409.rbf
c:\recycler\NPROTECT\00001410.rbf
c:\recycler\NPROTECT\00001411.rbf
c:\recycler\NPROTECT\00001412.rbf
c:\recycler\NPROTECT\00001413.rbs
c:\recycler\NPROTECT\00001414.ipi
c:\recycler\NPROTECT\00001415.msi
c:\recycler\NPROTECT\00001418.rbs
c:\recycler\NPROTECT\00001419.ipi
c:\recycler\NPROTECT\00001420.msi
c:\recycler\NPROTECT\00001421.dl^
c:\recycler\NPROTECT\00001422.dl^
c:\recycler\NPROTECT\00001423.ex^
c:\recycler\NPROTECT\00001424.dl^
c:\recycler\NPROTECT\00001425.dl^
c:\recycler\NPROTECT\00001426.dl^
c:\recycler\NPROTECT\00001427.dl^
c:\recycler\NPROTECT\00001428.dl^
c:\recycler\NPROTECT\00001429.dl^
c:\recycler\NPROTECT\00001430.dl^
c:\recycler\NPROTECT\00001512.ini
c:\recycler\NPROTECT\00001513.ini
c:\recycler\NPROTECT\00001514.dat
c:\recycler\NPROTECT\00001515.dat
c:\recycler\NPROTECT\00001518.LOG
c:\recycler\NPROTECT\00001519.log
c:\recycler\NPROTECT\00001520.log
c:\recycler\NPROTECT\00001521.log
c:\recycler\NPROTECT\00001522.dat
c:\recycler\NPROTECT\00001523.dat
c:\recycler\NPROTECT\00001524.dat
c:\recycler\NPROTECT\00001539.ecf
c:\recycler\NPROTECT\00001545.RPT
c:\recycler\NPROTECT\00001554.REG
c:\recycler\NPROTECT\00001555.REG
c:\recycler\NPROTECT\00001556.REG
c:\recycler\NPROTECT\00001557.REG
c:\recycler\NPROTECT\00001558.REG
c:\recycler\NPROTECT\00001559.REG
c:\recycler\NPROTECT\00001560.REG
c:\recycler\NPROTECT\00001561.REG
c:\recycler\NPROTECT\00001562.REG
c:\recycler\NPROTECT\00001563.REG
c:\recycler\NPROTECT\00001564.REG
c:\recycler\NPROTECT\00001565.REG
c:\recycler\NPROTECT\00001566.REG
c:\recycler\NPROTECT\00001567.REG
c:\recycler\NPROTECT\00001568.REG
c:\recycler\NPROTECT\00001569.REG
c:\recycler\NPROTECT\00001570.REG
c:\recycler\NPROTECT\00001571.REG
c:\recycler\NPROTECT\00001572.REG
c:\recycler\NPROTECT\00001573.REG
c:\recycler\NPROTECT\00001574.REG
c:\recycler\NPROTECT\00001575.REG
c:\recycler\NPROTECT\00001576.REG
c:\recycler\NPROTECT\00001577.REG
c:\recycler\NPROTECT\00001578.REG
c:\recycler\NPROTECT\00001579.REG
c:\recycler\NPROTECT\00001580.REG
c:\recycler\NPROTECT\00001581.REG
c:\recycler\NPROTECT\00001582.REG
c:\recycler\NPROTECT\00001583.REG
c:\recycler\NPROTECT\00001584.REG
c:\recycler\NPROTECT\00001585.edb
c:\recycler\NPROTECT\00001586.REG
c:\recycler\NPROTECT\00001587.REG
c:\recycler\NPROTECT\00001588.REG
c:\recycler\NPROTECT\00001589.REG
c:\recycler\NPROTECT\00001590.REG
c:\recycler\NPROTECT\00001591.REG
c:\recycler\NPROTECT\00001592.REG
c:\recycler\NPROTECT\00001593.REG
c:\recycler\NPROTECT\00001594.REG
c:\recycler\NPROTECT\00001595.REG
c:\recycler\NPROTECT\00001596.REG
c:\recycler\NPROTECT\00001597.REG
c:\recycler\NPROTECT\00001598.REG
c:\recycler\NPROTECT\00001599.REG
c:\recycler\NPROTECT\00001600.REG
c:\recycler\NPROTECT\00001601.REG
c:\recycler\NPROTECT\00001602.REG
c:\recycler\NPROTECT\00001603.REG
c:\recycler\NPROTECT\00001604.REG
c:\recycler\NPROTECT\00001605.REG
c:\recycler\NPROTECT\00001606.REG
c:\recycler\NPROTECT\00001607.REG
c:\recycler\NPROTECT\00001608.REG
c:\recycler\NPROTECT\00001609.REG
c:\recycler\NPROTECT\00001610.REG
c:\recycler\NPROTECT\00001611.REG
c:\recycler\NPROTECT\00001612.REG
c:\recycler\NPROTECT\00001613.REG
c:\recycler\NPROTECT\00001614.REG
c:\recycler\NPROTECT\00001615.REG
c:\recycler\NPROTECT\00001616.REG
c:\recycler\NPROTECT\00001617.REG
c:\recycler\NPROTECT\00001618.REG
c:\recycler\NPROTECT\00001619.REG
c:\recycler\NPROTECT\00001620.REG
c:\recycler\NPROTECT\00001621.REG
c:\recycler\NPROTECT\00001622.REG
c:\recycler\NPROTECT\00001623.REG
c:\recycler\NPROTECT\00001624.REG
c:\recycler\NPROTECT\00001625.REG
c:\recycler\NPROTECT\00001626.REG
c:\recycler\NPROTECT\00001627.REG
c:\recycler\NPROTECT\00001628.REG
c:\recycler\NPROTECT\00001629.REG
c:\recycler\NPROTECT\00001630.REG
c:\recycler\NPROTECT\00001631.REG
c:\recycler\NPROTECT\00001632.REG
c:\recycler\NPROTECT\00001633.REG
c:\recycler\NPROTECT\00001634.REG
c:\recycler\NPROTECT\00001635.REG
c:\recycler\NPROTECT\00001636.REG
c:\recycler\NPROTECT\00001637.REG
c:\recycler\NPROTECT\00001638.REG
c:\recycler\NPROTECT\00001639.REG
c:\recycler\NPROTECT\00001640.REG
c:\recycler\NPROTECT\00001641.REG
c:\recycler\NPROTECT\00001642.REG
c:\recycler\NPROTECT\00001643.REG
c:\recycler\NPROTECT\00001644.REG
c:\recycler\NPROTECT\00001645.REG
c:\recycler\NPROTECT\00001646.REG
c:\recycler\NPROTECT\00001647.REG
c:\recycler\NPROTECT\00001648.REG
c:\recycler\NPROTECT\00001649.REG
c:\recycler\NPROTECT\00001650.REG
c:\recycler\NPROTECT\00001651.REG
c:\recycler\NPROTECT\00001652.REG
c:\recycler\NPROTECT\00001653.REG
c:\recycler\NPROTECT\00001654.REG
c:\recycler\NPROTECT\00001655.REG
c:\recycler\NPROTECT\00001656.REG
c:\recycler\NPROTECT\00001657.REG
c:\recycler\NPROTECT\00001658.REG
c:\recycler\NPROTECT\00001659.REG
c:\recycler\NPROTECT\00001660.REG
c:\recycler\NPROTECT\00001661.REG
c:\recycler\NPROTECT\00001662.REG
c:\recycler\NPROTECT\00001663.REG
c:\recycler\NPROTECT\00001664.REG
c:\recycler\NPROTECT\00001665.REG
c:\recycler\NPROTECT\00001666.REG
c:\recycler\NPROTECT\00001667.REG
c:\recycler\NPROTECT\00001668.REG
c:\recycler\NPROTECT\00001669.REG
c:\recycler\NPROTECT\00001670.REG
c:\recycler\NPROTECT\00001671.REG
c:\recycler\NPROTECT\00001672.REG
c:\recycler\NPROTECT\00001673.REG
c:\recycler\NPROTECT\00001674.REG
c:\recycler\NPROTECT\00001675.REG
c:\recycler\NPROTECT\00001676.REG
c:\recycler\NPROTECT\00001677.REG
c:\recycler\NPROTECT\00001678.REG
c:\recycler\NPROTECT\00001679.REG
c:\recycler\NPROTECT\00001680.REG
c:\recycler\NPROTECT\00001681.REG
c:\recycler\NPROTECT\00001682.REG
c:\recycler\NPROTECT\00001683.REG
c:\recycler\NPROTECT\00001684.REG
c:\recycler\NPROTECT\00001685.REG
c:\recycler\NPROTECT\00001686.REG
c:\recycler\NPROTECT\00001687.REG
c:\recycler\NPROTECT\00001688.REG
c:\recycler\NPROTECT\00001689.REG
c:\recycler\NPROTECT\00001690.REG
c:\recycler\NPROTECT\00001691.REG
c:\recycler\NPROTECT\00001692.REG
c:\recycler\NPROTECT\00001693.REG
c:\recycler\NPROTECT\00001694.REG
c:\recycler\NPROTECT\00001695.REG
c:\recycler\NPROTECT\00001696.REG
c:\recycler\NPROTECT\00001697.REG
c:\recycler\NPROTECT\00001698.REG
c:\recycler\NPROTECT\00001699.REG
c:\recycler\NPROTECT\00001700.REG
c:\recycler\NPROTECT\00001701.REG
c:\recycler\NPROTECT\00001702.REG
c:\recycler\NPROTECT\00001703.REG
c:\recycler\NPROTECT\00001704.REG
c:\recycler\NPROTECT\00001705.REG
c:\recycler\NPROTECT\00001706.REG
c:\recycler\NPROTECT\00001707.REG
c:\recycler\NPROTECT\00001708.REG
c:\recycler\NPROTECT\00001709.REG
c:\recycler\NPROTECT\00001710.REG
c:\recycler\NPROTECT\00001711.REG
c:\recycler\NPROTECT\00001712.REG
c:\recycler\NPROTECT\00001713.REG
c:\recycler\NPROTECT\00001714.REG
c:\recycler\NPROTECT\00001715.REG
c:\recycler\NPROTECT\00001716.REG
c:\recycler\NPROTECT\00001717.REG
c:\recycler\NPROTECT\00001719.und
c:\recycler\NPROTECT\00001721.und
c:\recycler\NPROTECT\00001723.und
c:\recycler\NPROTECT\00001725.und
c:\recycler\NPROTECT\00001727.und
c:\recycler\NPROTECT\00001729.und
c:\recycler\NPROTECT\00001731.und
c:\recycler\NPROTECT\00001733.und
c:\recycler\NPROTECT\00001735.und
c:\recycler\NPROTECT\00001737.und
c:\recycler\NPROTECT\00001739.und
c:\recycler\NPROTECT\00001741.und
c:\recycler\NPROTECT\00001743.und
c:\recycler\NPROTECT\00001745.und
c:\recycler\NPROTECT\00001747.und
c:\recycler\NPROTECT\00001749.und
c:\recycler\NPROTECT\00001751.und
c:\recycler\NPROTECT\00001753.und
c:\recycler\NPROTECT\00001755.und
c:\recycler\NPROTECT\00001757.und
c:\recycler\NPROTECT\00001759.und
c:\recycler\NPROTECT\00001761.und
c:\recycler\NPROTECT\00001763.und
c:\recycler\NPROTECT\00001765.und
c:\recycler\NPROTECT\00001767.und
c:\recycler\NPROTECT\00001769.und
c:\recycler\NPROTECT\00001771.und
c:\recycler\NPROTECT\00001773.und
c:\recycler\NPROTECT\00001775.und
c:\recycler\NPROTECT\00001777.und
c:\recycler\NPROTECT\00001779.und
c:\recycler\NPROTECT\00001781.und
c:\recycler\NPROTECT\00001783.und
c:\recycler\NPROTECT\00001785.und
c:\recycler\NPROTECT\00001787.und
c:\recycler\NPROTECT\00001789.und
c:\recycler\NPROTECT\00001791.und
c:\recycler\NPROTECT\00001793.und
c:\recycler\NPROTECT\00001795.und
c:\recycler\NPROTECT\00001797.und
c:\recycler\NPROTECT\00001799.und
c:\recycler\NPROTECT\00001801.und
c:\recycler\NPROTECT\00001803.und
c:\recycler\NPROTECT\00001805.und
c:\recycler\NPROTECT\00001807.und
c:\recycler\NPROTECT\00001809.und
c:\recycler\NPROTECT\00001811.und
c:\recycler\NPROTECT\00001813.und
c:\recycler\NPROTECT\00001815.und
c:\recycler\NPROTECT\00001817.und
c:\recycler\NPROTECT\00001819.und
c:\recycler\NPROTECT\00001821.und
c:\recycler\NPROTECT\00001823.und
c:\recycler\NPROTECT\00001825.und
c:\recycler\NPROTECT\00001827.und
c:\recycler\NPROTECT\00001829.und
c:\recycler\NPROTECT\00001831.und
c:\recycler\NPROTECT\00001833.und
c:\recycler\NPROTECT\00001835.und
c:\recycler\NPROTECT\00001837.und
c:\recycler\NPROTECT\00001839.und
c:\recycler\NPROTECT\00001841.und
c:\recycler\NPROTECT\00001843.und
c:\recycler\NPROTECT\00001845.und
c:\recycler\NPROTECT\00001847.und
c:\recycler\NPROTECT\00001849.und
c:\recycler\NPROTECT\00001851.und
c:\recycler\NPROTECT\00001853.und
c:\recycler\NPROTECT\00001855.und
c:\recycler\NPROTECT\00001857.und
c:\recycler\NPROTECT\00001859.und
c:\recycler\NPROTECT\00001861.und
c:\recycler\NPROTECT\00001863.und
c:\recycler\NPROTECT\00001865.und
c:\recycler\NPROTECT\00001867.und
c:\recycler\NPROTECT\00001869.und
c:\recycler\NPROTECT\00001870.dll
c:\recycler\NPROTECT\00001872.und
c:\recycler\NPROTECT\00001874.und
c:\recycler\NPROTECT\00001876.dll
c:\recycler\NPROTECT\00001877.und
c:\recycler\NPROTECT\00001881.und
c:\recycler\NPROTECT\00001884.und
c:\recycler\NPROTECT\00001886.und
c:\recycler\NPROTECT\00001888.und
c:\recycler\NPROTECT\00001890.und
c:\recycler\NPROTECT\00001892.und
c:\recycler\NPROTECT\00001894.und
c:\recycler\NPROTECT\00001895.dat
c:\recycler\NPROTECT\00001896.scr
c:\recycler\NPROTECT\00001897.txt
c:\recycler\NPROTECT\00001898.DIS
c:\recycler\NPROTECT\00001899.grd
c:\recycler\NPROTECT\00001900.sig
c:\recycler\NPROTECT\00001901.spm
c:\recycler\NPROTECT\00001902.DIS
c:\recycler\NPROTECT\00001903.grd
c:\recycler\NPROTECT\00001904.sig
c:\recycler\NPROTECT\00002050.RPT
c:\recycler\NPROTECT\00002051.RPT
c:\recycler\NPROTECT\00002054.xml
c:\recycler\NPROTECT\00002056.XML
c:\recycler\NPROTECT\00002057.XML
c:\recycler\NPROTECT\00002058.XML
c:\recycler\NPROTECT\00002060.XML
c:\recycler\NPROTECT\00002074.8DW
c:\recycler\NPROTECT\00002075.DIF
c:\recycler\NPROTECT\00002076.H08
c:\recycler\NPROTECT\00002077.DIF
c:\recycler\NPROTECT\00002078.DIF
c:\recycler\NPROTECT\00002079.EEE
c:\recycler\NPROTECT\00002080.XER
c:\recycler\NPROTECT\00002081.HUW
c:\recycler\NPROTECT\00002082.-QO
c:\recycler\NPROTECT\00002083.131
c:\recycler\NPROTECT\00002084.DIF
c:\recycler\NPROTECT\00002085.DIF
c:\recycler\NPROTECT\00002086.gsg
c:\recycler\NPROTECT\00002087.KRG
c:\recycler\NPROTECT\00002088.XML
c:\recycler\NPROTECT\00002089.KRG
c:\recycler\NPROTECT\00002090.stt
c:\recycler\NPROTECT\00002091.krg
c:\recycler\NPROTECT\00002092.stt
c:\recycler\NPROTECT\00002093.dat
c:\recycler\NPROTECT\00002094.XML
c:\recycler\NPROTECT\00002095.KRG
c:\recycler\NPROTECT\00002096.XML
c:\recycler\NPROTECT\00002097.avc
c:\recycler\NPROTECT\00002098.KRG
c:\recycler\NPROTECT\00002099.XML
c:\recycler\NPROTECT\00002100.xml
c:\recycler\NPROTECT\00002101.PBV
c:\recycler\NPROTECT\00002102.xml
c:\recycler\NPROTECT\00002103.XML
c:\recycler\NPROTECT\00002104.stt
c:\recycler\NPROTECT\00002106.XML
c:\recycler\NPROTECT\00002107.stt
c:\recycler\NPROTECT\00002108.dat
c:\recycler\NPROTECT\00002109.XML
c:\recycler\NPROTECT\00002110.gsg
c:\recycler\NPROTECT\00002111.XML
c:\recycler\NPROTECT\00002112.avc
c:\recycler\NPROTECT\00002113.avc
c:\recycler\NPROTECT\00002114.avc
c:\recycler\NPROTECT\00002115.avc
c:\recycler\NPROTECT\00002120.lst
c:\recycler\NPROTECT\00002121.krg
c:\recycler\NPROTECT\00002122.KRG
c:\recycler\NPROTECT\00002123.KRG
c:\recycler\NPROTECT\00002124.KRG
c:\recycler\NPROTECT\00002126.XML
c:\recycler\NPROTECT\00002211.ecf
c:\recycler\NPROTECT\00002421.RPT
c:\recycler\NPROTECT\00002422.RPT
c:\recycler\NPROTECT\00002424.KLZ
c:\recycler\NPROTECT\00002425.xml
c:\recycler\NPROTECT\00002428.bin
c:\recycler\NPROTECT\00002430.XML
c:\recycler\NPROTECT\00002431.XML
c:\recycler\NPROTECT\00002432.XML
c:\recycler\NPROTECT\00002433.KLZ
c:\recycler\NPROTECT\00002434.XML
c:\recycler\NPROTECT\00002436.XML
c:\recycler\NPROTECT\00002451.12H
c:\recycler\NPROTECT\00002452.DIF
c:\recycler\NPROTECT\00002453.VJM
c:\recycler\NPROTECT\00002454.DIF
c:\recycler\NPROTECT\00002455.DIF
c:\recycler\NPROTECT\00002456.6E8
c:\recycler\NPROTECT\00002457.VZF
c:\recycler\NPROTECT\00002458.DIF
c:\recycler\NPROTECT\00002459.VXN
c:\recycler\NPROTECT\00002460.DIF
c:\recycler\NPROTECT\00002461.3KY
c:\recycler\NPROTECT\00002462.DIF
c:\recycler\NPROTECT\00002463.gsg
c:\recycler\NPROTECT\00002464.KRG
c:\recycler\NPROTECT\00002465.XML
c:\recycler\NPROTECT\00002466.KRG
c:\recycler\NPROTECT\00002467.stt
c:\recycler\NPROTECT\00002468.krg
c:\recycler\NPROTECT\00002469.stt
c:\recycler\NPROTECT\00002470.dat
c:\recycler\NPROTECT\00002471.XML
c:\recycler\NPROTECT\00002472.KRG
c:\recycler\NPROTECT\00002473.XML
c:\recycler\NPROTECT\00002474.lst
c:\recycler\NPROTECT\00002475.avc
c:\recycler\NPROTECT\00002476.avc
c:\recycler\NPROTECT\00002477.avc
c:\recycler\NPROTECT\00002478.avc
c:\recycler\NPROTECT\00002479.xml
c:\recycler\NPROTECT\00002480.xml
c:\recycler\NPROTECT\00002481.XML
c:\recycler\NPROTECT\00002482.stt
c:\recycler\NPROTECT\00002483.XML
c:\recycler\NPROTECT\00002484.kdz
c:\recycler\NPROTECT\00002485.KRG
c:\recycler\NPROTECT\00002487.dat
c:\recycler\NPROTECT\00002489.XML
c:\recycler\NPROTECT\00002490.stt
c:\recycler\NPROTECT\00002491.dat
c:\recycler\NPROTECT\00002492.XML
c:\recycler\NPROTECT\00002493.gsg
c:\recycler\NPROTECT\00002494.XML
c:\recycler\NPROTECT\00002495.avc
c:\recycler\NPROTECT\00002496.avc
c:\recycler\NPROTECT\00002500.krg
c:\recycler\NPROTECT\00002501.KRG
c:\recycler\NPROTECT\00002502.KRG
c:\recycler\NPROTECT\00002503.KRG
c:\recycler\NPROTECT\00002504.KRG
c:\recycler\NPROTECT\00002506.XML
c:\recycler\NPROTECT\00002507.XML
c:\recycler\NPROTECT\00002510.kfb
c:\recycler\NPROTECT\00002552.ecf
c:\recycler\NPROTECT\00002802.RPT
c:\recycler\NPROTECT\00002803.RPT
c:\recycler\NPROTECT\00002805.xml
c:\recycler\NPROTECT\00002806.XML
c:\recycler\NPROTECT\00002808.ecf
c:\recycler\NPROTECT\00002809.XML
c:\recycler\NPROTECT\00002817.DVA
c:\recycler\NPROTECT\00002818.DIF
c:\recycler\NPROTECT\00002819.4O9
c:\recycler\NPROTECT\00002820.DIF
c:\recycler\NPROTECT\00002821.DIF
c:\recycler\NPROTECT\00002822.gsg
c:\recycler\NPROTECT\00002823.KRG
c:\recycler\NPROTECT\00002824.XML
c:\recycler\NPROTECT\00002825.KRG
c:\recycler\NPROTECT\00002826.stt
c:\recycler\NPROTECT\00002827.krg
c:\recycler\NPROTECT\00002828.stt
c:\recycler\NPROTECT\00002829.dat
c:\recycler\NPROTECT\00002830.XML
c:\recycler\NPROTECT\00002831.KRG
c:\recycler\NPROTECT\00002832.XML
c:\recycler\NPROTECT\00002833.avc
c:\recycler\NPROTECT\00002834.avc
c:\recycler\NPROTECT\00002835.KRG
c:\recycler\NPROTECT\00002836.XML
c:\recycler\NPROTECT\00002837.kfb
c:\recycler\NPROTECT\00002838.KRG
c:\recycler\NPROTECT\00002839.XML
c:\recycler\NPROTECT\00002840.kdz
c:\recycler\NPROTECT\00002841.xml
c:\recycler\NPROTECT\00002842.xml
c:\recycler\NPROTECT\00002843.XML
c:\recycler\NPROTECT\00002844.stt
c:\recycler\NPROTECT\00002846.XML
c:\recycler\NPROTECT\00002847.stt
c:\recycler\NPROTECT\00002848.dat
c:\recycler\NPROTECT\00002849.XML
c:\recycler\NPROTECT\00002850.gsg
c:\recycler\NPROTECT\00002851.krg
c:\recycler\NPROTECT\00002852.KRG
c:\recycler\NPROTECT\00002853.KRG
c:\recycler\NPROTECT\00002855.XML
c:\recycler\NPROTECT\00003100.DAT
c:\recycler\NPROTECT\00003101.dat
c:\recycler\NPROTECT\00003102.dat
c:\recycler\NPROTECT\00003103.sys
c:\recycler\NPROTECT\00003104.vxd
c:\recycler\NPROTECT\00003105.dll
c:\recycler\NPROTECT\00003106.grd
c:\recycler\NPROTECT\00003107.sig
c:\recycler\NPROTECT\00003108.DAT
c:\recycler\NPROTECT\00003109.dat
c:\recycler\NPROTECT\00003140.ecf
c:\recycler\NPROTECT\00003181.RPT
c:\recycler\NPROTECT\00003182.RPT
c:\recycler\NPROTECT\00003184.xml
c:\recycler\NPROTECT\00003185.XML
c:\recycler\NPROTECT\00003187.XML
c:\recycler\NPROTECT\00003195.Z1A
c:\recycler\NPROTECT\00003196.DIF
c:\recycler\NPROTECT\00003197.KM-
c:\recycler\NPROTECT\00003198.DIF
c:\recycler\NPROTECT\00003199.DIF
c:\recycler\NPROTECT\00003200.gsg
c:\recycler\NPROTECT\00003201.KRG
c:\recycler\NPROTECT\00003202.XML
c:\recycler\NPROTECT\00003203.KRG
c:\recycler\NPROTECT\00003204.stt
c:\recycler\NPROTECT\00003205.krg
c:\recycler\NPROTECT\00003206.stt
c:\recycler\NPROTECT\00003207.dat
c:\recycler\NPROTECT\00003208.XML
c:\recycler\NPROTECT\00003209.xml
c:\recycler\NPROTECT\00003210.xml
c:\recycler\NPROTECT\00003211.XML
c:\recycler\NPROTECT\00003212.stt
c:\recycler\NPROTECT\00003214.XML
c:\recycler\NPROTECT\00003215.stt
c:\recycler\NPROTECT\00003216.dat
c:\recycler\NPROTECT\00003217.XML
c:\recycler\NPROTECT\00003218.gsg
c:\recycler\NPROTECT\00003219.krg
c:\recycler\NPROTECT\00003220.KRG
c:\recycler\NPROTECT\00003221.KRG
c:\recycler\NPROTECT\00003223.XML
c:\recycler\NPROTECT\00003224.dat
c:\recycler\NPROTECT\00003225.dat
c:\recycler\NPROTECT\00003232.ecf
c:\recycler\NPROTECT\00003234.RPT
c:\recycler\NPROTECT\00003259.DB-
c:\recycler\NPROTECT\00003260.DB-
c:\recycler\NPROTECT\00003262.DB-
c:\recycler\NPROTECT\00003267.ecf
c:\recycler\NPROTECT\00003274.edb
c:\recycler\NPROTECT\00003336.DIC
c:\recycler\NPROTECT\00003342.XML
c:\recycler\NPROTECT\00003345.PLK
c:\recycler\NPROTECT\00003348.RPT
c:\recycler\NPROTECT\00003349.RPT
c:\recycler\NPROTECT\00003350.xml
c:\recycler\NPROTECT\00003351.RPT
c:\recycler\NPROTECT\00003352.RPT
c:\recycler\NPROTECT\00003353.RPT
c:\recycler\NPROTECT\00003355.LNK
c:\recycler\NPROTECT\00003356.LNK
c:\recycler\NPROTECT\00003357.LNK
c:\recycler\NPROTECT\00003358.LNK
c:\recycler\NPROTECT\00003359.XML
c:\recycler\NPROTECT\00003360.KLZ
c:\recycler\NPROTECT\00003361.XML
c:\recycler\NPROTECT\00003362.XML
c:\recycler\NPROTECT\00003363.LNK
c:\recycler\NPROTECT\00003364.LNK
c:\recycler\NPROTECT\00003365.LNK
c:\recycler\NPROTECT\00003366.LNK
c:\recycler\NPROTECT\00003383.LNK
c:\recycler\NPROTECT\00003384.LNK
c:\recycler\NPROTECT\00003389.DOC
c:\recycler\NPROTECT\00003391._PD
c:\recycler\NPROTECT\00003392.DIF
c:\recycler\NPROTECT\00003394.-DN
c:\recycler\NPROTECT\00003395.DIF
c:\recycler\NPROTECT\00003396.DIF
c:\recycler\NPROTECT\00003397.GWA
c:\recycler\NPROTECT\00003398.LKM
c:\recycler\NPROTECT\00003399.WW_
c:\recycler\NPROTECT\00003400.1PK
c:\recycler\NPROTECT\00003401.T1M
c:\recycler\NPROTECT\00003402.BYR
c:\recycler\NPROTECT\00003403.KT9
c:\recycler\NPROTECT\00003404.LF-
c:\recycler\NPROTECT\00003405.7MR
c:\recycler\NPROTECT\00003406.3LZ
c:\recycler\NPROTECT\00003407.DIF
c:\recycler\NPROTECT\00003408.ini
c:\recycler\NPROTECT\00003409.ini
c:\recycler\NPROTECT\00003410.gsg
c:\recycler\NPROTECT\00003411.KRG
c:\recycler\NPROTECT\00003412.XML
c:\recycler\NPROTECT\00003413.KRG
c:\recycler\NPROTECT\00003414.stt
c:\recycler\NPROTECT\00003415.krg
c:\recycler\NPROTECT\00003416.stt
c:\recycler\NPROTECT\00003417.dat
c:\recycler\NPROTECT\00003418.XML
c:\recycler\NPROTECT\00003420.xml
c:\recycler\NPROTECT\00003421.xml
c:\recycler\NPROTECT\00003422.XML
c:\recycler\NPROTECT\00003423.stt
c:\recycler\NPROTECT\00003425.XML
c:\recycler\NPROTECT\00003426.stt
c:\recycler\NPROTECT\00003427.dat
c:\recycler\NPROTECT\00003428.XML
c:\recycler\NPROTECT\00003429.gsg
c:\recycler\NPROTECT\00003430.XML
c:\recycler\NPROTECT\00003431.avc
c:\recycler\NPROTECT\00003432.avc
c:\recycler\NPROTECT\00003433.avc
c:\recycler\NPROTECT\00003434.avc
c:\recycler\NPROTECT\00003435.avc
c:\recycler\NPROTECT\00003436.avc
c:\recycler\NPROTECT\00003437.avc
c:\recycler\NPROTECT\00003438.avc
c:\recycler\NPROTECT\00003439.avc
c:\recycler\NPROTECT\00003440.set
c:\recycler\NPROTECT\00003442.krg
c:\recycler\NPROTECT\00003443.KRG
c:\recycler\NPROTECT\00003444.KRG
c:\recycler\NPROTECT\00003445.KRG
c:\recycler\NPROTECT\00003447.XML
c:\recycler\NPROTECT\00003450.LOG
c:\recycler\NPROTECT\00003451.log
c:\recycler\NPROTECT\00003452.log
c:\recycler\NPROTECT\00003453.log
c:\recycler\NPROTECT\00003459.LNK
c:\recycler\NPROTECT\00003460.dat
c:\recycler\NPROTECT\00003461.LNK
c:\recycler\NPROTECT\00003465.log
c:\recycler\NPROTECT\00003466.log
c:\recycler\NPROTECT\00003467.log
c:\recycler\NPROTECT\00003468.log
c:\recycler\NPROTECT\00003469.log
c:\recycler\NPROTECT\00003494.XML
c:\recycler\NPROTECT\00003495.XML
c:\recycler\NPROTECT\00003496.XML
c:\recycler\NPROTECT\00003497.rbf
c:\recycler\NPROTECT\00003498.rbf
c:\recycler\NPROTECT\00003499.rbf
c:\recycler\NPROTECT\00003500.rbf
c:\recycler\NPROTECT\00003501.rbf
c:\recycler\NPROTECT\00003502.rbf
c:\recycler\NPROTECT\00003503.rbs
c:\recycler\NPROTECT\00003504.ipi
c:\recycler\NPROTECT\00003524.dat
c:\recycler\NPROTECT\00003526.DIC
c:\recycler\NPROTECT\00003527.LNK
c:\recycler\NPROTECT\00003528.LNK
c:\recycler\NPROTECT\00003529.LNK
c:\recycler\NPROTECT\00003530.LNK
c:\recycler\NPROTECT\00003531.LNK
c:\recycler\NPROTECT\00003532.LNK
c:\recycler\NPROTECT\00003536.DOC
c:\recycler\NPROTECT\00003636.ini
c:\recycler\NPROTECT\00003637.ini
c:\recycler\NPROTECT\00003638.dat
c:\recycler\NPROTECT\00003641.log
c:\recycler\NPROTECT\00003644.XML
c:\recycler\NPROTECT\00003646.ini
c:\recycler\NPROTECT\00003647.ini
c:\recycler\NPROTECT\00003648.dat
c:\recycler\NPROTECT\00003649.dat
c:\recycler\NPROTECT\00003651.LNK
c:\recycler\NPROTECT\00003652.dat
c:\recycler\NPROTECT\00003653.LNK
c:\recycler\NPROTECT\00003675.XML
c:\recycler\NPROTECT\00003677.ini
c:\recycler\NPROTECT\00003678.ini
c:\recycler\NPROTECT\00003679.dat
c:\recycler\NPROTECT\00003680.dat
c:\recycler\NPROTECT\00003684.PLK
c:\recycler\NPROTECT\00003686.dat
c:\recycler\NPROTECT\00003687.dat
c:\recycler\NPROTECT\00003695.ecf
c:\recycler\NPROTECT\00003705.KLZ
c:\recycler\NPROTECT\00003706.xml
c:\recycler\NPROTECT\00003710.RPT
c:\recycler\NPROTECT\00003712.ini
c:\recycler\NPROTECT\00003713.ini
c:\recycler\NPROTECT\00003714.dat
c:\recycler\NPROTECT\00003716.LOG
c:\recycler\NPROTECT\00003717.log
c:\recycler\NPROTECT\00003718.log
c:\recycler\NPROTECT\00003719.XML
c:\recycler\NPROTECT\00003721.KLZ
c:\recycler\NPROTECT\00003722.XML
c:\recycler\NPROTECT\00003723.XML
c:\recycler\NPROTECT\00003730.avc
c:\recycler\NPROTECT\00003732.avc
c:\recycler\NPROTECT\00003737.DDT
c:\recycler\NPROTECT\00003738.DIF
c:\recycler\NPROTECT\00003739.LER
c:\recycler\NPROTECT\00003740.DIF
c:\recycler\NPROTECT\00003741.DIF
c:\recycler\NPROTECT\00003742.ANP
c:\recycler\NPROTECT\00003743.FTF
c:\recycler\NPROTECT\00003744.4X2
c:\recycler\NPROTECT\00003745.ZO0
c:\recycler\NPROTECT\00003746.DHW
c:\recycler\NPROTECT\00003747.DIF
c:\recycler\NPROTECT\00003748.gsg
c:\recycler\NPROTECT\00003749.KRG
c:\recycler\NPROTECT\00003750.XML
c:\recycler\NPROTECT\00003751.KRG
c:\recycler\NPROTECT\00003752.stt
c:\recycler\NPROTECT\00003753.krg
c:\recycler\NPROTECT\00003754.stt
c:\recycler\NPROTECT\00003755.dat
c:\recycler\NPROTECT\00003756.XML
c:\recycler\NPROTECT\00003757.KRG
c:\recycler\NPROTECT\00003758.XML
c:\recycler\NPROTECT\00003759.set
c:\recycler\NPROTECT\00003760.avc
c:\recycler\NPROTECT\00003761.avc
c:\recycler\NPROTECT\00003762.avc
c:\recycler\NPROTECT\00003763.avc
c:\recycler\NPROTECT\00003764.avc
c:\recycler\NPROTECT\00003765.avc
c:\recycler\NPROTECT\00003766.avc
c:\recycler\NPROTECT\00003767.avc
c:\recycler\NPROTECT\00003768.avc
c:\recycler\NPROTECT\00003769.xml
c:\recycler\NPROTECT\00003770.xml
c:\recycler\NPROTECT\00003771.XML
c:\recycler\NPROTECT\00003772.stt
c:\recycler\NPROTECT\00003774.XML
c:\recycler\NPROTECT\00003775.stt
c:\recycler\NPROTECT\00003776.dat
c:\recycler\NPROTECT\00003777.XML
c:\recycler\NPROTECT\00003778.gsg
c:\recycler\NPROTECT\00003779.XML
c:\recycler\NPROTECT\00003780.avc
c:\recycler\NPROTECT\00003781.avc
c:\recycler\NPROTECT\00003782.avc
c:\recycler\NPROTECT\00003786.krg
c:\recycler\NPROTECT\00003787.KRG
c:\recycler\NPROTECT\00003788.KRG
c:\recycler\NPROTECT\00003789.KRG
c:\recycler\NPROTECT\00003791.XML
c:\recycler\NPROTECT\00003793.LNK
c:\recycler\NPROTECT\00003794.LNK
c:\recycler\NPROTECT\00003795.LNK
c:\recycler\NPROTECT\00003796.exe
c:\recycler\NPROTECT\00003797.exe
c:\recycler\NPROTECT\00003798.exe
c:\recycler\NPROTECT\00003799.exe
c:\recycler\NPROTECT\00003800.dll
c:\recycler\NPROTECT\00003801.exe
c:\recycler\NPROTECT\00003802.exe
c:\recycler\NPROTECT\00003803.img
c:\recycler\NPROTECT\00003804.ICO
c:\recycler\NPROTECT\00003805.dll
c:\recycler\NPROTECT\00003806.mst
c:\recycler\NPROTECT\00003807.cfg
c:\recycler\NPROTECT\00003808.chm
c:\recycler\NPROTECT\00003809.txt
c:\recycler\NPROTECT\00003810.dll
c:\recycler\NPROTECT\00003811.DLL
c:\recycler\NPROTECT\00003814.exe
c:\recycler\NPROTECT\00003817.sys
c:\recycler\NPROTECT\00003820.ini
c:\recycler\NPROTECT\00003821.ini
c:\recycler\NPROTECT\00003822.dat
c:\recycler\NPROTECT\00003823.log
c:\recycler\NPROTECT\00003824.log
c:\recycler\NPROTECT\00003829.DB-
c:\recycler\NPROTECT\00003830.DB-
c:\recycler\NPROTECT\00003831.DB-
c:\recycler\NPROTECT\00003832.log
c:\recycler\NPROTECT\00003833.log
c:\recycler\NPROTECT\00003834.DB-
c:\recycler\NPROTECT\00003835.log
c:\recycler\NPROTECT\00003836.log
c:\recycler\NPROTECT\00003837.DB-
c:\recycler\NPROTECT\00003838
c:\recycler\NPROTECT\00003839.fnm
c:\recycler\NPROTECT\00003840.frq
c:\recycler\NPROTECT\00003841.prx
c:\recycler\NPROTECT\00003842.fdx
c:\recycler\NPROTECT\00003843.fdt
c:\recycler\NPROTECT\00003844.tii
c:\recycler\NPROTECT\00003845.tis
c:\recycler\NPROTECT\00003846.f0
c:\recycler\NPROTECT\00003847.f1
c:\recycler\NPROTECT\00003848.f2
c:\recycler\NPROTECT\00003849.f3
c:\recycler\NPROTECT\00003850.f4
c:\recycler\NPROTECT\00003851.f5
c:\recycler\NPROTECT\00003852.f6
c:\recycler\NPROTECT\00003853.f7
c:\recycler\NPROTECT\00003854.f8
c:\recycler\NPROTECT\00003855.f9
c:\recycler\NPROTECT\00003856.f10
c:\recycler\NPROTECT\00003857.f11
c:\recycler\NPROTECT\00003858.f12
c:\recycler\NPROTECT\00003859.f13
c:\recycler\NPROTECT\00003860.f14
c:\recycler\NPROTECT\00003861.f15
c:\recycler\NPROTECT\00003862.f16
c:\recycler\NPROTECT\00003863.f17
c:\recycler\NPROTECT\00003864.f18
c:\recycler\NPROTECT\00003865.f19
c:\recycler\NPROTECT\00003866.f20
c:\recycler\NPROTECT\00003867.f21
c:\recycler\NPROTECT\00003868.f22
c:\recycler\NPROTECT\00003869.f23
c:\recycler\NPROTECT\00003870.f24
c:\recycler\NPROTECT\00003871.f25
c:\recycler\NPROTECT\00003872.f26
c:\recycler\NPROTECT\00003873.f27
c:\recycler\NPROTECT\00003874.f28
c:\recycler\NPROTECT\00003875.f29
c:\recycler\NPROTECT\00003876.f30
c:\recycler\NPROTECT\00003877.f31
c:\recycler\NPROTECT\00003878.f32
c:\recycler\NPROTECT\00003879.f33
c:\recycler\NPROTECT\00003880.f34
c:\recycler\NPROTECT\00003881.f35
c:\recycler\NPROTECT\00003882.f36
c:\recycler\NPROTECT\00003883.f37
c:\recycler\NPROTECT\00003884.f38
c:\recycler\NPROTECT\00003885.f39
c:\recycler\NPROTECT\00003886.f40
c:\recycler\NPROTECT\00003887.f41
c:\recycler\NPROTECT\00003888.f42
c:\recycler\NPROTECT\00003889.f43
c:\recycler\NPROTECT\00003890.f44
c:\recycler\NPROTECT\00003891.f45
c:\recycler\NPROTECT\00003892.f46
c:\recycler\NPROTECT\00003893.f47
c:\recycler\NPROTECT\00003894.f48
c:\recycler\NPROTECT\00003895.f49
c:\recycler\NPROTECT\00003896.f50
c:\recycler\NPROTECT\00003897.f51
c:\recycler\NPROTECT\00003898.f52
c:\recycler\NPROTECT\00003899.f53
c:\recycler\NPROTECT\00003900.f54
c:\recycler\NPROTECT\00003901.f55
c:\recycler\NPROTECT\00003902.f56
c:\recycler\NPROTECT\00003903.f57
c:\recycler\NPROTECT\00003904.f58
c:\recycler\NPROTECT\00003905.f59
c:\recycler\NPROTECT\00003906.f60
c:\recycler\NPROTECT\00003907.f61
c:\recycler\NPROTECT\00003908.f62
c:\recycler\NPROTECT\00003909.f63
c:\recycler\NPROTECT\00003910.f64
c:\recycler\NPROTECT\00003911.f65
c:\recycler\NPROTECT\00003912.f66
c:\recycler\NPROTECT\00003913.f67
c:\recycler\NPROTECT\00003914.f68
c:\recycler\NPROTECT\00003915.f69
c:\recycler\NPROTECT\00003916.f70
c:\recycler\NPROTECT\00003917.f71
c:\recycler\NPROTECT\00003918.f72
c:\recycler\NPROTECT\00003919.f73
c:\recycler\NPROTECT\00003920.f74
c:\recycler\NPROTECT\00003921.f75
c:\recycler\NPROTECT\00003922.f76
c:\recycler\NPROTECT\00003923
c:\recycler\NPROTECT\00003924.cfs
c:\recycler\NPROTECT\00003925.del
c:\recycler\NPROTECT\00003926
c:\recycler\NPROTECT\00003927.DB-
c:\recycler\NPROTECT\00003928.DB-
c:\recycler\NPROTECT\00003929.DB-
c:\recycler\NPROTECT\00003930.DB-
c:\recycler\NPROTECT\00003931.DB-
c:\recycler\NPROTECT\00003932.DB-
c:\recycler\NPROTECT\00003933.DB-
c:\recycler\NPROTECT\00003934.DB-
c:\recycler\NPROTECT\00003935.DB-
c:\recycler\NPROTECT\00003936.DB-
c:\recycler\NPROTECT\00003937.DB-
c:\recycler\NPROTECT\00003938.DB-
c:\recycler\NPROTECT\00003939.DB-
c:\recycler\NPROTECT\00003940.DB-
c:\recycler\NPROTECT\00003941.DB-
c:\recycler\NPROTECT\00003942.DB-
c:\recycler\NPROTECT\00003943.DB-
c:\recycler\NPROTECT\00003944.DB-
c:\recycler\NPROTECT\00003945.DB-
c:\recycler\NPROTECT\00003946.DB-
c:\recycler\NPROTECT\00003947.DB-
c:\recycler\NPROTECT\00003948.DB-
c:\recycler\NPROTECT\00003949.DB-
c:\recycler\NPROTECT\00003950.DB-
c:\recycler\NPROTECT\00003951.DB-
c:\recycler\NPROTECT\00003952.DB-
c:\recycler\NPROTECT\00003953.DB-
c:\recycler\NPROTECT\00003954.DB-
c:\recycler\NPROTECT\00003955.DB-
c:\recycler\NPROTECT\00003956.DB-
c:\recycler\NPROTECT\00003957.DB-
c:\recycler\NPROTECT\00003958.DB-
c:\recycler\NPROTECT\00003959.DB-
c:\recycler\NPROTECT\00003960.DB-
c:\recycler\NPROTECT\00003961.DB-
c:\recycler\NPROTECT\00003962.DB-
c:\recycler\NPROTECT\00003963.DB-
c:\recycler\NPROTECT\00003964.DB-
c:\recycler\NPROTECT\00003965.DB-
c:\recycler\NPROTECT\00003966.DB-
c:\recycler\NPROTECT\00003967.DB-
c:\recycler\NPROTECT\00003968.DB-
c:\recycler\NPROTECT\00003969.DB-
c:\recycler\NPROTECT\00003970.DB-
c:\recycler\NPROTECT\00003971.DB-
c:\recycler\NPROTECT\00003972.DB-
c:\recycler\NPROTECT\00003973.DB-
c:\recycler\NPROTECT\00003974.DB-
c:\recycler\NPROTECT\00003975.DB-
c:\recycler\NPROTECT\00003976.DB-
c:\recycler\NPROTECT\00003977.DB-
c:\recycler\NPROTECT\00003978.DB-
c:\recycler\NPROTECT\00003979.DB-
c:\recycler\NPROTECT\00003980.DB-
c:\recycler\NPROTECT\00003981.DB-
c:\recycler\NPROTECT\00003982.DB-
c:\recycler\NPROTECT\00003983.DB-
c:\recycler\NPROTECT\00003984.DB-
c:\recycler\NPROTECT\00003985.DB-
c:\recycler\NPROTECT\00003986.DB-
c:\recycler\NPROTECT\00003987.DB-
c:\recycler\NPROTECT\00003988.DB-
c:\recycler\NPROTECT\00003989.DB-
c:\recycler\NPROTECT\00003990.DB-
c:\recycler\NPROTECT\00003991.DB-
c:\recycler\NPROTECT\00003992.DB-
c:\recycler\NPROTECT\00003993.DB-
c:\recycler\NPROTECT\00003994.DB-
c:\recycler\NPROTECT\00003995.DB-
c:\recycler\NPROTECT\00003996.DB-
c:\recycler\NPROTECT\00003997.DB-
c:\recycler\NPROTECT\00003998.DB-
c:\recycler\NPROTECT\00003999.DB-
c:\recycler\NPROTECT\00004000.DB-
c:\recycler\NPROTECT\00004001.DB-
c:\recycler\NPROTECT\00004002.DB-
c:\recycler\NPROTECT\00004003.DB-
c:\recycler\NPROTECT\00004004.DB-
c:\recycler\NPROTECT\00004005.DB-
c:\recycler\NPROTECT\00004006.DB-
c:\recycler\NPROTECT\00004007.DB-
c:\recycler\NPROTECT\00004008.DB-
c:\recycler\NPROTECT\00004009.DB-
c:\recycler\NPROTECT\00004010.DB-
c:\recycler\NPROTECT\00004011.DB-
c:\recycler\NPROTECT\00004012.DB-
c:\recycler\NPROTECT\00004013.DB-
c:\recycler\NPROTECT\00004014.DB-
c:\recycler\NPROTECT\00004015.DB-
c:\recycler\NPROTECT\00004016.DB-
c:\recycler\NPROTECT\00004017.DB-
c:\recycler\NPROTECT\00004018.DB-
c:\recycler\NPROTECT\00004019.DB-
c:\recycler\NPROTECT\00004020.DB-
c:\recycler\NPROTECT\00004021.DB-
c:\recycler\NPROTECT\00004022.DB-
c:\recycler\NPROTECT\00004023.DB-
c:\recycler\NPROTECT\00004024.DB-
c:\recycler\NPROTECT\00004025.DB-
c:\recycler\NPROTECT\00004026.DB-
c:\recycler\NPROTECT\00004027.DB-
c:\recycler\NPROTECT\00004028.DB-
c:\recycler\NPROTECT\00004029.DB-
c:\recycler\NPROTECT\00004030.DB-
c:\recycler\NPROTECT\00004031.DB-
c:\recycler\NPROTECT\00004032.DB-
c:\recycler\NPROTECT\00004033.DB-
c:\recycler\NPROTECT\00004034.DB-
c:\recycler\NPROTECT\00004035.DB-
c:\recycler\NPROTECT\00004036.DB-
c:\recycler\NPROTECT\00004037.DB-
c:\recycler\NPROTECT\00004039.DB-
c:\recycler\NPROTECT\00004040.DB-
c:\recycler\NPROTECT\00004041.DB-
c:\recycler\NPROTECT\00004042.DB-
c:\recycler\NPROTECT\00004043.DB-
c:\recycler\NPROTECT\00004044.DB-
c:\recycler\NPROTECT\00004045.DB-
c:\recycler\NPROTECT\00004046.DB-
c:\recycler\NPROTECT\00004047.DB-
c:\recycler\NPROTECT\00004048.DB-
c:\recycler\NPROTECT\00004049.DB-
c:\recycler\NPROTECT\00004050.DB-
c:\recycler\NPROTECT\00004051.DB-
c:\recycler\NPROTECT\00004052.DB-
c:\recycler\NPROTECT\00004053.DB-
c:\recycler\NPROTECT\00004054.DB-
c:\recycler\NPROTECT\00004055.DB-
c:\recycler\NPROTECT\00004056.DB-
c:\recycler\NPROTECT\00004057.DB-
c:\recycler\NPROTECT\00004058.DB-
c:\recycler\NPROTECT\00004059.DB-
c:\recycler\NPROTECT\00004060.DB-
c:\recycler\NPROTECT\00004061.DB-
c:\recycler\NPROTECT\00004062.DB-
c:\recycler\NPROTECT\00004063.DB-
c:\recycler\NPROTECT\00004064.DB-
c:\recycler\NPROTECT\00004065.DB-
c:\recycler\NPROTECT\00004066.DB-
c:\recycler\NPROTECT\00004067.DB-
c:\recycler\NPROTECT\00004068.DB-
c:\recycler\NPROTECT\00004069.DB-
c:\recycler\NPROTECT\00004070.DB-
c:\recycler\NPROTECT\00004071.DB-
c:\recycler\NPROTECT\00004072.DB-
c:\recycler\NPROTECT\00004073.DB-
c:\recycler\NPROTECT\00004074.DB-
c:\recycler\NPROTECT\00004075.DB-
c:\recycler\NPROTECT\00004076.DB-
c:\recycler\NPROTECT\00004077.DB-
c:\recycler\NPROTECT\00004078.DB-
c:\recycler\NPROTECT\00004079.DB-
c:\recycler\NPROTECT\00004080.DB-
c:\recycler\NPROTECT\00004081.DB-
c:\recycler\NPROTECT\00004082.DB-
c:\recycler\NPROTECT\00004083.DB-
c:\recycler\NPROTECT\00004084.DB-
c:\recycler\NPROTECT\00004085.DB-
c:\recycler\NPROTECT\00004086.DB-
c:\recycler\NPROTECT\00004087.DB-
c:\recycler\NPROTECT\00004088.DB-
c:\recycler\NPROTECT\00004089.DB-
c:\recycler\NPROTECT\00004090.DB-
c:\recycler\NPROTECT\00004091.DB-
c:\recycler\NPROTECT\00004092.DB-
c:\recycler\NPROTECT\00004093.DB-
c:\recycler\NPROTECT\00004094.DB-
c:\recycler\NPROTECT\00004095.DB-
c:\recycler\NPROTECT\00004096.DB-
c:\recycler\NPROTECT\00004097.DB-
c:\recycler\NPROTECT\00004098.DB-
c:\recycler\NPROTECT\00004099.DB-
c:\recycler\NPROTECT\00004100.DB-
c:\recycler\NPROTECT\00004101.DB-
c:\recycler\NPROTECT\00004102.DB-
c:\recycler\NPROTECT\00004103.DB-
c:\recycler\NPROTECT\00004104.DB-
c:\recycler\NPROTECT\00004105.DB-
c:\recycler\NPROTECT\00004106.DB-
c:\recycler\NPROTECT\00004107.DB-
c:\recycler\NPROTECT\00004108.DB-
c:\recycler\NPROTECT\00004109.DB-
c:\recycler\NPROTECT\00004110.DB-
c:\recycler\NPROTECT\00004111.DB-
c:\recycler\NPROTECT\00004112.DB-
c:\recycler\NPROTECT\00004113.DB-
c:\recycler\NPROTECT\00004114.DB-
c:\recycler\NPROTECT\00004115.DB-
c:\recycler\NPROTECT\00004116.DB-
c:\recycler\NPROTECT\00004117.DB-
c:\recycler\NPROTECT\00004118.DB-
c:\recycler\NPROTECT\00004119.DB-
c:\recycler\NPROTECT\00004120.DB-
c:\recycler\NPROTECT\00004121.DB-
c:\recycler\NPROTECT\00004122.DB-
c:\recycler\NPROTECT\00004123.DB-
c:\recycler\NPROTECT\00004124.DB-
c:\recycler\NPROTECT\00004125.DB-
c:\recycler\NPROTECT\00004126.DB-
c:\recycler\NPROTECT\00004127.DB-
c:\recycler\NPROTECT\00004128.DB-
c:\recycler\NPROTECT\00004129.DB-
c:\recycler\NPROTECT\00004130.DB-
c:\recycler\NPROTECT\00004131.DB-
c:\recycler\NPROTECT\00004132.DB-
c:\recycler\NPROTECT\00004133.DB-
c:\recycler\NPROTECT\00004134.DB-
c:\recycler\NPROTECT\00004135.DB-
c:\recycler\NPROTECT\00004136.DB-
c:\recycler\NPROTECT\00004137.DB-
c:\recycler\NPROTECT\00004138.DB-
c:\recycler\NPROTECT\00004139.DB-
c:\recycler\NPROTECT\00004140.DB-
c:\recycler\NPROTECT\00004141.DB-
c:\recycler\NPROTECT\00004142.edb
c:\recycler\NPROTECT\00004143.DB-
c:\recycler\NPROTECT\00004144.DB-
c:\recycler\NPROTECT\00004145.DB-
c:\recycler\NPROTECT\00004146.DB-
c:\recycler\NPROTECT\00004147.DB-
c:\recycler\NPROTECT\00004148.DB-
c:\recycler\NPROTECT\00004149.DB-
c:\recycler\NPROTECT\00004150.DB-
c:\recycler\NPROTECT\00004151.DB-
c:\recycler\NPROTECT\00004152.DB-
c:\recycler\NPROTECT\00004153.DB-
c:\recycler\NPROTECT\00004154.DB-
c:\recycler\NPROTECT\00004155.DB-
c:\recycler\NPROTECT\00004156.DB-
c:\recycler\NPROTECT\00004157.DB-
c:\recycler\NPROTECT\00004158.DB-
c:\recycler\NPROTECT\00004159.DB-
c:\recycler\NPROTECT\00004160.DB-
c:\recycler\NPROTECT\00004161.DB-
c:\recycler\NPROTECT\00004400.ecf
c:\recycler\NPROTECT\00004440.RPT
c:\recycler\NPROTECT\00004441.RPT
c:\recycler\NPROTECT\00004443.xml
c:\recycler\NPROTECT\00004445.XML
c:\recycler\NPROTECT\00004446.XML
c:\recycler\NPROTECT\00004448.XML
c:\recycler\NPROTECT\00004459.K0R
c:\recycler\NPROTECT\00004460.DIF
c:\recycler\NPROTECT\00004461.LSU
c:\recycler\NPROTECT\00004462.DIF
c:\recycler\NPROTECT\00004463.DIF
c:\recycler\NPROTECT\00004464.GWO
c:\recycler\NPROTECT\00004465.NNX
c:\recycler\NPROTECT\00004466.DIF
c:\recycler\NPROTECT\00004467.gsg
c:\recycler\NPROTECT\00004468.KRG
c:\recycler\NPROTECT\00004469.XML
c:\recycler\NPROTECT\00004470.KRG
c:\recycler\NPROTECT\00004471.stt
c:\recycler\NPROTECT\00004472.krg
c:\recycler\NPROTECT\00004473.stt
c:\recycler\NPROTECT\00004474.dat
c:\recycler\NPROTECT\00004475.XML
c:\recycler\NPROTECT\00004476.KRG
c:\recycler\NPROTECT\00004477.XML
c:\recycler\NPROTECT\00004478.avc
c:\recycler\NPROTECT\00004479.avc
c:\recycler\NPROTECT\00004480.avc
c:\recycler\NPROTECT\00004481.xml
c:\recycler\NPROTECT\00004482.xml
c:\recycler\NPROTECT\00004483.XML
c:\recycler\NPROTECT\00004484.stt
c:\recycler\NPROTECT\00004486.XML
c:\recycler\NPROTECT\00004487.stt
c:\recycler\NPROTECT\00004488.dat
c:\recycler\NPROTECT\00004489.XML
c:\recycler\NPROTECT\00004490.gsg
c:\recycler\NPROTECT\00004491.XML
c:\recycler\NPROTECT\00004492.avc
c:\recycler\NPROTECT\00004493.avc
c:\recycler\NPROTECT\00004497.krg
c:\recycler\NPROTECT\00004498.KRG
c:\recycler\NPROTECT\00004499.KRG
c:\recycler\NPROTECT\00004500.KRG
c:\recycler\NPROTECT\00004502.XML
c:\recycler\NPROTECT\00004509.txt
c:\recycler\NPROTECT\00004681.grd
c:\recycler\NPROTECT\00004682.sig
c:\recycler\NPROTECT\00004683.wlt
c:\recycler\NPROTECT\00004684.wlt
c:\recycler\NPROTECT\00004685.grd
c:\recycler\NPROTECT\00004686.sig
c:\recycler\NPROTECT\00004687.grd
c:\recycler\NPROTECT\00004688.sig
c:\recycler\NPROTECT\00004689.wlt
c:\recycler\NPROTECT\00004690.dat
c:\recycler\NPROTECT\00004691.grd
c:\recycler\NPROTECT\00004692.sig
c:\recycler\NPROTECT\00004693.wlt
c:\recycler\NPROTECT\00004694.txt
c:\recycler\NPROTECT\00004695.grd
c:\recycler\NPROTECT\00004696.sig
c:\recycler\NPROTECT\00004697.dat
c:\recycler\NPROTECT\00004698.997
c:\recycler\NPROTECT\00004699.998
c:\recycler\NPROTECT\00004700.999
c:\recycler\NPROTECT\00004701.scr
c:\recycler\NPROTECT\00004702.txt
c:\recycler\NPROTECT\00004703.dis
c:\recycler\NPROTECT\00004704.grd
c:\recycler\NPROTECT\00004705.sig
c:\recycler\NPROTECT\00004729.REG
c:\recycler\NPROTECT\00004730.und
c:\recycler\NPROTECT\00004731.und
c:\recycler\NPROTECT\00004732.und
c:\recycler\NPROTECT\00004733.und
c:\recycler\NPROTECT\00004734.und
c:\recycler\NPROTECT\00004735.und
c:\recycler\NPROTECT\00004736.und
c:\recycler\NPROTECT\00004737.und
c:\recycler\NPROTECT\00004738.und
c:\recycler\NPROTECT\00004740.und
c:\recycler\NPROTECT\00004742.und
c:\recycler\NPROTECT\00004745.nsi
c:\recycler\NPROTECT\00004746.nsi
c:\recycler\NPROTECT\00004747.LNK
c:\recycler\NPROTECT\00004748.LNK
c:\recycler\NPROTECT\00004749.LNK
c:\recycler\NPROTECT\00004750.LNK
c:\recycler\NPROTECT\00004751.LNK
c:\recycler\NPROTECT\00004752.LNK
c:\recycler\NPROTECT\00004753.LNK
c:\recycler\NPROTECT\00004754.LNK
c:\recycler\NPROTECT\00004755.LNK
c:\recycler\NPROTECT\00004756.LNK
c:\recycler\NPROTECT\00004757.LNK
c:\recycler\NPROTECT\00004758.LNK
c:\recycler\NPROTECT\00004759.LNK
c:\recycler\NPROTECT\00004760.LNK
c:\recycler\NPROTECT\00004761.rbf
c:\recycler\NPROTECT\00004762.rbf
c:\recycler\NPROTECT\00004763.rbf
c:\recycler\NPROTECT\00004764.rbf
c:\recycler\NPROTECT\00004765.rbf
c:\recycler\NPROTECT\00004766.rbf
c:\recycler\NPROTECT\00004767.rbf
c:\recycler\NPROTECT\00004768.rbf
c:\recycler\NPROTECT\00004769.rbf
c:\recycler\NPROTECT\00004770.rbf
c:\recycler\NPROTECT\00004771.rbf
c:\recycler\NPROTECT\00004772.rbf
c:\recycler\NPROTECT\00004773.rbf
c:\recycler\NPROTECT\00004774.rbf
c:\recycler\NPROTECT\00004775.rbf
c:\recycler\NPROTECT\00004776.rbf
c:\recycler\NPROTECT\00004777.rbf
c:\recycler\NPROTECT\00004778.rbf
c:\recycler\NPROTECT\00004779.rbf
c:\recycler\NPROTECT\00004780.rbf
c:\recycler\NPROTECT\00004781.rbf
c:\recycler\NPROTECT\00004782.rbf
c:\recycler\NPROTECT\00004783.rbf
c:\recycler\NPROTECT\00004784.rbf
c:\recycler\NPROTECT\00004785.rbf
c:\recycler\NPROTECT\00004786.rbf
c:\recycler\NPROTECT\00004787.rbf
c:\recycler\NPROTECT\00004788.rbf
c:\recycler\NPROTECT\00004789.rbs
c:\recycler\NPROTECT\00004790.ipi
c:\recycler\NPROTECT\00004792.msi
c:\recycler\NPROTECT\00004793.rbf
c:\recycler\NPROTECT\00004794.rbs
c:\recycler\NPROTECT\00004795.ipi
c:\recycler\NPROTECT\00004796.msi
c:\recycler\NPROTECT\NPROTECT.LOG
c:\safetycenter\ie.Dll
c:\windows\msa.exe
c:\windows\system32\~.exe
c:\windows\system32\calc.dll
c:\windows\system32\dezifamu.dll
c:\windows\system32\iehelper.dll
c:\windows\system32\ipYT7o1v.dll
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lsp.dll
c:\windows\system32\moyofilu.dll
c:\windows\system32\ntSVc.ocx
c:\windows\system32\petemowa.dll
c:\windows\system32\resevine.dll
c:\windows\system32\temp.exe
c:\windows\twain_16.dll

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.

squidboy
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-02
OS : XP Home

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by squidboy on Mon Nov 02, 2009 5:00 am

.....And finishing with this:

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 02:38 . 2009-11-02 03:02 -------- d-----w- c:\program files\centipede
2009-11-02 02:01 . 2009-11-02 04:35 -------- d-----w- C:\SafetyCenter
2009-11-02 01:59 . 2009-11-02 01:59 96256 ----a-w- C:\cobch.exe
2009-11-02 01:59 . 2009-11-02 01:59 52224 ----a-w- C:\nmswcnsf.exe
2009-11-02 01:54 . 2009-11-02 02:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 01:53 . 2009-11-02 01:53 -------- d-----w- C:\Malwarebytes_Anti-Malware_1.41
2009-11-02 01:53 . 2009-11-02 01:53 7171690 ----a-w- C:\Malwarebytes_Anti-Malware_1.41.zip
2009-11-02 01:42 . 2009-11-02 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\msca
2009-10-26 06:11 . 2009-10-26 06:11 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
2009-10-26 06:11 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 06:11 . 2009-10-26 06:11 -------- d-----w- c:\program files\maw
2009-10-26 06:11 . 2009-10-26 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-26 06:11 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 04:41 . 2007-11-26 00:10 925184 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-02 04:41 . 2007-11-26 00:10 66651680 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-02 04:41 . 2007-11-26 00:10 136700 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-02 04:41 . 2007-11-26 00:10 1335584 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-02 02:32 . 2009-08-25 00:07 0 ----a-r- c:\windows\win32k.sys
2009-10-26 06:21 . 2007-03-08 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy Pro
2009-10-26 05:16 . 2007-01-03 23:14 -------- d-----w- c:\documents and settings\Steve\Application Data\1clickPro
2009-10-26 04:41 . 2008-05-16 01:30 -------- d-----w- c:\program files\Yahoo!
2009-10-26 04:40 . 2007-07-01 05:01 -------- d-----w- c:\program files\Real
2009-10-26 04:40 . 2006-06-23 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 04:25 . 2007-11-26 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-25 23:20 . 2007-11-29 02:49 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2009-10-25 23:20 . 2007-11-29 02:49 -------- d-----w- c:\program files\dvd43
2009-10-25 23:18 . 2007-01-03 22:51 -------- d-----w- c:\documents and settings\Steve\Application Data\Vso
2009-10-20 13:04 . 2007-03-09 22:44 -------- d-----w- c:\program files\IrfanView
2009-10-19 11:35 . 2006-07-26 21:11 -------- d-----w- c:\program files\Thumbs7
2009-10-16 03:22 . 2006-06-23 02:13 28232 ----a-w- c:\documents and settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-14 15:08 . 2008-12-20 02:47 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-14 15:08 . 2008-12-20 02:47 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-18 18:58 . 2007-03-10 02:12 -------- d-----w- c:\program files\PasswordSafe
2009-09-11 14:33 . 2002-06-25 21:42 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2002-06-25 21:41 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-01-08 19:23 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2002-06-25 21:37 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:16 . 2002-06-25 21:47 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:11 . 2002-06-25 21:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00 . 2002-06-25 21:43 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 2002-06-25 21:43 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-02 02:05 . 2009-08-02 02:05 39424 --sha-w- c:\windows\system32\maligoha.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tracks Eraser Pro"="c:\program files\Acesoft\Tracks Eraser Pro\te.exe" [2009-06-24 1437504]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-21 148776]
"BTCLiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2004-03-08 430080]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-20 20480]
"iRiver Updater"="\Updater.exe" [2004-07-01 212992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-07-01 185632]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-06-11 153136]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-10-06 741376]

c:\documents and settings\Steve\Start Menu\Programs\Startup\
PGPtray.exe [2004-6-9 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-1-1 114688]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-8-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [6/23/2006 5:02 AM 260072]
R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [6/23/2006 5:05 AM 22016]
R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [6/23/2006 5:05 AM 13312]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 4:45 AM 13088]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [4/1/2008 7:41 PM 598856]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [3/27/2006 5:53 PM 167808]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mWindow Title =
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

BHO-{baf9faef-fcef-4512-81bd-4eb65c087b13} - petemowa.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKLM-Run-HPHUPD04 - c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
HKLM-Run-mosowofuz - c:\windows\system32\dezifamu.dll
HKLM-Run-pagosakojo - moyofilu.dll
SharedTaskScheduler-{f53d86e0-9fd8-4448-a79a-8b0737204c4b} - c:\windows\system32\dezifamu.dll
SSODL-detiwemit-{f53d86e0-9fd8-4448-a79a-8b0737204c4b} - c:\windows\system32\dezifamu.dll
AddRemove-HijackThis - I:\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-01 23:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1232)
c:\windows\system32\RtlGina2.dll

- - - - - - - > 'lsass.exe'(1288)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3584)
c:\windows\system32\WININET.dll
c:\windows\system32\PGPhk.dll
c:\windows\system32\nView.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PGPserv.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
C:\Updater.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\Rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\documents and settings\Steve\Start Menu\Programs\Startup\PGPtray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2009-11-02 23:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-02 04:51

Pre-Run: 25,704,128,512 bytes free
Post-Run: 25,972,224,000 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 2D5E642E5B08DA8B9AC9890886A7BA94

squidboy
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-02
OS : XP Home

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by Dr Jay on Mon Nov 02, 2009 10:28 am

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    C:\cobch.exe
    C:\nmswcnsf.exe

    Folder::
    C:\SafetyCenter
    c:\program files\centipede
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13708
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by squidboy on Mon Nov 02, 2009 1:07 pm

OK, I couldn't get far on this one. I was greeted with the same message I had before - telling me I need to close my "real time scanner" Kaspersky Internet Security. Just as in my earlier post when I tried to run combofix, Kaspersky is not present in either the taskbar or Windows Task Manager. I am greeted with the same warning from combofix related to continuing without exiting Kaspersky.

squidboy
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-02
OS : XP Home

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by Dr Jay on Mon Nov 02, 2009 7:17 pm

Can it continue anyway, if not - please do the following:

Open Kaspersky from the Start Menu. Then, disable it in there.

I think it will want you to Pause protection - by user request. Those might be options.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13708
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by squidboy on Mon Nov 02, 2009 8:48 pm

Well, I ended up just uninstalling the Kaspersky program from my PC, since it kept thinking it was running. I had tried to open it & change the settings to shut it down, but the virus has a hold on opening .exe files, so I was unable to do that.

I ran the combofix after uninstalling and rebooting my PC (even though combofix STILL told me to close my Kaspersky - after uninstalling it!) I have a much smaller log file this time, which I am pasting here. I tried to do what you requested regarding the CFScript.txt, but I don't have the exe file named "combofix" anymore, since I renamed it "commy". I tried to drag the CFScript onto "commy" on my desktop, but all that does is start the combofix utility again.

That being said, here is my latest log file. Thanks for the help with this! (By the way, the "centipede" folder that you saw was created by me. I was trying to outsmart the virus by saving the malwarebyte's program in another folder named "centipede". I just wanted you to know that, so you don't think the virus had created something new.

ComboFix 09-10-30.01 - Steve 11/02/2009 14:40.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.577 [GMT -5:00]
Running from: c:\documents and settings\Steve\desktop\commy.exe
Command switches used :: /stepdel
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 04:21 . 2009-11-02 04:51 -------- d-----w- C:\commy
2009-11-02 02:38 . 2009-11-02 03:02 -------- d-----w- c:\program files\centipede
2009-11-02 02:01 . 2009-11-02 04:35 -------- d-----w- C:\SafetyCenter
2009-11-02 01:59 . 2009-11-02 01:59 96256 ----a-w- C:\cobch.exe
2009-11-02 01:59 . 2009-11-02 01:59 52224 ----a-w- C:\nmswcnsf.exe
2009-11-02 01:54 . 2009-11-02 02:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 01:53 . 2009-11-02 01:53 -------- d-----w- C:\Malwarebytes_Anti-Malware_1.41
2009-11-02 01:53 . 2009-11-02 01:53 7171690 ----a-w- C:\Malwarebytes_Anti-Malware_1.41.zip
2009-11-02 01:42 . 2009-11-02 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\msca
2009-10-26 06:11 . 2009-10-26 06:11 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
2009-10-26 06:11 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 06:11 . 2009-10-26 06:11 -------- d-----w- c:\program files\maw
2009-10-26 06:11 . 2009-10-26 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-26 06:11 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 02:32 . 2009-08-25 00:07 0 ----a-r- c:\windows\win32k.sys
2009-10-26 06:21 . 2007-03-08 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy Pro
2009-10-26 05:16 . 2007-01-03 23:14 -------- d-----w- c:\documents and settings\Steve\Application Data\1clickPro
2009-10-26 04:41 . 2008-05-16 01:30 -------- d-----w- c:\program files\Yahoo!
2009-10-26 04:40 . 2007-07-01 05:01 -------- d-----w- c:\program files\Real
2009-10-26 04:40 . 2006-06-23 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 04:25 . 2007-11-26 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-25 23:20 . 2007-11-29 02:49 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2009-10-25 23:20 . 2007-11-29 02:49 -------- d-----w- c:\program files\dvd43
2009-10-25 23:18 . 2007-01-03 22:51 -------- d-----w- c:\documents and settings\Steve\Application Data\Vso
2009-10-20 13:04 . 2007-03-09 22:44 -------- d-----w- c:\program files\IrfanView
2009-10-19 11:35 . 2006-07-26 21:11 -------- d-----w- c:\program files\Thumbs7
2009-10-16 03:22 . 2006-06-23 02:13 28232 ----a-w- c:\documents and settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-18 18:58 . 2007-03-10 02:12 -------- d-----w- c:\program files\PasswordSafe
2009-09-11 14:33 . 2002-06-25 21:42 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2002-06-25 21:41 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-01-08 19:23 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2002-06-25 21:37 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:16 . 2002-06-25 21:47 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:11 . 2002-06-25 21:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 02:05 . 2009-08-02 02:05 39424 --sha-w- c:\windows\system32\maligoha.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tracks Eraser Pro"="c:\program files\Acesoft\Tracks Eraser Pro\te.exe" [2009-06-24 1437504]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-21 148776]
"BTCLiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2004-03-08 430080]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-20 20480]
"iRiver Updater"="\Updater.exe" [2004-07-01 212992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-07-01 185632]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-06-11 153136]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-10-06 741376]

c:\documents and settings\Steve\Start Menu\Programs\Startup\
PGPtray.exe [2004-6-9 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-1-1 114688]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-8-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [6/23/2006 5:02 AM 260072]
R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [6/23/2006 5:05 AM 22016]
R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [6/23/2006 5:05 AM 13312]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 4:45 AM 13088]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [4/1/2008 7:41 PM 598856]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [3/27/2006 5:53 PM 167808]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mWindow Title =
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-02 14:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys dvd43llh.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

atapi.sys @ 0xF74D8000 0x17480 bytes

\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0xF74DE7B4 != 0xF78C8B20 dvd43llh.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\RtlGina2.dll

- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3372)
c:\windows\system32\WININET.dll
c:\windows\system32\nView.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-02 14:50
ComboFix-quarantined-files.txt 2009-11-02 19:50
ComboFix2.txt 2009-11-02 04:51

Pre-Run: 26,716,626,944 bytes free
Post-Run: 26,703,163,392 bytes free

- - End Of File - - 7664005C920FCF4381B1D800500EEB84

squidboy
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-02
OS : XP Home

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by Dr Jay on Mon Nov 02, 2009 9:33 pm

Please do this for Kaspersky:

1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Connect to root\SecurityCenter
5. Click on Query
6. Type in SELECT * FROM AntiVirusProduct and click on Apply



If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.

==

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    C:\cobch.exe
    C:\nmswcnsf.exe

    Folder::
    C:\SafetyCenter
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13708
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by squidboy on Mon Nov 02, 2009 9:51 pm

OK - I just went through the steps you outlined. When it got to image #4 (as above), the query box was blank in the box below "Enter Query". I'll reboot the PC again & try to run combofix again. I just don't understand why it thinks Kasperksy is still installed when I uninstalled it.

With the CFScript.txt file......should I be copying that to my flash drive, where "combofix.exe" is? I don't have combofix.exe anywhere else, since I followed the instructions to rename it to commy.exe when I placed it onto the dektop.

Thanks!

squidboy
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-02
OS : XP Home

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by Dr Jay on Tue Nov 03, 2009 12:50 am

It should be in the same location as commy.exe, then drag the CFScript over top of Commy.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13708
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by squidboy on Tue Nov 03, 2009 2:20 am

OK, it still thinks I have the Kasperky program installed, but here are the results from combofix being run after CFScript is placed over commy.exe. Again, thank you very much for the help with this!

ComboFix 09-11-01.04 - Steve 11/02/2009 20:35.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.578 [GMT -5]
Running from: c:\documents and settings\Steve\Desktop\commy.exe
Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point

FILE ::
"C:\cobch.exe"
"C:\nmswcnsf.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cobch.exe
C:\nmswcnsf.exe
c:\program files\centipede
c:\program files\centipede\changes.rtf
c:\program files\centipede\Languages\albanian.lng
c:\program files\centipede\Languages\arabic.lng
c:\program files\centipede\Languages\bosnian.lng
c:\program files\centipede\Languages\bulgarian.lng
c:\program files\centipede\Languages\catalan.lng
c:\program files\centipede\Languages\chineseSI.lng
c:\program files\centipede\Languages\chineseTR.lng
c:\program files\centipede\Languages\croatian.lng
c:\program files\centipede\Languages\czech.lng
c:\program files\centipede\Languages\danish.lng
c:\program files\centipede\Languages\dutch.lng
c:\program files\centipede\Languages\english.lng
c:\program files\centipede\Languages\estonian.lng
c:\program files\centipede\Languages\finnish.lng
c:\program files\centipede\Languages\french.lng
c:\program files\centipede\Languages\german.lng
c:\program files\centipede\Languages\greek.lng
c:\program files\centipede\Languages\hebrew.lng
c:\program files\centipede\Languages\hungarian.lng
c:\program files\centipede\Languages\italian.lng
c:\program files\centipede\Languages\korean.lng
c:\program files\centipede\Languages\latvian.lng
c:\program files\centipede\Languages\macedonian.lng
c:\program files\centipede\Languages\norwegian.lng
c:\program files\centipede\Languages\polish.lng
c:\program files\centipede\Languages\portugueseBR.lng
c:\program files\centipede\Languages\portuguesePT.lng
c:\program files\centipede\Languages\romanian.lng
c:\program files\centipede\Languages\russian.lng
c:\program files\centipede\Languages\serbian.lng
c:\program files\centipede\Languages\slovak.lng
c:\program files\centipede\Languages\slovenian.lng
c:\program files\centipede\Languages\spanish.lng
c:\program files\centipede\Languages\swedish.lng
c:\program files\centipede\Languages\turkish.lng
c:\program files\centipede\Languages\ukrainian.lng
c:\program files\centipede\license.txt
c:\program files\centipede\mbam.chm
c:\program files\centipede\mbam.dll
c:\program files\centipede\mbamext.dll
c:\program files\centipede\mbamgui.exe
c:\program files\centipede\mbamservice.exe
c:\program files\centipede\ssubtmr6.dll
c:\program files\centipede\unins000.dat
c:\program files\centipede\unins000.exe
c:\program files\centipede\unins000.msg
c:\program files\centipede\vbalsgrid6.ocx
c:\program files\centipede\zlib.dll
C:\SafetyCenter
c:\safetycenter\main.ico
c:\safetycenter\new.exe
c:\safetycenter\protector.exe
c:\safetycenter\sound.wav
c:\safetycenter\start.exe
c:\safetycenter\tst.exe
c:\safetycenter\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.

2009-11-02 19:38 . 2009-11-02 19:50 -------- d-----w- C:\commy17334c
2009-11-02 04:21 . 2009-11-02 04:51 -------- d-----w- C:\commy
2009-11-02 01:54 . 2009-11-02 02:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 01:53 . 2009-11-02 01:53 -------- d-----w- C:\Malwarebytes_Anti-Malware_1.41
2009-11-02 01:53 . 2009-11-02 01:53 7171690 ----a-w- C:\Malwarebytes_Anti-Malware_1.41.zip
2009-11-02 01:42 . 2009-11-02 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\msca
2009-10-26 06:11 . 2009-10-26 06:11 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
2009-10-26 06:11 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 06:11 . 2009-10-26 06:11 -------- d-----w- c:\program files\maw
2009-10-26 06:11 . 2009-10-26 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-26 06:11 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 02:32 . 2009-08-25 00:07 0 ----a-r- c:\windows\win32k.sys
2009-10-26 06:21 . 2007-03-08 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy Pro
2009-10-26 05:16 . 2007-01-03 23:14 -------- d-----w- c:\documents and settings\Steve\Application Data\1clickPro
2009-10-26 04:41 . 2008-05-16 01:30 -------- d-----w- c:\program files\Yahoo!
2009-10-26 04:40 . 2007-07-01 05:01 -------- d-----w- c:\program files\Real
2009-10-26 04:40 . 2006-06-23 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 04:25 . 2007-11-26 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-25 23:20 . 2007-11-29 02:49 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2009-10-25 23:20 . 2007-11-29 02:49 -------- d-----w- c:\program files\dvd43
2009-10-25 23:18 . 2007-01-03 22:51 -------- d-----w- c:\documents and settings\Steve\Application Data\Vso
2009-10-20 13:04 . 2007-03-09 22:44 -------- d-----w- c:\program files\IrfanView
2009-10-19 11:35 . 2006-07-26 21:11 -------- d-----w- c:\program files\Thumbs7
2009-10-16 03:22 . 2006-06-23 02:13 28232 ----a-w- c:\documents and settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-18 18:58 . 2007-03-10 02:12 -------- d-----w- c:\program files\PasswordSafe
2009-09-11 14:33 . 2002-06-25 21:42 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2002-06-25 21:41 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-01-08 19:23 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2002-06-25 21:37 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:16 . 2002-06-25 21:47 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:11 . 2002-06-25 21:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 02:05 . 2009-08-02 02:05 39424 --sha-w- c:\windows\system32\maligoha.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tracks Eraser Pro"="c:\program files\Acesoft\Tracks Eraser Pro\te.exe" [2009-06-24 1437504]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-21 148776]
"BTCLiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2004-03-08 430080]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-20 20480]
"iRiver Updater"="\Updater.exe" [2004-07-01 212992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-07-01 185632]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-06-11 153136]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-10-06 741376]

c:\documents and settings\Steve\Start Menu\Programs\Startup\
PGPtray.exe [2004-6-9 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-1-1 114688]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-8-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [6/23/2006 5:02 AM 260072]
R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [6/23/2006 5:05 AM 22016]
R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [6/23/2006 5:05 AM 13312]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 4:45 AM 13088]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [4/1/2008 7:41 PM 598856]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [3/27/2006 5:53 PM 167808]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mWindow Title =
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\centipede\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-02 20:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\RtlGina2.dll

- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\relog_ap.dll
.
Completion time: 2009-11-03 20:44
ComboFix-quarantined-files.txt 2009-11-03 01:44
ComboFix2.txt 2009-11-02 19:50
ComboFix3.txt 2009-11-02 04:51

Pre-Run: 26,686,025,728 bytes free
Post-Run: 26,671,898,624 bytes free

- - End Of File - - 834F45C1618DEC258D25200A598EB451


EDITED TO ADD:

I just tried to reinstall the malwarebyte's anti-malware again. It allowed me to reinstall it over the existing installation & actually allowed me to update it and run it! (I did not take any action after it was done with the scan.) So far, I am able to get to my homepage, etc. It SEEMS to be OK now, but I'll leave that up to you to decide! Smile The following is the log file that the malwarebyte program created:

Malwarebytes' Anti-Malware 1.41
Database version: 3090
Windows 5.1.2600 Service Pack 2

11/2/2009 9:51:24 PM
mbam-log-2009-11-02 (21-51-17).txt

Scan type: Quick Scan
Objects scanned: 126893
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{051c9a06-fb08-486f-b09b-8b33b261637d} (Rogue.AntiVirus1) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{29256442-2c14-48ca-b756-3ee0f8bdc774} (Rogue.AntiVirus1) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\maligoha.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> No action taken.


Last edited by squidboy on Tue Nov 03, 2009 3:01 am; edited 2 times in total (Reason for editing : Able to run malwarebyte program & get to internet)

squidboy
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-02
OS : XP Home

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by Dr Jay on Tue Nov 03, 2009 3:47 am

Please post the Malwarebytes log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13708
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by squidboy on Tue Nov 03, 2009 4:17 am

That what I had already posted in the reply above. Is there something else you were looking for instead of that?

squidboy
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-02
OS : XP Home

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by Dr Jay on Tue Nov 03, 2009 5:33 am

Oops, I meant to say, please remove the selected items, then post the Malwarebytes log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13708
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by squidboy on Tue Nov 03, 2009 6:22 am

Alrighty, DragonMaster Jay....here's the new log:

Malwarebytes' Anti-Malware 1.41
Database version: 3090
Windows 5.1.2600 Service Pack 2

11/3/2009 1:03:05 AM
mbam-log-2009-11-03 (01-03-05).txt

Scan type: Quick Scan
Objects scanned: 126893
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{051c9a06-fb08-486f-b09b-8b33b261637d} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{29256442-2c14-48ca-b756-3ee0f8bdc774} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\maligoha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

---------------------
*** After that, I rebooted the PC and ran the malwarebyte's program again from the start. Here is the log from that.....

Malwarebytes' Anti-Malware 1.41
Database version: 3090
Windows 5.1.2600 Service Pack 2

11/3/2009 1:18:52 AM
mbam-log-2009-11-03 (01-18-52).txt

Scan type: Quick Scan
Objects scanned: 126846
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

squidboy
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-02
OS : XP Home

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by Dr Jay on Tue Nov 03, 2009 6:41 am

Please use Internet Explorer and run a [You must be registered and logged in to see this link.]

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13708
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by squidboy on Tue Nov 03, 2009 12:29 pm

Good morning DragonMaster Jay!

Here are the results from the bitdefender scan:

BitDefender Online Scanner



Scan report generated at: Tue, Nov 03, 2009 - 06:18:14





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;







Statistics

Time
02:42:59

Files
581549

Folders
14829

Boot Sectors
0

Archives
10797

Packed Files
46050




Results

Identified Viruses
17

Infected Files
23

Suspect Files
3

Warnings
0

Disinfected
0

Deleted Files
30




Engines Info

Virus Definitions
4480894

Engine build
AVCORE v2.1 Windows/i386 11.0.0.26 (Oct 20 2009)

Scan plugins
17

Archive plugins
44

Unpack plugins
8

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Qoobox\Quarantine\C\Documents and Settings\Steve\ntuser.dll.vir
Infected with: Gen:Trojan.Heur.bu8@yOgv9dac

C:\Qoobox\Quarantine\C\Documents and Settings\Steve\ntuser.dll.vir
Disinfection failed

C:\Qoobox\Quarantine\C\Documents and Settings\Steve\ntuser.dll.vir
Deleted

C:\Qoobox\Quarantine\C\Documents and Settings\Steve\Start Menu\Programs\Startup\scandisk.dll.vir
Infected with: Gen:Trojan.Heur.bu8@yOgv9dac

C:\Qoobox\Quarantine\C\Documents and Settings\Steve\Start Menu\Programs\Startup\scandisk.dll.vir
Disinfection failed

C:\Qoobox\Quarantine\C\Documents and Settings\Steve\Start Menu\Programs\Startup\scandisk.dll.vir
Deleted

C:\Qoobox\Quarantine\C\DOCUME~1\Steve\LOCALS~1\Temp\svchost.exe.vir
Infected with: Gen:Trojan.Heur.Krap.bmX@aaF0edl

C:\Qoobox\Quarantine\C\DOCUME~1\Steve\LOCALS~1\Temp\svchost.exe.vir
Disinfection failed

C:\Qoobox\Quarantine\C\DOCUME~1\Steve\LOCALS~1\Temp\svchost.exe.vir
Deleted

C:\Qoobox\Quarantine\C\DOCUME~1\Steve\LOCALS~1\Temp\winlogon.exe.vir
Infected with: Gen:Trojan.Heur.Krap.bmX@aaF0edl

C:\Qoobox\Quarantine\C\DOCUME~1\Steve\LOCALS~1\Temp\winlogon.exe.vir
Disinfection failed

C:\Qoobox\Quarantine\C\DOCUME~1\Steve\LOCALS~1\Temp\winlogon.exe.vir
Deleted

C:\Qoobox\Quarantine\C\ntldrs.vir
Infected with: Gen:Trojan.Heur.GM.0040020902

C:\Qoobox\Quarantine\C\ntldrs.vir
Disinfection failed

C:\Qoobox\Quarantine\C\ntldrs.vir
Deleted

C:\Qoobox\Quarantine\C\Program Files\wxwrmo\eefdsysguard.exe.vir
Infected with: Trojan.Generic.2615597

C:\Qoobox\Quarantine\C\Program Files\wxwrmo\eefdsysguard.exe.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir
Infected with: Gen:Trojan.Heur.Renos.juW@b8IZqCn

C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir
Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\calc.dll.vir
Infected with: Gen:Trojan.Heur.bu8@yOgv9dac

C:\Qoobox\Quarantine\C\WINDOWS\system32\calc.dll.vir
Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\calc.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir
Infected with: Trojan.Generic.2525630

C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\iehelper.dll.vir
Infected with: Trojan.Generic.2601447

C:\Qoobox\Quarantine\C\WINDOWS\system32\iehelper.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\ipyt7o1v.dll.vir
Infected with: Trojan.Generic.2554519

C:\Qoobox\Quarantine\C\WINDOWS\system32\ipyt7o1v.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\lsp.dll.vir
Detected with: Application.Generic.248984

C:\Qoobox\Quarantine\C\WINDOWS\system32\lsp.dll.vir
Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\lsp.dll.vir
Deleted

E:\backup.pst=>[Subject: ??Re: Thanks Smile][From: Hotrod]=>Joke.cpl
Infected with: Win32.Bagle.AY@mm

E:\backup.pst=>[Subject: ??Re: Thanks Smile][From: Hotrod]=>Joke.cpl
Deleted

E:\backup.pst
Updated

E:\backup.pst=>[Subject: ??Re: Thanks Smile][From: Hotrod]=>price.scr
Infected with: Worm.Generic.3187

E:\backup.pst=>[Subject: ??Re: Thanks Smile][From: Hotrod]=>price.scr
Deleted

E:\backup.pst
Updated

E:\backup.pst=>[Subject: ??Regions Bank Reminder: PIease Update Your DetaiIs][From: Regions & Union Planters]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Infected with: Trojan.Spy.HTML.Bankfraud.DQ

E:\backup.pst=>[Subject: ??Regions Bank Reminder: PIease Update Your DetaiIs][From: Regions & Union Planters]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Disinfection failed

E:\backup.pst=>[Subject: ??Regions Bank Reminder: PIease Update Your DetaiIs][From: Regions & Union Planters]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Deleted

E:\backup.pst=>[Subject: ??Regions Bank Reminder: PIease Update Your DetaiIs][From: Regions & Union Planters]=>(body)=>(Compressed Rtf)
Update failed

E:\backup.pst=>[Subject: ??Undeliverable Message User unknown][From: Postmaster]=>(body)=>(Compressed Rtf)
Suspected of: Exploit.Iframe.Vulnerability

E:\backup.pst=>[Subject: ??Undeliverable Message User unknown][From: Postmaster]=>(body)=>(Compressed Rtf)
Disinfection failed

E:\backup.pst=>[Subject: ??Undeliverable Message User unknown][From: Postmaster]=>(body)=>(Compressed Rtf)
Deleted

E:\backup.pst=>[Subject: ??Undeliverable Message User unknown][From: Postmaster]=>(body)
Deleted

E:\backup.pst
Updated

E:\backup.pst=>[Subject: ??New Net Critical Update][From: Microsoft Program Security Center]=>Upgrade36.zl9
Infected with: Win32.Swen.A@mm

E:\backup.pst=>[Subject: ??New Net Critical Update][From: Microsoft Program Security Center]=>Upgrade36.zl9
Deleted

E:\backup.pst
Updated

E:\backup.pst=>[Subject: ??Congratulations ! from Libby][From: [You must be registered and logged in to see this link.]]=>(body)=>(Compressed Rtf)
Infected with: Generic.Peed.Eml.6D944631

E:\backup.pst=>[Subject: ??Congratulations ! from Libby][From: [You must be registered and logged in to see this link.]]=>(body)=>(Compressed Rtf)
Disinfection failed

E:\backup.pst=>[Subject: ??Congratulations ! from Libby][From: [You must be registered and logged in to see this link.]]=>(body)=>(Compressed Rtf)
Deleted

E:\backup.pst=>[Subject: ??Congratulations ! from Libby][From: [You must be registered and logged in to see this link.]]=>(body)
Deleted

E:\backup.pst
Updated

E:\backup.pst=>[Subject: ??Mail Delivery (failure [You must be registered and logged in to see this link.])][From: [You must be registered and logged in to see this link.]]=>(body)=>(Compressed Rtf)
Suspected of: Trojan.Exploit.Html.Iframe.Filedownload.JF

E:\backup.pst=>[Subject: ??Mail Delivery (failure [You must be registered and logged in to see this link.])][From: [You must be registered and logged in to see this link.]]=>(body)=>(Compressed Rtf)
Disinfection failed

E:\backup.pst=>[Subject: ??Mail Delivery (failure [You must be registered and logged in to see this link.])][From: [You must be registered and logged in to see this link.]]=>(body)=>(Compressed Rtf)
Deleted

E:\backup.pst=>[Subject: ??Mail Delivery (failure [You must be registered and logged in to see this link.])][From: [You must be registered and logged in to see this link.]]=>(body)
Deleted

E:\backup.pst
Updated

E:\backup.pst=>[Subject: ??Mail Delivery (failure [You must be registered and logged in to see this link.])][From: [You must be registered and logged in to see this link.]]=>message.zlq
Infected with: Win32.Netsky.P@mm

E:\backup.pst=>[Subject: ??Mail Delivery (failure [You must be registered and logged in to see this link.])][From: [You must be registered and logged in to see this link.]]=>message.zlq
Deleted

E:\backup.pst
Updated

E:\backup.pst=>[Subject: ??Mail Delivery (failure [You must be registered and logged in to see this link.])][From: [You must be registered and logged in to see this link.]]=>(body)=>(Compressed Rtf)
Suspected of: Trojan.Exploit.Html.Iframe.Filedownload.JF

E:\backup.pst=>[Subject: ??Mail Delivery (failure [You must be registered and logged in to see this link.])][From: [You must be registered and logged in to see this link.]]=>(body)=>(Compressed Rtf)
Disinfection failed

E:\backup.pst=>[Subject: ??Mail Delivery (failure [You must be registered and logged in to see this link.])][From: [You must be registered and logged in to see this link.]]=>(body)=>(Compressed Rtf)
Deleted

E:\backup.pst=>[Subject: ??Mail Delivery (failure [You must be registered and logged in to see this link.])][From: [You must be registered and logged in to see this link.]]=>(body)
Deleted

E:\backup.pst
Updated

E:\backup.pst=>[Subject: ??1][From: Djrobengel]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Infected with: Trojan.Script.86471

E:\backup.pst=>[Subject: ??1][From: Djrobengel]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Disinfection failed

E:\backup.pst=>[Subject: ??1][From: Djrobengel]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Deleted

E:\backup.pst=>[Subject: ??1][From: Djrobengel]=>(body)=>(Compressed Rtf)
Update failed

E:\backup.pst=>[Subject: ??Citizens Bank: security update][From: Citizens Bank]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Infected with: HTML.Phishing.B

E:\backup.pst=>[Subject: ??Citizens Bank: security update][From: Citizens Bank]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Disinfection failed

E:\backup.pst=>[Subject: ??Citizens Bank: security update][From: Citizens Bank]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Deleted

E:\backup.pst=>[Subject: ??Citizens Bank: security update][From: Citizens Bank]=>(body)=>(Compressed Rtf)
Update failed

E:\backup.pst=>[Subject: ??Citizens Bank: Urgent Security Notification For All Clients [Sat, 30 Oct 2004 01:55:15 -0600]][From: Citizens Bank]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Infected with: HTML.Phishing.B

E:\backup.pst=>[Subject: ??Citizens Bank: Urgent Security Notification For All Clients [Sat, 30 Oct 2004 01:55:15 -0600]][From: Citizens Bank]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Disinfection failed

E:\backup.pst=>[Subject: ??Citizens Bank: Urgent Security Notification For All Clients [Sat, 30 Oct 2004 01:55:15 -0600]][From: Citizens Bank]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Deleted

E:\backup.pst=>[Subject: ??Citizens Bank: Urgent Security Notification For All Clients [Sat, 30 Oct 2004 01:55:15 -0600]][From: Citizens Bank]=>(body)=>(Compressed Rtf)
Update failed

E:\backup.pst=>[Subject: ??Re: Hi][From: Hotrod]=>price.zl6
Infected with: Worm.Generic.3187

E:\backup.pst=>[Subject: ??Re: Hi][From: Hotrod]=>price.zl6
Deleted

E:\backup.pst
Updated

E:\backup.pst=>[Subject: ??Urgent security notification][From: REGIONS BANK]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Infected with: Trojan.Spy.HTML.Bankfraud.DQ

E:\backup.pst=>[Subject: ??Urgent security notification][From: REGIONS BANK]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Disinfection failed

E:\backup.pst=>[Subject: ??Urgent security notification][From: REGIONS BANK]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Deleted

E:\backup.pst=>[Subject: ??Urgent security notification][From: REGIONS BANK]=>(body)=>(Compressed Rtf)
Update failed

squidboy
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-02
OS : XP Home

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by Dr Jay on Tue Nov 03, 2009 4:00 pm

Please download DDS by sUBs from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • Please follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your Desktop.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13708
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by squidboy on Tue Nov 03, 2009 7:25 pm

Have I said thank you recently?! You guys are great - I'll certainly have to donate online once this is all done!

OK, Sir, here are the results from the DDS.txt file after running DDS:


DDS (Ver_09-10-26.01) - NTFSx86
Run by Steve at 14:17:25.95 on Tue 11/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.479 [GMT -5:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Updater.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Steve\Start Menu\Programs\Startup\PGPtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Steve\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
mWindow Title =
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Tracks Eraser Pro] c:\program files\acesoft\tracks eraser pro\te.exe min
uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [BTCLiveUpdate] "c:\program files\liveupdate\LiveUpdate.exe" /autostart
uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hȋdden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Index Washer] c:\program files\webroot\washer\WashIdx.exe "Steve"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [Share-to-Web Namespace Daemon] "c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe"
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVFX Engine] "c:\program files\creative\creative live! cam\videofx\StartFX.exe"
mRun: [iRiver Updater] \Updater.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [AcronisTimounterMonitor] "c:\program files\acronis\trueimagehome\TimounterMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\documents and settings\steve\start menu\programs\startup\PGPtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: Yahoo! Pool 2 - [You must be registered and logged in to see this link.]
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} - [You must be registered and logged in to see this link.]
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - [You must be registered and logged in to see this link.]
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - [You must be registered and logged in to see this link.]
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - [You must be registered and logged in to see this link.]
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2006-6-23 260072]
R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [2006-6-23 22016]
R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [2006-6-23 13312]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2006-6-24 169120]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2006-6-24 26624]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-4-1 598856]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10741.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10741.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-27 167808]

=============== Created Last 30 ================

2009-11-03 01:33:34 0 d-----w- C:\commy21264c
2009-11-02 19:38:26 0 d-----w- C:\commy17334c
2009-11-02 04:27:52 0 d-sha-r- C:\cmdcons
2009-11-02 04:24:29 98816 ----a-w- c:\windows\sed.exe
2009-11-02 04:24:29 77312 ----a-w- c:\windows\MBR.exe
2009-11-02 04:24:29 236544 ----a-w- c:\windows\PEV.exe
2009-11-02 04:24:29 161792 ----a-w- c:\windows\SWREG.exe
2009-11-02 04:21:28 0 d-----w- C:\commy
2009-11-02 01:54:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 01:53:44 0 d-----w- C:\Malwarebytes_Anti-Malware_1.41
2009-11-02 01:53:12 7171690 ----a-w- C:\Malwarebytes_Anti-Malware_1.41.zip
2009-11-02 01:42:50 0 d-----w- c:\docume~1\alluse~1\applic~1\msca
2009-10-26 06:11:52 0 d-----w- c:\docume~1\steve\applic~1\Malwarebytes
2009-10-26 06:11:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 06:11:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-26 06:11:44 0 d-----w- c:\program files\maw
2009-10-26 06:11:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-10-25 23:20:20 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2009-10-16 03:14:31 28232 ----a-w- c:\docume~1\steve\applic~1\GDIPFONTCACHEV1.DAT
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 19:09:06 1193832 ----a-w- c:\windows\system32\FM20.DLL

============= FINISH: 14:17:53.09 ===============

squidboy
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-02
OS : XP Home

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by Dr Jay on Wed Nov 04, 2009 3:35 am

Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]

Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


==

Please include the CKScanner and Security Check logs in your next reply. Also, please tell me how your computer is running.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13708
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by squidboy on Wed Nov 04, 2009 3:57 am

Here's the CKScanner log:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

And here's the Security Check log:

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
``````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 11
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.0.9
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Actually, the computer seems to be running pretty well. I haven't been flooded with pop-ups, able to browse various known-safe sites, able to open whatever programs I choose without being blocked. If I didn't know better, I'd say it's back to normal. And maybe it is?! I will await your opinion and reply - thanks again for your support!!!

squidboy
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-02
OS : XP Home

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by Dr Jay on Wed Nov 04, 2009 6:07 am

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via [You must be registered and logged in to see this link.].

==

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

  • [You must be registered and logged in to see this link.]: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  • [You must be registered and logged in to see this link.]: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.


Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13708
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Antivirus System Pro help

Post by squidboy on Wed Nov 04, 2009 3:25 pm

DragonMaster Jay, you are awesome! Thank you so much for your help getting me through this - I definitely couldn't have done it without you. And thanks for the final tips; I'll make sure I do everything you recommended.....and I will certainly be making a donation as a "thank you".

Thanks!

Steve

squidboy
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-02
OS : XP Home

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum