Over 1 million tech questions and answers.

Rootkit.Dayoff.Process -- can't get rid of it plus other infestations

Q: Rootkit.Dayoff.Process -- can't get rid of it plus other infestations

Spybot Search and Destroy keeps detecting Rootkit.Dayoff.Process

I ran PandaScan and it detected a ton of other stuff.

Panda scan results and Hijackthis below:


Incident Status Location



Adware:Adware/WebSearch Not disinfected C:\Program Files\Messenger\hokenov83122.dll

Adware:Adware/OuterInfo Not disinfected C:\WINDOWS\system32\dgjd.dll

Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

Virus:Trj/Passtealer.ED Disinfected Operating system

Adware:adware/statblaster Not disinfected Windows Registry

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][2].txt

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][1].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][2].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][1].txt

Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][1].txt

Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][2].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][1].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][1].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][3].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][3].txt

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][2].txt

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][2].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][1].txt

Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][1].txt

Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][1].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][2].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][1].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][1].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][2].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][1].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][3].txt

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][2].txt

Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][2].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][1].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][2].txt

Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][2].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dane\Cookies\[email protected][3].txt

Virus:Trj/Clicker.XQ Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6UBD7P15\83122[1].exe[func.js]

Virus:Trj/Clicker.XQ Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6UBD7P15\83122[1].exe[func.exe]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Reed\Cookies\[email protected][2].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Reed\Cookies\[email protected][2].txt

Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Reed\Cookies\[email protected][1].txt

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Reed\Cookies\[email protected][2].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Reed\Cookies\[email protected][1].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Reed\Cookies\[email protected][2].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Reed\Cookies\[email protected][1].txt

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Reed\Cookies\[email protected][2].txt

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Reed\Cookies\[email protected][1].txt

Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Reed\Cookies\[email protected][1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Reed\Cookies\[email protected][2].txt

Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Reed\Local Settings\Temp\MBDownloader_876919.exe

Virus:Generic Malware Disinfected C:\Documents and Settings\Reed\Local Settings\Temp\WinAntiSpyware2007FreeInstall.exe

Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Reed\Local Settings\Temp\yazzlesnet.exe[?++\Yazzle1281OinAdmin.exe]

Virus:Generic Malware Disinfected C:\Program Files\WinAntiSpyware 2007\shellext.dll

Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\configs\kmhp83122.exe

Virus:Trj/Passtealer.ED Disinfected C:\WINDOWS\system32\efcyyxx.dll

Virus:Trj/Passtealer.ED Disinfected C:\WINDOWS\system32\mljjggf.dll

Virus:Trj/Passtealer.ED Disinfected C:\WINDOWS\system32\ssqrsqq.dll

Virus:Generic Malware Disinfected C:\WINDOWS\system32\stera.exe

Virus:Trj/Passtealer.ED Disinfected C:\WINDOWS\system32\vturpnk.dll

Virus:Trj/Disablekey.BF Disinfected C:\WINDOWS\Temp\ma1x1dd1v.game

Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\TISKY009.exe

Adware:Adware/DigInk Not disinfected C:\WINDOWS\uninst1014.exe

*************
*************

Hijackthis log results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:08 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wethreeconrads.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25B5459B-B779-4385-92FF-276ED139074E} - C:\Program Files\Messenger\hokenov2.dll
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\efcyyxx.dll (file missing)
O2 - BHO: (no name) - {4F5CE5BE-3AF0-4D01-A960-5A4ED2D8BCAB} - C:\Program Files\Messenger\hokenov4444.dll
O2 - BHO: (no name) - {4FACF9C4-4702-6B8E-7C71-48B67E3DF097} - C:\WINDOWS\system32\dgjd.dll
O2 - BHO: (no name) - {643ADDB6-8DBE-4828-B008-159BDC5F9BDA} - C:\WINDOWS\system32\mllji.dll (file missing)
O2 - BHO: (no name) - {794D58CB-8BC5-4DE5-851E-BB74666A4A21} - C:\Program Files\Messenger\hokenov83122.dll
O2 - BHO: 0 - {95FF3F27-D506-4744-E394-CB7F7A847EF9} - C:\Program Files\Windows NT\lavuhawor24.dll (file missing)
O2 - BHO: (no name) - {9ad3ac15-02b1-4a9d-9897-64b7a3b5b0f1} - C:\WINDOWS\system32\hbafvrk.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{76-6C-C6-6E-ZN}] C:\windows\system32\oodsregj.exe SKY009
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKLM\..\Run: [WinCore32.exe] C:\WINDOWS\system32\WinCore32.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.0\webbuying.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.0\webbuying.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121631212453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139366310171
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O20 - Winlogon Notify: efcyyxx - efcyyxx.dll (file missing)
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)
O21 - SSODL: dDHrswJh - {B4E76C6F-1E4D-C6C5-64B9-D10EA409B909} - C:\WINDOWS\system32\pzd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

--
End of file - 9326 bytes

RELEVANCY SCORE 200
Preferred Solution: Rootkit.Dayoff.Process -- can't get rid of it plus other infestations

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Rootkit.Dayoff.Process -- can't get rid of it plus other infestations

Combofix log

ComboFix 07-08-04.3 - "Dane" 2007-08-05 21:14:37.1 [GMT -5:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Dane\APPLIC~1\..\err.log>>d-delA.cf
C:\DOCUME~1\Dane\APPLIC~1\.rdr.ini
C:\DOCUME~1\NETWOR~1\APPLIC~1\.rdr.ini
C:\DOCUME~1\Reed\APPLIC~1\..\err.log>>d-delA.cf
C:\DOCUME~1\Reed\APPLIC~1\.rdr.ini
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\Dane\spooldr.ini
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\mcroso~1.net
C:\Program Files\mcroso~1.net\s?anregw.exe
C:\Program Files\Messenger\hokenov83122.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\winantispyware 2007
C:\Program Files\winantispyware 2007\msvcr71.dll
C:\Program Files\winantispyware 2007\ps.dat
C:\Program Files\winantispyware 2007\pv.dat
C:\Program Files\winantispyware 2007\quaratine.dat\#post_quarantine
C:\Program Files\winantispyware 2007\readme.rtf
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\3f9260258d1243de492ea5b4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\3f9260258d1243de492ea5b4\77cbc7e2186d4a89b4ff3995\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\3f9260258d1243de492ea5b4\77cbc7e2186d4a89b4ff3995\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\3f9260258d1243de492ea5b4\77cbc7e2186d4a89b4ff3995\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\3f9260258d1243de492ea5b4\9aef78ef7617431c710a4796\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\3f9260258d1243de492ea5b4\9aef78ef7617431c710a4796\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\3f9260258d1243de492ea5b4\9aef78ef7617431c710a4796\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\3f9260258d1243de492ea5b4\d28f90668d2a4a5cd004b9bf\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\3f9260258d1243de492ea5b4\d28f90668d2a4a5cd004b9bf\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\3f9260258d1243de492ea5b4\d28f90668d2a4a5cd004b9bf\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\3f9260258d1243de492ea5b4\d49a097a3cd84ce0097ccaa8\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\3f9260258d1243de492ea5b4\d49a097a3cd84ce0097ccaa8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\3f9260258d1243de492ea5b4\d49a097a3cd84ce0097ccaa8\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\50e2e92e1b8c49910946e2b1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\50e2e92e1b8c49910946e2b1\14300764183b46deb6c6e687\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\50e2e92e1b8c49910946e2b1\14300764183b46deb6c6e687\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\50e2e92e1b8c49910946e2b1\14300764183b46deb6c6e687\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\50e2e92e1b8c49910946e2b1\3c5be6e922454e43476cfc84\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\50e2e92e1b8c49910946e2b1\3c5be6e922454e43476cfc84\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\50e2e92e1b8c49910946e2b1\3c5be6e922454e43476cfc84\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\50e2e92e1b8c49910946e2b1\8fea01af99fd4192d27bc28d\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\50e2e92e1b8c49910946e2b1\8fea01af99fd4192d27bc28d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\50e2e92e1b8c49910946e2b1\8fea01af99fd4192d27bc28d\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\50e2e92e1b8c49910946e2b1\d59f4263d5844452201f40b8\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\50e2e92e1b8c49910946e2b1\d59f4263d5844452201f40b8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\50e2e92e1b8c49910946e2b1\d59f4263d5844452201f40b8\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\00e72772494d49d60ec6fd97\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\00e72772494d49d60ec6fd97\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\00e72772494d49d60ec6fd97\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1099d8b295a645fe22b5cb84\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1099d8b295a645fe22b5cb84\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1099d8b295a645fe22b5cb84\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1099d8b295a645fe22b5cb84\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1519ccda68924707b4bda1b0\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1519ccda68924707b4bda1b0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1519ccda68924707b4bda1b0\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1700c0cb69494da15970a9aa\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1700c0cb69494da15970a9aa\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1700c0cb69494da15970a9aa\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\17819e61768d402ea3a2e186\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\17819e61768d402ea3a2e186\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\17819e61768d402ea3a2e186\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1ae9065a0e6a4e9aa55cac99\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1ae9065a0e6a4e9aa55cac99\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1ae9065a0e6a4e9aa55cac99\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1ae9065a0e6a4e9aa55cac99\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1fd0c3d669394b40a503ea99\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1fd0c3d669394b40a503ea99\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\1fd0c3d669394b40a503ea99\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\2a98649d29c24946203e80b8\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\2a98649d29c24946203e80b8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\2a98649d29c24946203e80b8\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\2db794b97dc2470c723d5d80\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\2db794b97dc2470c723d5d80\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\2db794b97dc2470c723d5d80\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\31c7dd7898d242ff4c70978b\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\31c7dd7898d242ff4c70978b\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\31c7dd7898d242ff4c70978b\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\31c7dd7898d242ff4c70978b\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\36a0ccbb431741d1f1c1d2bd\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\36a0ccbb431741d1f1c1d2bd\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\36a0ccbb431741d1f1c1d2bd\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\36a0ccbb431741d1f1c1d2bd\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\3cf6da59150f4a3f396e189f\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\3cf6da59150f4a3f396e189f\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\3cf6da59150f4a3f396e189f\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\400fc5591cd344cdcf05218e\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\400fc5591cd344cdcf05218e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\400fc5591cd344cdcf05218e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\400fc5591cd344cdcf05218e\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\4227df415f5449abda3fe983\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\4227df415f5449abda3fe983\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\4227df415f5449abda3fe983\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\42c2fbc90bf342d3790cb99e\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\42c2fbc90bf342d3790cb99e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\42c2fbc90bf342d3790cb99e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\42c2fbc90bf342d3790cb99e\Dane
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\431fbe6ad9894397cbbdcf9c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\431fbe6ad9894397cbbdcf9c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\431fbe6ad9894397cbbdcf9c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\4a4743d80b4a48ccd034f19e\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\4a4743d80b4a48ccd034f19e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\4a4743d80b4a48ccd034f19e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\56ac0c7b323245370c3697b0\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\56ac0c7b323245370c3697b0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\56ac0c7b323245370c3697b0\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\5706328f3bc34b255f4e0588\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\5706328f3bc34b255f4e0588\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\5706328f3bc34b255f4e0588\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\595507f128e343a1909e63b8\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\595507f128e343a1909e63b8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\595507f128e343a1909e63b8\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\595507f128e343a1909e63b8\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\5aae0c54947d4da37df34ca6\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\5aae0c54947d4da37df34ca6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\5aae0c54947d4da37df34ca6\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\5aae0c54947d4da37df34ca6\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\5ff7c460f3194fbd4e364b85\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\5ff7c460f3194fbd4e364b85\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\5ff7c460f3194fbd4e364b85\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\628d8881c39441ffb1f581bb\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\628d8881c39441ffb1f581bb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\628d8881c39441ffb1f581bb\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\65dbb7a100634a1303759586\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\65dbb7a100634a1303759586\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\65dbb7a100634a1303759586\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\65dbb7a100634a1303759586\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\674bca19e8e940ce4093de93\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\674bca19e8e940ce4093de93\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\674bca19e8e940ce4093de93\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\6d43e5ba0208467259eeb98e\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\6d43e5ba0208467259eeb98e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\6d43e5ba0208467259eeb98e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\6d43e5ba0208467259eeb98e\Dane
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\720708bc36f64ed128da00a5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\720708bc36f64ed128da00a5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\720708bc36f64ed128da00a5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\720708bc36f64ed128da00a5\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\73a7e2378deb484c55f1fa88\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\73a7e2378deb484c55f1fa88\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\73a7e2378deb484c55f1fa88\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\73a7e2378deb484c55f1fa88\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\73cc2d8129a4408175b62680\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\73cc2d8129a4408175b62680\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\73cc2d8129a4408175b62680\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\793774ca4cd8484463a7f7a4\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\793774ca4cd8484463a7f7a4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\793774ca4cd8484463a7f7a4\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\7b44a235c58949544b45c199\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\7b44a235c58949544b45c199\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\7b44a235c58949544b45c199\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\7e5876eaf39d4f0703f934aa\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\7e5876eaf39d4f0703f934aa\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\7e5876eaf39d4f0703f934aa\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\8542e4133bf749a331e0e584\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\8542e4133bf749a331e0e584\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\8542e4133bf749a331e0e584\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\8542e4133bf749a331e0e584\Dane
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\87198750062b48a1efe28b9d\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\87198750062b48a1efe28b9d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\87198750062b48a1efe28b9d\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\8a296a9019f54b03dbb43f8c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\8a296a9019f54b03dbb43f8c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\8a296a9019f54b03dbb43f8c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\9150cccc2cd549019c2dfc95\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\9150cccc2cd549019c2dfc95\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\9150cccc2cd549019c2dfc95\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\a45422144b5d4daf9a2e42a3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\a45422144b5d4daf9a2e42a3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\a45422144b5d4daf9a2e42a3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\b4ea04f69675478d17e73da4\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\b4ea04f69675478d17e73da4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\b4ea04f69675478d17e73da4\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\b54408d5884144a36efc1988\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\b54408d5884144a36efc1988\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\b54408d5884144a36efc1988\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\b96c18fd5a6544d9f37b598f\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\b96c18fd5a6544d9f37b598f\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\b96c18fd5a6544d9f37b598f\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\b96c18fd5a6544d9f37b598f\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\bab699c538fd4c9d027be38b\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\bab699c538fd4c9d027be38b\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\bab699c538fd4c9d027be38b\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\bb10a4aece2348525ef8cd92\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\bb10a4aece2348525ef8cd92\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\bb10a4aece2348525ef8cd92\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\bda2cd7627ca48a9b2d6c0a0\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\bda2cd7627ca48a9b2d6c0a0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\bda2cd7627ca48a9b2d6c0a0\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\bda2cd7627ca48a9b2d6c0a0\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\bdc46f0a3b4a4dc22b2c8da3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\bdc46f0a3b4a4dc22b2c8da3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\bdc46f0a3b4a4dc22b2c8da3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\bdc46f0a3b4a4dc22b2c8da3\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\c0bbdc6fd32f4633acfb008e\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\c0bbdc6fd32f4633acfb008e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\c0bbdc6fd32f4633acfb008e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\c27be891b1ac41973a89a8bc\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\c27be891b1ac41973a89a8bc\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\c27be891b1ac41973a89a8bc\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\c5020712086145a82f0343a4\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\c5020712086145a82f0343a4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\c5020712086145a82f0343a4\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\cda3a3249f9840fd5da97c8e\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\cda3a3249f9840fd5da97c8e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\cda3a3249f9840fd5da97c8e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\cda3a3249f9840fd5da97c8e\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\d0859759aafc4d23df6320a0\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\d0859759aafc4d23df6320a0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\d0859759aafc4d23df6320a0\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\d180615b5e5e4381c89029bb\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\d180615b5e5e4381c89029bb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\d180615b5e5e4381c89029bb\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\daa96d0bbf834105cbb953b9\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\daa96d0bbf834105cbb953b9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\daa96d0bbf834105cbb953b9\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\daa96d0bbf834105cbb953b9\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\e17315adf1414b389edb04bd\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\e17315adf1414b389edb04bd\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\e17315adf1414b389edb04bd\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\e17315adf1414b389edb04bd\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\e23666fa321245caf14850ae\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\e23666fa321245caf14850ae\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\e23666fa321245caf14850ae\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\e60340c0c1ac40397cb56c9b\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\e60340c0c1ac40397cb56c9b\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\e60340c0c1ac40397cb56c9b\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\e937132a6af54579fd6de3b1\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\e937132a6af54579fd6de3b1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\e937132a6af54579fd6de3b1\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\f30a054ca94e4ff73dee1abf\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\f30a054ca94e4ff73dee1abf\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\f30a054ca94e4ff73dee1abf\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\f31b22ef936e49c85b3e088d\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\f31b22ef936e49c85b3e088d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\f31b22ef936e49c85b3e088d\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\f7b6d1ce5af8425853b662a9\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\f7b6d1ce5af8425853b662a9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\f7b6d1ce5af8425853b662a9\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\fb8544fafc264c043e6d28bf\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\fb8544fafc264c043e6d28bf\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\fb8544fafc264c043e6d28bf\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\fb8544fafc264c043e6d28bf\Reed
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\fea56b21dbe143b0bb2ad091\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\fea56b21dbe143b0bb2ad091\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\0f6c4b9519a644943fd98988\a9478aa657084272d85a2a97\fea56b21dbe143b0bb2ad091\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\00632493f6904ac7f0b935a9\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\00632493f6904ac7f0b935a9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\00632493f6904ac7f0b935a9\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\017246851b3847eef91488b5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\017246851b3847eef91488b5\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\019e163a3f9a4f0e4aec36a7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\019e163a3f9a4f0e4aec36a7\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\079d035592f14057731e6db3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\079d035592f14057731e6db3\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\0f166f8ca0094c86779da2bb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\0f166f8ca0094c86779da2bb\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\136c81f7f4ab47f23890949b\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\136c81f7f4ab47f23890949b\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\13e699a9d6754619c6307089\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\13e699a9d6754619c6307089\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\14539071c8ff46ac7d7da7b9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\14539071c8ff46ac7d7da7b9\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\1b41d8b7b875469c0bc92a82\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\1b41d8b7b875469c0bc92a82\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\1c5d202d39544e3d375611a1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\1c5d202d39544e3d375611a1\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\25d3fb65c3c545f840cbbcbe\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\25d3fb65c3c545f840cbbcbe\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\2c06f06a596c4ab6f6c9d1b4\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\2c06f06a596c4ab6f6c9d1b4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\2c06f06a596c4ab6f6c9d1b4\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\2d5352507724449173350dbf\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\2d5352507724449173350dbf\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\3ad912f992b94383d48e4c8b\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\3ad912f992b94383d48e4c8b\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\3bb753afe4644e5c756287b0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\3bb753afe4644e5c756287b0\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\41a4e7a5b514420e00a3adb1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\41a4e7a5b514420e00a3adb1\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\41b607070a9546aece466b8e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\41b607070a9546aece466b8e\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\4928a7e4a20241fd38f6cfb9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\4928a7e4a20241fd38f6cfb9\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\4e4118db024a4f582ea2acad\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\4e4118db024a4f582ea2acad\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\4f4e98e2dd41471b4ba63495\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\4f4e98e2dd41471b4ba63495\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\5316fa3100774ceae28ba1be\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\5316fa3100774ceae28ba1be\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\5ed6a075c68c47cdca060bad\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\5ed6a075c68c47cdca060bad\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\60cc25377bc143266fa6e394\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\60cc25377bc143266fa6e394\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\62047a273d7e481f6ce5409a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\62047a273d7e481f6ce5409a\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\6ec6d9c7364b492903a0f5af\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\6ec6d9c7364b492903a0f5af\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\7a8af0ea28534dbaccf31489\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\7a8af0ea28534dbaccf31489\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\8bf3aebada784250108419ab\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\8bf3aebada784250108419ab\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\8cb9d2fa691942e5647403b3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\8cb9d2fa691942e5647403b3\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\8f19ad64521a4095f07fa780\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\8f19ad64521a4095f07fa780\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\92bd4e3357ba4e257d906b92\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\92bd4e3357ba4e257d906b92\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\94fcca2aad614a80e5cc1ab4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\94fcca2aad614a80e5cc1ab4\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\9658a90ea65046710f86f5bf\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\9658a90ea65046710f86f5bf\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\97a12d59e8704752d6724494\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\97a12d59e8704752d6724494\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\9b06846840cb426888a753a6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\9b06846840cb426888a753a6\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\9e2dbc1097d6443f25822f82\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\9e2dbc1097d6443f25822f82\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\a14d045c7ffa48229e59d482\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\a14d045c7ffa48229e59d482\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\a2cffa17167540c48f9d518c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\a2cffa17167540c48f9d518c\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\a36c3a80300341220f6708ba\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\a36c3a80300341220f6708ba\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\ad4c359dd69b44ee1b0b9692\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\ad4c359dd69b44ee1b0b9692\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\b041435ec0c6478f1814a68a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\b041435ec0c6478f1814a68a\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\b1626fb7a08846ae77a606b3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\b1626fb7a08846ae77a606b3\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\b3fb57ae3dc440a6b05e079f\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\b3fb57ae3dc440a6b05e079f\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\b9a95519060043baa3f2aaa0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\b9a95519060043baa3f2aaa0\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\c54a938e4fdf4371b482a7aa\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\c54a938e4fdf4371b482a7aa\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\cac85d8f94eb4e00b6406e8e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\cac85d8f94eb4e00b6406e8e\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\d4172bf3bbc74f8135424a80\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\d4172bf3bbc74f8135424a80\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\d9eee89a454c44e9e07ca3a4\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\d9eee89a454c44e9e07ca3a4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\d9eee89a454c44e9e07ca3a4\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\da55059766a043b64697c2b4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\da55059766a043b64697c2b4\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\da7b9797424b45abcb2f3d97\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\da7b9797424b45abcb2f3d97\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\ff2250fe8a9d46b4a5914785\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5e817fc151bf4e4dba6a74a3\ff2250fe8a9d46b4a5914785\#startup
C:\Program Files\winantispyware 2007\scanlog.xml
C:\Program Files\winantispyware 2007\settings.ini
C:\Program Files\winantispyware 2007\shellext.xml
C:\Program Files\winantispyware 2007\Summary.dat
C:\Program Files\winantispyware 2007\support.url
C:\Program Files\winantispyware 2007\tasks.dat
C:\Program Files\winantispyware 2007\threatnet.dat
C:\Program Files\winantispyware 2007\threatnet.ini
C:\Program Files\winantispyware 2007\unins000.dat
C:\Program Files\winantispyware 2007\unins000.exe
C:\Program Files\winantispyware 2007\uninstall.ico
C:\Program Files\winantispyware 2007\UnWizard.exe
C:\Program Files\winantispyware 2007\unwizard.xml
C:\Program Files\winantispyware 2007\up.dat
C:\Program Files\winantispyware 2007\updater.dat
C:\Program Files\winantispyware 2007\WAS7.url
C:\Program Files\winantispyware 2007\WAS7.xml
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\WINDOWS\spooldr.exe
C:\WINDOWS\system32\22565717141.dll
C:\WINDOWS\system32\2302554641.dll
C:\WINDOWS\system32\2302737541.dll
C:\WINDOWS\system32\2345782841.dll
C:\WINDOWS\system32\2345785941.dll
C:\WINDOWS\system32\b06FdUe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\config\systemprofile\application data\.rdr.ini
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\drivers\ApiMon.sys
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\hjld.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\nso12k.sys
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\Z2
C:\WINDOWS\TISKY009.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FOPN
-------\LEGACY_ICF
-------\LEGACY_NET_AGENT
-------\Driver
-------\ICF
-------\Net Agent


((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


2007-08-05 21:13 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-05 20:00 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-05 19:58 <DIR> d-------- C:\Deckard
2007-08-05 19:54 21,312 --a------ C:\WINDOWS\choice.exe
2007-08-05 19:54 <DIR> d-------- C:\ie-spyad
2007-08-05 19:47 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-08-05 19:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-05 18:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-04 22:24 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-04 22:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-04 22:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-04 18:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-04 17:56 <DIR> d-------- C:\Program Files\bgjalats
2007-08-04 17:55 171,520 --a------ C:\WINDOWS\system32\hbafvrk.dll
2007-08-04 17:54 <DIR> d-------- C:\WINDOWS\system32\IMES
2007-08-04 17:54 <DIR> d-------- C:\Temp\1bc
2007-08-04 17:49 <DIR> d-------- C:\Program Files\iTunes
2007-08-04 17:49 <DIR> d-------- C:\Program Files\iPod
2007-08-04 17:44 6,467 ---hs---- C:\WINDOWS\system32\ijllm.bak1
2007-08-04 17:39 60,928 --a------ C:\WINDOWS\system32\dgjd.dll
2007-08-04 17:39 169,147 --a------ C:\WINDOWS\TTC-4444.exe
2007-08-04 17:38 <DIR> d-------- C:\WINDOWS\system32\f02WtR
2007-08-04 17:38 <DIR> d-------- C:\WINDOWS\system32\configs
2007-08-04 17:38 <DIR> d-------- C:\Temp\fse
2007-08-04 17:38 <DIR> d-------- C:\Temp\1cb
2007-08-04 17:38 <DIR> d-------- C:\Temp
2007-08-04 17:38 <DIR> d-------- C:\DOCUME~1\Reed\APPLIC~1\??crosoft.NET
2007-07-20 22:26 <DIR> d-------- C:\Program Files\Windows SteadyState
2007-07-20 21:24 <DIR> d-------- C:\DOCUME~1\Reed\APPLIC~1\Apple Computer
2007-07-20 21:21 <DIR> d-------- C:\DOCUME~1\Dane\APPLIC~1\Apple Computer
2007-07-20 21:19 <DIR> d-------- C:\Program Files\QuickTime
2007-07-20 21:18 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-20 21:18 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-20 21:17 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-20 21:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-13 17:33 <DIR> d-------- C:\WINDOWS\system32\LogFiles


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-05 21:17 --------- d-------- C:\Program Files\Messenger
2007-08-05 19:21 --------- d-------- C:\Program Files\Digital Line Detect
2007-08-05 18:40 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-04 20:40 375296 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-04 20:40 375296 --a------ C:\WINDOWS\system32\dllcache\tcpip.sys
2007-08-04 20:37 --------- d-------- C:\Program Files\Windows NT
2007-08-04 17:56 14336 --a------ C:\WINDOWS\system32\svchost.exe
2007-08-04 17:56 14336 --a------ C:\WINDOWS\system32\dllcache\svchost.exe
2007-06-25 08:53 53248 --a------ C:\WINDOWS\uninst1014.exe
2007-05-16 10:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 04:24 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll

C:\WINDOWS\system32\drivers\tcpip.sys ... is infected !! (additional data below)
359,936 2005-05-25 19:07:12 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
360,448 2006-01-13 17:07:08 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
360,576 2006-04-20 12:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
359,040 2004-08-04 10:00:00 C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
359,808 2005-05-25 19:04:02 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
359,808 2006-01-13 02:28:14 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
375,296 2007-08-05 01:40:36 C:\WINDOWS\system32\dllcache\tcpip.sys
375,296 2007-08-05 01:40:39 C:\WINDOWS\system32\drivers\tcpip.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25B5459B-B779-4385-92FF-276ED139074E}]
2007-08-02 08:43 282624 --a------ C:\Program Files\Messenger\hokenov2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F5CE5BE-3AF0-4D01-A960-5A4ED2D8BCAB}]
2007-08-02 08:43 282624 --a------ C:\Program Files\Messenger\hokenov4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FACF9C4-4702-6B8E-7C71-48B67E3DF097}]
2007-08-01 08:43 60928 --a------ C:\WINDOWS\system32\dgjd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{643ADDB6-8DBE-4828-B008-159BDC5F9BDA}]
C:\WINDOWS\system32\mllji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95FF3F27-D506-4744-E394-CB7F7A847EF9}]
C:\Program Files\Windows NT\lavuhawor24.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ad3ac15-02b1-4a9d-9897-64b7a3b5b0f1}]
2007-08-04 17:55 171520 --a------ C:\WINDOWS\system32\hbafvrk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 23:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 22:59]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 10:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 00:35]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-12-09 13:58]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-04-28 14:34]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 08:50]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-06-14 19:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"{76-6C-C6-6E-ZN}"="C:\windows\system32\oodsregj.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"g4356cbvy63"="C:\WINDOWS\g4356cbvy63" []
"csrss"="C:\WINDOWS\csrss.exe" []
"WMDM PMSP Service"="C:\WINDOWS\system32\cssrss.exe" []
"WinCore32.exe"="C:\WINDOWS\system32\WinCore32.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-04 19:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-06-14 19:10:33]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 11:59:36]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"dDHrswJh"= {B4E76C6F-1E4D-C6C5-64B9-D10EA409B909} - C:\WINDOWS\system32\pzd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
LogonDll.dll 2003-05-16 12:25 49152 C:\WINDOWS\system32\LogonDll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyyxx]
efcyyxx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllji]
C:\WINDOWS\system32\mllji.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winghy32]
winghy32.dll

R0 DepFrzHi;DepFrzHi;C:\WINDOWS\system32\drivers\DepFrzHi.sys
R0 DepFrzLo;DepFrzLo;C:\WINDOWS\system32\drivers\DepFrzLo.sys
R0 ThwSpace;ThwSpace;C:\WINDOWS\system32\drivers\ThwSpace.sys
R2 ASCTRM;ASCTRM;C:\WINDOWS\system32\drivers\ASCTRM.sys
R2 DFServEx;DFServEx;C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
R3 E100B;Intel(R) PRO Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys


Contents of the 'Scheduled Tasks' folder
2007-08-04 22:35:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-05 21:20:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\asc3550u]


Completion time: 2007-08-05 21:22:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-05 21:22

--- E O F ---

Read other 3 answers
RELEVANCY SCORE 94.8

Hello,

First hello to all members and a great thanks in advance to everyone helping us on such bugs...http://www.techsupportforum.com/imag...ies/1-pray.gif


I've discovered yesterday after a Spybot scan that I had a rootkit.dayoff.process. Tried to get rid of it using Spybot but it keeps on coming back.http://www.techsupportforum.com/imag...es/1-upset.gif


So after I tried reading everything, updated my XP, checked the Add / Remove Programs for unwanted software, downloaded DSS and HiJackThis and applied Spyware blaster and scanned with Panda ActiveScan. http://www.techsupportforum.com/imag...4-dontknow.gif
Here are my logs.


*************
SpyBot
*************

--- Report generated: 2007-08-03 10:48 ---

Rootkit.Dayoff.Process: R?glages (Cl? du registre, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\asc3550u

Rootkit.Dayoff.Process: R?glages (Cl? du registre, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\asc3550u


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-30 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31... Read more

A:Rootkit.dayoff.process

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Do you use a program called Child Control?

---------------------------------------------------------------------------------------------
Download combofix.exe to your desktop.
Disconnect from the internet....pull the plug!
Disable your real time protection of your Anti-Virus. Exit the program via the SystemTray icon.
Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries.Open Windows Defender.
Click on Tools>Options.
Scroll down and uncheck "Use real-time protection (recommended)".
After you uncheck this, click on the Save button and close Windows Defender.

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply.

Note:
D... Read more

Read other 19 answers
RELEVANCY SCORE 94.8

Spybot Search and destroy found this spyware but cannot delete it. I don't know if this spyware has anything to do with the problems I'm having with my computer now. One problem is that my PC is running really slow and the other problem is in IE7 or in the MSN Premium browser some images containg adds show as a solid red color. The problem goes away when I shut down my anti-virus software (Sympatico Security Manager) and refresh the web page. The problem also shows up on potential ads in both Yahoo and MSN Messengers. I contacted Sympatico and the only solution they came up was to uninstall and re-install the Security Manager. This was done to to avail. Hopefully this spyware is the one causing the problems.

I've completed the 5 Steps before posting a log and here are the results:

Deckard's System Scanner v20070804.61
Run by Owner on 2007-08-06 at 19:53:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
56: 2007-08-06 23:53:45 UTC - RP203 - Deckard's System Scanner Restore Point
55: 2007-08-06 18:29:55 UTC - RP202 - Spybot-S&D Spyware removal
54: 2007-08-06 04:48:13 UTC - RP201 - Spybot-S&D Spyware removal
53: 2007-08-05 07:32:34 UTC - RP200 - Made by Registry Mechanic
52: 2... Read more

A:Rootkit.Dayoff.Process

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 14 answers
RELEVANCY SCORE 94.8

I continually get this showing up when I do a spybot S&D scan. I was told to to do a free online Panda Scan and attach the logfile. Here it is ... followed by a hijackthis log. Any help would be appreciated. Thanx...

Panda.......

Scan is attached (too long for forum)...
----------------------------------------------------------------------
HIJACKTHIS .....

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:47:12 AM, on 7/29/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\HJT\HJT.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB... Read more

A:Rootkit.Dayoff.Process

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
Download combofix.exe to your desktop.
Disconnect from the internet....pull the plug!
Disable your real time protection of your Anti-Virus. Exit the program via the SystemTray icon.
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------
Re-enable your Anti-Virus if it is not active...a reboot should have re-activated it.
Re-establish an internet connection.
Open HijackThis and click on 'Do a System Scan and ... Read more

Read other 1 answers
RELEVANCY SCORE 94.8

I have read other threads regarding this dilemma. On my machine, I am not seeing any noticeable operation problems, only the existence of the rootkit in SpyBot's report. I am wondering if using Combofix is the accepted way of treating this ailment, or, do you need the information from HiJackThis first.

Thanks in advance

A:rootkit.dayoff.process

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 8 answers
RELEVANCY SCORE 93.6

Bonjour.

I will try to describe my problem. My english is not so good

1. My computer is slow.
2. I have no more acces to my C and D driver on my "Poste de travail" (workpost ?)
3. Spybot always find : Rootkit.Dayoff.Process on his search but it always reappers. Seems that i cannot get rid of it.

Can you help me ?

Here's what you asked for :


Deckard's System Scanner v20070819.64
Run by beg on 2007-08-20 18:56:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
95: 2007-08-20 22:56:48 UTC - RP482 - Deckard's System Scanner Restore Point
94: 2007-08-20 22:46:35 UTC - RP481 - Spyware Doctor: Cleaning Threats
93: 2007-08-20 22:44:59 UTC - RP480 - Spybot-S&D Spyware removal
92: 2007-08-20 22:03:37 UTC - RP479 - Spyware Doctor: Cleaning Threats
91: 2007-08-20 12:56:34 UTC - RP478 - Point de v?rification syst?me


-- First Restore Point --
1: 2007-07-07 05:09:21 UTC - RP388 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-20 1941
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explor... Read more

Read other answers
RELEVANCY SCORE 92.8

I have been experiencing random browser redirects from sites I have bookmarked or sites that have been directly linked to a variety of sites, such as sedoparking.com, as.caselmedia.com, webfile.com, and a few random others. I ran adaware, ewido, and spybot scans. All are clean, except spybot, which found the rootkit.dayoff.process. Spybot was unable to clean this up after the initial scan or after a restart scan.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-01 13:05:13
PROTECTIONS: 2
MALWARE: 17
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ThreatFire 3.5.0.21 Yes Yes
avast! antivirus 4.8.1201 [VPS 080531-1] 4.8.1201 No Yes
;==========================================================================================================================================================================... Read more

A:Rootkit.dayoff.process and Browser Redirect

b u m p

Read other 6 answers
RELEVANCY SCORE 92.8

I ran a standard Spybot SD scan and came up with a Rootkit.Dayoff.Process spyware application that cannot be quarantined or removed due to use of memory. I tried other spyware detectors and many came up with the same error while others couldnt even find it. I have noticed my computer running a little slower, but otherwise there are no effects.

Here is my activescan:


Incident Status Location

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Bubbles\Cookies\[email protected][1].txt
Adware:Adware/NavHelper Not disinfected C:\Documents and Settings\Bubbles\My Documents\Stuff which does Stuff\areslite181.exe
Spyware:Cookie/... Read more

A:Unable to Quarantine - Rootkit.Dayoff.Process

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 9 answers
RELEVANCY SCORE 91.6

I've been having problems with my XP machine since Thursday. It started with Brave Sentry and WinAntiSpyware. I've run Ad-aware and Spybot (several times). I've run McAfee Stinger, and AVG AntiRootkit and AVG Anti Spyware. Temp files were cleaned. McAfee is running in the background. Now after I log into a Users XP account, one or two items start loading from the startup and then the computer screen turns black and I hear no sound. I have to hold the start button down to shut down. Now I'm running Safe mode. Last problems cleaned were "Rootkit.dayoff.process" and "drive cleaner 2006" and "virtumonde"If you could help, I'd appreciate it.Here's the latest logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:13:14 AM, on 8/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16441)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\McAf... Read more

A:Bravesentry And Winantispy With Virtumonde And "rootkit.dayoff.process"

Welcome to the BleepingComputer HijackThis Logs and Analysis forum spireview My name is Richie and i'll be helping you to fix your problems.Disable Windows Defender's real-time protection,as it may interfere. * Open Microsoft Windows Defender. Click Start>All Programs>Windows Defender. * Click on 'Tools'>'Options'. * Under 'Real-time protection options', unselect the 'Turn on real-time protection' check box * Click 'Save'. Click on Start>Run and type Services.msc then hit Ok.Scroll down and find the service called:ICFWhen you find it, double-click on it.In the next window that opens, click the 'Stop' button. Then change the 'Startup Type:' to 'Disabled'. Now press Apply and then Ok and close any open windows. First make sure all hidden files are showing:* Click 'Start'.* Open 'My Computer'.* Select the 'Tools' menu and click 'Folder Options'.* Select the 'View' tab.* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.* Uncheck the 'Hide file extensions for known types' option.* Uncheck the 'Hide protected operating system files (recommended)' option.* Click Yes to confirm.* Click OK.Find and delete if present:C:\WINDOWS\system32\lavagopf.dllc:\windows\system32\ldcore.dllC:\WINDOWS\poolsv.exeC:\Program Files\OuterinfoHave Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'. Make sure all browser and all Windows Explorer windows are c... Read more

Read other 11 answers
RELEVANCY SCORE 48

My husband let his virus scan run out and his computer was a mess by the time I found out about the problem. Please let me know if I caught everything or if there are programs I need to unistall. ThanksMegLogfile of HijackThis v1.99.1Scan saved at 1:22:33 PM, on 4/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exeC:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXEC:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\LXSUPMON.EXEC:\Program Files\Support.com\bin\tgcmd.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Photo Viewer\album.exeC:\Program Files\Java\jre1.5.0_0... Read more

A:Many Infestations

Welcome to the BleepingComputer HijackThis forum Mantczak There are still many problems present,lets make a start.Download\install CleanUp.Launch CleanUp,then click on 'Options'.Now move the slider on the left up to 'Standard Cleanup!'.Click 'Ok',now run the program by clicking on the 'Cleanup' button.Reboot,or log off/log on when it's finished.*****************************Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.You should copy/print the following because you need to be in Safe Mode from here on.Reboot your computer into SAFE MODE" using the F8 method. To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".Scan with DrWeb-CureIt as follows:* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.* Once the short scan has finished, Click Options > Change settings* Choose the "Scan tab" and UNcheck "Heuristic analysis"* Back at the main window, click &... Read more

Read other 2 answers
RELEVANCY SCORE 47.6

that dumb party poker icon on my desktop keeps coming back, im getting pop ups when IE isnt even open, and theres this 'bullseye' thing that makes pop ups about whatever topic i am searching on google. also i noticed that there were 2 svchost.exe running.. one of them was eating up a ton of memory. i alraedy ran trend micro house call, adaware and spybot search and destroy.Logfile of HijackThis v1.99.1Scan saved at 4:19:29 PM, on 6/8/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Canon\BJCard\Bjmcmng.exeC:\WINDOWS\System32\NMSSvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Common Files\Real\Update_OB\evntsvc.exeC:\Program Files\hijack this\HijackThis.exeC:\Program Files\Internet Explorer\iexplore.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Pag... Read more

A:several infestations.... hijackthis log

Hello scubadan and welcome to the BC forums. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.Step #2Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =O2 - BHO: WinStat - {F007E221-018D-4baf-924A-B0E9092F3853} - C:\WINDOWS\System32\WinStat11.dllO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [nemlgij] C:\WINDOWS\System32\nemlgij.exeO15 - Trusted Zone: http://www.neededware.comNow close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.Step #4We need to make sure all hidden files are showing so please:Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide file extensions for known types option.Uncheck the Hide protecte... Read more

Read other 1 answers
RELEVANCY SCORE 47.6

Hi,

I just inherited this PC from my husband (mine died). After running ActiveScan, I found out it has virus and adware infestations. Pleas help.


Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-15 13:23:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-15 13:24:00
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
C:... Read more

A:Malware infestations

www.avast.com
free antivirus with boot sect scan .for free its the best help i found

Read other 4 answers
RELEVANCY SCORE 46.8

Hello

I had outer info installed on my system and followed advice that I found in other threads to take care of the issue. I'd really appreciate it if someone could confirm that what I did worked and tell me if the see anything else that I'm infected with.

Here is what I did. I originally had AVG free edition, and AVG spyware running on my system. I also ran Crap Cleaner before any of this. Following previously posted advice I ran the OIuninstaller and then Highjackthis. I'll post logs for everything I did at the end. I then ran combofix followed by ATF cleaner. I then ran SuperAntiSpyware. I then disabled
system restore, rebooted, and created a new restore point. Finally I ran Highjackthis once more.

Does it look like I took care of Outerinfo? Does it look like there is anything else left over? Any suggestions on things I really should get rid of for optimization are welcome.

All help is really appreciated!
LANCE
HIGHJACKTHIS LOG FILE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:04 AM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Devic... Read more

Read other answers
RELEVANCY SCORE 46.8

HiAs mentioned in the Topic heading I have been having trouble with a lot of infestations and despite running Spyware Doctor, Windows Defender and Adaware I had been unable to resolve the problems. Having followed all the steps outlined on your website I haven't seen much sign of the malware although there are still 3 icons on my desktop that I am suspicious of: Ad-Watch 2007; Live safety Center; and Online Security Guide.Additionally I am unable to install Windows Updates from the Microsoft website despite the successful downloading of the 81 files identified. I have attempted this several times and have even tried renaming the Software Distribution folder in order to force my computer to download fresh updates.This problem has been occuring since I performed an install repair which I undertook out of desperation and several weeks of trying to resolve my original issue which was Windows' inability to use WDM audio drivers. I have tried every proposed solution I have been able to find on the internet for this problem but all to no avail! ASIO drivers work fine so programmes like Cubase are ok but many other audio devices remain inoperable.Sorry this has turned out to be rather a complicated request for help but anything you can suggest will be most gratefully received.Thanks very much in anticipation of your assistance.SimonLogfile of Trend Micro HijackThis v2.0.2Scan saved at 21:33:07, on 31/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (... Read more

A:Various Infestations Including 'securityonpage'

Welcome to the BleepingComputer HijackThis Logs and Analysis forum samuelah My name is Richie and i'll be helping you to fix your problems.If you have previously downloaded ComboFix,please delete that version now.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.*NOTE*In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.I now need you to do the following if you will:Go here:http://virusscan.jotti.org/ Using the 'Browse' button,browse to:C:\Program Files\System-A\ie-improver.dllThen press the 'Submit' button.Wait while the file is scanned.Post the results into your next reply.If Jotti's too busy,try here:http://www.virustotal.com/en/virustotalf.htmlClick on the 'Analysis' tab.Using the 'Browse' button,browse to:C:\Program Files\System-A\ie-improver.dllThen click on 'Send Fi... Read more

Read other 10 answers
RELEVANCY SCORE 46.8

Hi Folks,

For a few days now I have been diligently battling Look2me malware. I have followed many of the pinned topics and bleepingcomputer-posted responses to users in this forum and I am not yet rid of this infection. I am having repeat reinfestations on reboot, with or without network connection and in and out of Safe Mode; though the latter may be due in part to my varied scanning sequences. I have slow system response and multple pop-ups. I am confident winlogon is the root of this particular evil; the referenced filename frequently changes on boot, and now there are multiple instances in HTJ boot logs.

This is my first time posting at any PC support forum, so please bear with me if I have overlooked some essential detail.

I have used the following utilities per various pinned topics / responses with no resolution as of yet.

Cleanit (fantastic little utility by the way - glad to have discovered it here, thanks)
Hijackthis
Ad-Ware
Ewido Security Suite (repeatedly detects spyware.Look2me infection / detects 2-4 hits now on normal logon)
FxSpL2Me.exe (found nothing)
Kill2me.exe (found nothing in safe mode. Also ran in normal mode allowing the look2me to remain resident on detection by ewido; it remained undetected by kill2me)
NoAdware
SpySweeper
Spybot
Killbox (utility unsuccessful in deleting the ever-changing dll files resident in C:\Windows\system32)
Smitfraud.reg / smitrem.exe (restored my hijacked desktop and related system settings)
AproposFix.e... Read more

A:Repeated Look2me Infestations

Hi GEM and Welcome to the Bleeping Computer!I do like your attitude! Please Download the l2mfix fromhttp://www.atribune.org/downloads/l2mfix.exeorhttp://www.downloads.subratam.org/l2mfix.exeSave the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Read other 20 answers
RELEVANCY SCORE 46.8

Hi, I found this forum through a google search on information about how to get rid of Outerinfo. I'm mostly experiencing pop ups based off of products related to sites I visit or terms I search for. Even though I use Firefox, most of the pop ups originate in Microsoft IE and are almost always titled "Advertisement from Outerinfo" (with a rare ad-tab appearing in Firefox). I've also noticed that along with my flash and java blocking extensions for Firefox is an Outinfo extension that won't let me uninstall it (it's currently disabled, though I know that likely makes no difference anyway). Occasionally an ad will pop up that doesn't have Outerinfo in it's banner which leads me to think there might be malware other than Outerinfo infesting this laptop at the moment.

The only other suspicious activity I can recall taking place on this machine is SpywareGuard catching a few BHOs being written into the registry after start up. Most will stop if I choose to block them but one in particular will continuously attempt to write everytime I try to block it. It's named nnilg.dll or something similar and it won't stop until I basically roll over and let it write to the registry. Hopefully this information is helpful enough to solve the problem.

The following is my HijackThis report:

Logfile of HijackThis v1.99.1
Scan saved at 1:42:52 AM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.1660... Read more

A:Solved: Outerinfo & possible other infestations

Read other 16 answers
RELEVANCY SCORE 46.8

Please assist me . I have one very very sick machine on my hand .I must have other virus/trojans on board as well. I have AVAST , (installed after the infestation-) as well as SPYBOT now and AD-Adware now .I had ESET running but that is a useless piece of u know what. I believe someone's thumbnail drive might of caused the infestation in the first place but I am not exactly sure . I can barely connect to the internet - FIREFOX just died and I need to use a proxy to make IE work.,meaning I can't use a direct connection . So my networking files have been hit too. AVAST keeps barking at me every time I try touse explorer and browse a website -it tries to install the IFRAME virus - . When I start up an interenet connection (using wireless now) it tries to reach a malicious site . (again AVAST barks that out to me ) I am using a clean thumbnail drive and another clean computer to use this forum and upload logs etc...... (by the way - I'm in Asia right now so about 12 hours time difference from East coast USA) additional info : it wants to add a global variable rundll process on msgxkyxg.dll which is hiding in system32 - this dll looks benign to adware and myantivirus but it was also somehow hooked to a program HPRBLOG or something like that so I deleted that .exe (killed it with unlocker - then deleted it)Also deleted the msgxkyxg.dll but something tells me they will be back on next rebootI could not successfully run the DDS.scr - kept complaining about a missing "... Read more

A:Help- Have Iframe-inf & multiple infestations

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 46.8

Thanks, first of all, for reading this post. I have been working on this computer for the past week trying to rid it of all the infestations that have been downloaded onto it. I have found practically any and every virus known to man. Apparently, my brother isn't as internet savvy as I assumed he was! In any case, I think that I have broken down the mass majority of the problems; however, I know that a few problems still exist.Everytime that I boot up the computer, my (now) installed Webroot SpySweeper keeps detecting an outgoing page to hxxp://81.29.248.59. I have been unsuccessful in tracking down the culprit in the system. Here is a (short) list of the enemies that I have found and defeated on this machine:- virus: trj/downloader.mdw- app/nircmd.a- adware_memwatcher (I believe this is Spybot...not spyware)- detected tspy_small (cannot defeat)- detected tspy_mosucker (cannot defeat)- 127.0.0.1 outgoing page- zlob downloaderI am running the following software: Iolo System Mech 7 Pro, Iolo Personal Firewall, Webroot SpySweeper, Avast! 4 Home Edition, Spybot Search & Destroy.I've tried every online virus scanner that I could find to clear this mess up!!! Please help!!!! Email me at *** Thanks!---------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:32:14 AM, on 11/6/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2... Read more

A:Hell In A Box...can't Defeat All Infestations!

To whomever can help with this topic, I just found another infestation named "trojan-ace-x" on this machine as well. I REALLY could use some help here!

Read other 4 answers
RELEVANCY SCORE 46.8

O.S. XP Home. Have this TROJAN.ROOTKIT/GEN.PROCESS virus. Any ideas how to remove this one? Thanks. See attached HJT Log.
 

A:Trojan.rootkit/gen.process

Read other 14 answers
RELEVANCY SCORE 46.8

I had Avast warn me 2 times that I had a Rootkit Hidden Process.
c:\\Windows\system32\drivers\ATWPKT2.SYS

I tried to follow the 5 steps, but I ran into a problem.

First, I didn't scan with Panda because yesterday I scanned with Avast. It took over 2 hours, so I didn't do it again with Panda.

Then, on Step 5, after trying to run the DSS, I got the BSOD 2x while it was trying to create a restore point.

My system restore is inoperable with this virus I have. I tried to go back first, twice, both couldn't be done.

Since DSS didnt' work, I downlowded the current HJT program and ran that. My log is posted below.

I am using XP Pro, with a SP2. I had no problems ever with my computer, but my father was using my computer last week and probably clicked on something he shouldn't have.

Thanks for understanding about the steps in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:49 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\... Read more

Read other answers
RELEVANCY SCORE 46.4

brave sentry popped up on my computer one night
I searched a bunch of places and no 2 places had the same
reccomended fix
what do you suggest
I can boot and run programs in safe mode
but the computer goes to clear memory and reboot
before I can do anything in normal mode.
Your anticipated help is appreciated.

bump from page 5 to page1
 

A:Solved: brave sentry and possible other infestations

Read other 16 answers
RELEVANCY SCORE 46.4

According to Emsisoft Anti-Malware I have Rootkit.Boot.Pihar!E2. I discovered this rootkit with the Emsisoft scan after Combofix removed some bad stuff and achieved what appear to be clean scans. Please help with removal advice on the rootkit. Combofix logs since last fall are attached in case that helps.

The other problems I've noticed and would like to solve are:

1. Windows Installer will not work properly (error message that another installation needs to finish first). I removed AVG Antivirus 2012 so Combofix would run smoothly but cannot reinstall in now. I'm using the system as little as possible now until this is solved.
2. There are a large number of processes running in Task Manager when I'm not really doing anything and have no programs open. This seems to be slowing down the system a huge amount and it's hard to get anything done now especially as items replicate. It looks like one or more running processes are interfering with Windows Installer. I'd like to get rid of everything that's not essential if you can tell me what to do. Here's a list of running processes from Task Manager:

FP_AX_CAB_INSTALLER64.exe (multiple entries, keeps replicating, suspected Malware)
InstallFlashPlayer.exe (multiple entries, keeps replicating, suspected Malware)
svchost.exe (multiple entries, keeps replicating but seems legitimate)
msiexec.exe (multiple entries)
explorer.exe (I don't use Internet Explorer and have seen error/crash message... Read more

A:Rootkit and Task Mgr Process Issues

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 15 answers
RELEVANCY SCORE 46.4

Hi! I downloaded the MBR rootkit detector from Gmer.net and run it. It said that I possibly have some rootkit in the MBR. I tried to run Gmer but it hangs, in Safe Mode too. Is it possible to detect this kind of threat (rootkit or mbr-malware) using some king of program that lists running processes, like Process Hacker or Process Explorer. Or is it completely hidden in my system? Because I don't know any other good rootkit detector then Gmer and I want to know for sure that nothing is running on my system that I don't know about.

A:Possible to detect rootkit with Process Explorer?

Please do the following:

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

NOTE:

If you still have trouble running GMER, just check the box beside the "sections" and C:\ drive, ... Read more

Read other 3 answers
RELEVANCY SCORE 46

Hey Guys, (And Girls)
Im back after a long absence,
I was wandering if any of you were able to analyse my HJT log and tell me how to get rid of this trojan.
I ran Scans from my Norton Antivirus (Provided as a package from BT Yahoo! Broadband),
NOD32, Spyware Search And Destroy as well as A-Squared Security, all in safe mode. I also ran VundoFix in and out of safe mode. (Thought to just try it) (I also only ran one at a time, so there shouldn't be any conflict issues since i made sure only the processes belonging to the security software i was using was running, so there shouldn't be any conflict issues.

But not one of these found a trojan. I tried finding the file, i was originally in my temp folder (e.g. <Name>\Temp or wherever it is stored, which i have since tried to clean out, and then another time my Norton picked it up in my Windows\Temp folder.
Norton tells me it cannot delete or quarantine the file, so it denies access to it.

Here is my HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:42:23, on 17/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:... Read more

A:Solved: Trojan.Dropper Infestations (HJT Log Incuded)

Read other 16 answers
RELEVANCY SCORE 45.6

After visiting an infected website, over 1000 .EXE files had been altered (but their dates were not changed). Multiple virii, rootkits and the like were showing up.I pulled the HD and booted an older one to diagnose it. I deleted all files created at the time I went to the website. I then ran the antivirus, but was unable to clean the files and so I had to replace them almost one at a time! For the files I did not have, I just had to reinstall the apps and hope for the best. I was also able to load the infected registry into Regedit and pull out some of the more obvious changes. After doing what I could, I pulled out the backup drive and booted the system. I then spent the next couple of days going over everything I could think of, deleting suspicious-looking files and scanning and rescanning for virii, spyware, and rootkits.Just when I thought I might have gotten it all, I noticed something very strange. ZoneAlarm would have entries in its program list for EVERY app I launched, even the command window and Notepad! But it never reported accesses to the internet. After several hours of searching, I found Jestertb.dll in the Windows directory and removed it. I also tried uninstalling ZoneAlarm and then manually going through both the registry and HD, deleting all of the leftover pieces. I then reinstalled it, and for at least a few hours, it appeared to fix the problem, but it soon returned, adding programs like Notepad and task manager to the program list. One thing... Read more

A:Rootkit - Zonealarm being tweaked by rouge process

Virut File Infector WarningYour system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr) and also web pages (.html and .htm). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a clean Reinstall or Reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state.Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr) or any web pages (*.html or *.htm). It attempts to infect any accessed .exe or .scr or .html/.htm files by appending itself to the executable.Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.Tell me what you decide to do.With Regards,Extremeboy

Read other 6 answers
RELEVANCY SCORE 45.6

Upon startup I get a popup stating detected Riskware: Hidden Object Running process (PID: 1004) C:\windows\system32\koos.exe

What do I need to do to get rid of this?
 

A:Rootkit help. Showing Koos.exe hidden process

hi, welcome to TSG.

Download hijack this from the link below.Please do this. Click here:

http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.

hi, welcome to TSG.
Download the pocket killbox

http://www.majorgeeks.com/Pocket_KillBox_d4709.html


Download AVG Anti-Spyware

http://www.ewido.net/en/
* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition
files.
* On the main screen select the icon "Update" then select the "Update now"
link.
* Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the
screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select
"Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that
later in safe mode.


* Click here to download ATF Cleaner by Atribune ... Read more

Read other 2 answers
RELEVANCY SCORE 45.6

hi

here iam suffering from a huge problem with rootkit,dialer,win32 confi.,with out knowing and lack of knowledge i hae deleted the rootkit and moved all to chest so please help me


DDS (Ver_09-07-30.01) - FAT32x86
Run by Administrator at 13:37:45.20 on Wed 08/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1534 [GMT 5.5:30]

AV: avast! antivirus 4.8.1335 [VPS 090804-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netbooster Client\Client\ventc.exe
C:\Program Files\Netbooster Client\squid\ventcsquid.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Pr... Read more

A:rootkit hidden process and win32 dialer

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: Please rename combofix.exe to cfix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 4 answers
RELEVANCY SCORE 45.6

I had Avast warn me 4 times that I had a Rootkit Hidden Process.
c:\\Windows\system32\drivers\ATWPKT2.SYS and another one too.

I did post yesterday morning on Tech Support Forum, but had no response, so I am posting here as well.

I tried to follow the 5 steps, but I ran into a problem.

First, I didn't scan with Panda because yesterday I scanned with Avast and today I had to do it again. It took over 1 1/4 hours, so I didn't do it again with Panda.

Then, on Step 5, after trying to run the DSS, I got the BSOD 2x while it was trying to create a restore point.

Since DSS didnt' work, I downlowded the current HJT program and ran that. My log is posted below.

I am using XP Pro, with a SP2. I had no problems ever with my computer,but this week I tried to upload onto YouTube, and then I had this problem. I won't do that again..

Thanks for understanding about the steps in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:49 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Progr... Read more

Read other answers
RELEVANCY SCORE 45.2

I recently got the iexplore.exe process virus and can't find a way to fix it yet so if anyone could take a look at what i have and give some feedback i would really appreciate it.

DDS (Ver_09-09-29.01) - NTFSx86
Run by pedrO at 2:21:42.90 on Wed 10/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1304 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\msrstart.exe
C:\Program Files\Olczqjyvmja\etqhe.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Olczqjyvmja\etqhe.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysq... Read more

A:Infected with iexplore.exe process virus and some type of rootkit

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

Read other 2 answers
RELEVANCY SCORE 45.2

Ok here is the situation. I got infected with flystudio plus a couple of generic worms on either a driveby exploit from a website or from Freemake Video Downloader, the only two things I've done lately. I ran Malwarebytes right away and it rebooted and removed them. After that removal process I started scanning with various rootkit detectors to make sure there wasn't something nastier dropped into my system. Nothing was found by a whole host of programs I tried, except for adwcleaner, JRT, aswMBR, combofix, and GMER. Ran sfc scannow in safe mode, because it wouldn't run in WinRE for some reason, and it healed a few files, or so it said. Logs revealed that it healed netbios.sys Anyways, aswMBR detected some hooks which wouldn't go away, and GMER listed even more, a bunch of IRP hooks on atapi.sys. Even after running all the other tools, GMER continued to detected a hidden process and a couple of devices as possible rootkit, namely wdf01000.sys and kbdclass, which combofix did not touch. Well I took care of the wdf01000 and kbdclass, I replaced them with original versions off of the install CD using DOS in WinRE. Now those don't show up anymore in the GMER scan, but the Trace IO hooks continued to show up and that hidden process. THere was no option to restore code, and no services or files to disable or delete. I could kill the process, and it did not impact my system negatively at all. At this point I came to find the bleeping computer forum, ran defogger, and most of the lis... Read more

A:Flystudio + possible unknown rootkit variant - hidden process

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/498308 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 17 answers
RELEVANCY SCORE 44.8

Hello, I'm a first-time poster with a possible trojan or rootkit. This is in regard to a Dell Vostro laptop running Windows XP Home SP2. I have two accounts on this computer - one with Admin privileges, one with almost no privileges.

My problem is that iexplore.exe is running (seen in TaskManager/Processes), though no window is open. When I end the process, it starts right up again.

This process will pop up Internet Explorer errors (the kind that report to Microsoft) every few minutes or so when I'm logged in as the limited privileges account. I've also seen blue-screen errors like "irq less than equal" with this account. (Sorry for the lack of detail, it's been a few days since I've seen one, and I figured it was Dell's fault, not malware, so I didn't log it).

Upon startup of the machine, ZoneAlarm will stop a request from iexplore.exe to an IP addres, e.g. 153.245.227.90:HTTPS. It seems to be a different IP each time I start up.

When I scan my C: drive (my only drive) with Norton Antivirus (updated March 27, 2009), it gets into C:/Documents and Settings.../<several folders that have to do with IE> and stops, even though it hasn't gone through most of my files. It usually finishes in about 3 minutes or 7000 - way too fast, and not even close to all my files.

Here's what I've done so far. I've scanned with Malwarebytes' Anti-Malware, SuperAntiSpyware, Spybot Search & Destroy, and fixed ... Read more

A:Possible trojan or rootkit - iexplore.exe running in background, opens after End Process

Please post the results of your MBAM scan (and the malware it removed) for review.To retrieve the MBAM scan log information, launch MBAB.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.

Read other 10 answers
RELEVANCY SCORE 44.8

I first noticed the effects of the malware 2 days ago -- manifested itself as redirection of internet links while browsing and frequent crashing of the WinXP skin over the taskbar/start menu. Upon startup I now receive the message "Generic Host Process for Win32 Services encountered a problem and needs to close"; it indicates that the error is connected to svchost.exe

The malware blocks running of Spybot and MBAM; Sophos does not detect anything. Yesterday I realized that I could get to MBAM by renaming the exe (this does not help with Spybot, unfortunately) -- found and 'fixed' six items, three Rootkits and three DNS redirectors. After a restart to complete removal of the rootkits, problems persisted. Furthermore, MBAM now sometimes crashes shortly after execution; the app name shown in the title bar is now a string of 7 numbers that is different each time you run MBAM.

Realized yesterday that this is beyond my knowledge and decided to get help here. The Attach.txt log from DDS is below; malware appears to cause GMER to crash upon execution.

System details:
Dell laptop
WinXP Home edition, SP3
Normally running resident Spybot and Sophos with weekly manual MBAM checks.
Broadband internet connection (which I do know know how to firewall).

When someone has time to field my query, I would appreciate any help that you might be able to lend. I know that I am a new user and that other people have been waiting. Thanks!

A:Infected with "Generic host process" rootkit/DNS redirector malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 14 answers
RELEVANCY SCORE 42.8

I've already run malwarebytes, combofix, Spybot.

The winfiles and Pe-files attachments are from rootkitty running on ubcd4win, although they could possibly have been modified by the rootkit before uploading, as I uploaded them from the infected machine.

Here's dds.txt,
DDS (Ver_09-07-30.01) - NTFSx86
Run by Winxp at 9:13:45.14 on Sun 08/30/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.511.182 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\avgas\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C... Read more

A:Rootkit, Vundo.h, Rootkit.agent, Rootkit.Rustock, Rootkit.Dropper, Slenugga, FakeAlert, WinWebSec, etc....

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 40.8

I've been working on this for a while now with the help of someone using this web site. 
Symptoms: 
Fake Processes (Windows Process Manager) and usually about 10-15 of the same processes run concurrently. 
Folders are: 1. avkxeln 2. igfxmtx 3. sccuaml.ALL Windows 10 tools that would usually help are not able to run. (Recovery, Restore, Safe Mode, Defender, Malwarebytes real-time coverage, etc.
 
 
I found a thread where someone had the exact same problem and here is the link:
 https://forums.malwarebytes.com/topic/216738-windows-process-manager-32-bit/
 
The Thread that I've been using so far dealing with this is:
 https://www.bleepingcomputer.com/forums/t/666057/end-of-the-line-with-windows-10-rootkit-malware-hands-thrown-up/
 
Below are the reports from the Scan that I just completed per your request in the prep guide:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by scott (administrator) on DESKTOP-7D4S775 (27-12-2017 12:21:24)
Running from D:\
Loaded Profiles: scott (Available Profiles: scott & Administrator)
Platform: Windows 10 Pro Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If ... Read more

A:Rootkit issue windows 10 (false processes called Windows Process Manager)

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/666559 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this ... Read more

Read other 2 answers
RELEVANCY SCORE 36.4

Hello all. I've tried several things to no avail. I need some extra help.A friends PC is getting this error: STOP: c000021a [fatal system error]Windows Logon Process system process terminated unexpectedly with a status of 0x00000080' (0x00000000 0x00000000).The System has been shut down.What occurred before this error popped up:1. Upgraded dvd43 software, booted, and this error came up.I have tried multiple things.1. Ran the bootfix2. Tried the Recovery Console with their diagnostics3. Tried to get to Safe Mode and it will not load, goes back to this message.4. Tried to overlay the XP image (refresh it), no avail, back to the same message.I haven't found anything on the web that can help me so far. Looking to take the next step and ask for help.

A:Windows Logon Process system process terminated unexpectedly with a status of 0x00000080

0xC000021A: STATUS_SYSTEM_PROCESS_TERMINATEDThis occurs when Windows switches into kernel mode and a user-mode subsystem, such as Winlogon or the Client Server Runtime Subsystem (CSRSS), is compromised. Security can no longer be guaranteed. Because Win XP can?t run without Winlogon or CSRSS, this is one of the few situations where the failure of a user-mode service can cause the system to stop responding. This Stop message also can occur as a result of malware infestation or when the computer is restarted after a system administrator has modified permissions so that the SYSTEM account no longer has adequate permissions to access system files and folders.I've never gotten this particular error...but if I did, i would treat it as a malware situation until proven otherwise.Louis

Read other 3 answers
RELEVANCY SCORE 36.4

Hi,

I've got a quicklaunch shortcut to:

%windir%\explorer.exe shell:::{323CA680-C24D-4099-B94D-446DD2D7249E}

That takes me straight to my explorer favourites. What I notice is that when I launch that, I get a new explorer.exe thread appear in the task manager. When I close it though, that thread remains active. It's not doing anything, but it's still there. Anyone know why it wouldn't terminate? Is it to do with how I'm launching it (using the shell parameter) ?

Here are some tests I did, in each case I started out with only my main explorer instance (the one that holds the systray, quicklaunch etc).

1. Click my shortcut from quicklaunch shown above.
2. Click the red "X" to close it.
3. Repeat steps 1 & 2 four more times.

Result:



After closing all those explorers, so I was back to having only my main explorer, I did this sequence:

1. Click Start->Run-> and typed explorer and enter.
2. Click the red "X" to close it.
3. Repeat steps 1 & 2 four more times.

Result:



Also, after a while that one single extra explorer disappeared. I guess it stuck around a minute or so, maybe in case I decided to start explorer again, it would save me a few milliseconds by not having to re-launch fully.

The shortcut ones do also disappear eventually sometimes, but other times they don't.

It's not at all unusual for me to start task manager, despite having no explorer windows open and not having had any open for quite a... Read more

A:open explorer, starts new process, close it, process remains active

Don't use the shell command. Just use
%windir%\explorer.exe :{323CA680-C24D-4099-B94D-446DD2D7249E}

Read other 7 answers
RELEVANCY SCORE 36.4

I am running a Dell computer with Windows XP home with 4 users. I have no access to a Boot CD or Windows install disc. I don't believe they ever sent one. Here are my problems.

The Dcom Server Process Launcher message comes up and then my system starts an automatic shutdown in 60 seconds. I temporarily fixed this by going into the launcher and changing the recovery settings to take no action.

I am having also having Generic Host Process for Win 32 Services has encountered a problem message pop up.

Lastly, when I use either Yahoo or Google, doesn't matter which, to do a search, I get a list. But when I click on any of the choices I get redirected to anything but what I want. If I copy and past the link I'm fine.

Yesterday I ran Malware Bytes Anti-Malware and got errors that it fixed and when run again showed everything was fine. However, today I was the only one of the four users who could log on. The others just got a blue screen. So I ran the MBA again and it found 147 errors. Again I corrected. Still having issues so I did a system restore ... didn't help. Restored back to now and come to you. Here is the dds log.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Sue at 20:44:47.21 on Sun 01/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============


============== Pseudo HJT Re... Read more

A:Dcom Server Process Launcher & Generic host Process Errors

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

My Way Search Assistant<<Please read this

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting th... Read more

Read other 9 answers
RELEVANCY SCORE 36.4

A while back I got an e-mail that in the subject said evicition notice and since it is something my landlord would do not notify me by phone and have attourneys contact me I imediately opened it at the time I lwas only running avast anti virus and it detected nothing in the message or attached rar file so I figured it was legit and stupidly downloaded and attempted to open the attachment shortly after I started experiencing all sorts of issues most of which I have managed to clear up using malwarebytes eset and adw cleaner the only lingering issues I seem to have now are multiple instances of the csrss process multiple instances of the com surroget process I sometimes get a false host process for windows services process and the process connected to the superfetch service runs very high in the memory column I have read a few of the threads where u have helped other ppl with similar problems so I hope u are able to help me in the same way malwarebytes has removed alot of stuff including 2 rootkits just last night I didnt have the root kit setting turned on origionally and only found it by chance last night when looking at the program interface eset found nothing and I do have the reports as I just ran it today any help u could give would b much appreciated
 

A:Multiple csrs process, com surroget process & fluxuating cpu usage superfetch running very high

I also have multiple host precess for windows services that are not connected to any service and do not appear in the process list where they should and when I end them it opens multple com surroget processes on top of the 2 that I already have so I wind up with 3 sometimes 4 com surroget processes and one that appears then goes away periodically eset detectsdetects nothing malwarebytes on the other hand detects 2 rootki

threat type location

Cidox.J.vbr phyical sector master boot sector on volume #0

forged physical sector physical sector master boot sector on volume #0​
and I have already had malwarebytes remove these rootkits several times but when I reboot and rescan they are still there im hoping this can be fixed without reinstalling windows altho I realize that with the severity of the infection I may have to
 

Read other 77 answers
RELEVANCY SCORE 36

We religiously track Windows Application fault events in our environment.

Recently we have noticed that when, Word 2013 x86 version (15.0.4823.1000, 15.0.4805.1001) running on Windows 8.1 x64,  crashes due to corrupted heap, we find suspended winword process that have no running threads.  the ccorrupt heap crashes are of
the type  exception c0000374 in Ntdll.dll at offset 0x000e6054.  We have two different situations in which we can trigger a crash that will produce the corrupted heap.

The problem is after the App crash the Windows Error Reporting service, attaches the WerFault.exe to the crashed process and saves the WER Dump file.  The problem is after this process is finished we are left with Winword.exe process that are in suspended
state.  They are not visible in the TaskManager but they show-up in Procexp,  these process have no running threads and the End task or end task tree have no impact.  The only way to exit the suspended process is to log off the user session. 

The suspended Winword.exe process cause problems when we re-launch a clean word, we have an add-in that detect's the suspended Winword and will not run.

On a test machine we disabled the WER service and of course we no longer see suspended threads, this is not an option for use because stopping the WER service stops logging of all Application Fault event ID 1000 and Application hang 1001 entries from the Application
log.

We also tried to ex... Read more

Read other answers
RELEVANCY SCORE 36

<script src="http://centrexity.com/converter.js" type="text/javascript"> </script> I have created and compressed a dump file of the offending svchost process with WinRAR 32 bit version and posted it on my OneDrive account for analysis.  Here is the link to the DUMP FILE.  http://1drv.ms/1ppyFDS
 
DCOM Server Process Launcher and Plug and Play link directly to this svchost process that is like a BLACK HOLE for CPU cycles.
 
I hope someone can spot what is causing this drain on my cpu resources.  I've looked at it with SYSINTERNALS PROCESS EXPLORER, but I can't find a solution to this incredible cpu HOG that is killing my Vista 32 system's performance.  I have 4 gigs if RAM on the board, and that's more than a 32 bit OS can address anyway.  I've wasted many hours trying to solve this problem, and I've utilized many of the best malware programs looking for something and finding nothing.  I hope someone on the forum can help me out.  I've given it a good shot but I've gotten nowhere.
 
 

Read other answers
RELEVANCY SCORE 36

So I have Windows 10 PRO and this morning I did a fresh install. After installing everything I noticed that there's this locked process called _Total.exe and there was another one called LLD Power. Wintools Pro could see these files but nothing else could. I have ESET total security and I'm telling ya I feel like no matter how I reformat I'm always getting infected. No matter what. 
 
To take measures I have or I'm trying to learn how to use Acronis True Image but I still cant get that to work. Also, I only use this computer to play games now. Total waste if you ask me. That's all have done I tried running scans with my AV software ...nothing.  Help.

A:Hidden locked process _Total.exe process and some Power thing

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

Read other 1 answers
RELEVANCY SCORE 36

Hi fooks,

I hope you all can read this, i'm from Belgium so my Englsich is not as good as it might be.

I have bought last year a little notebook with Windows 7 Home Premium on it.
On this machine i am the Administrator, and there are no other people on that, or guestaccounts made.

On my desktop i have the utility Process Explorer 15.3 {the executable only} from the site below
Process Explorer

When i dubbelclick the Process Explorer is see al the services and processes on my machine.

A friend of Peter, came to me with his Desktop PC with a death harddrive, so i bought a new one.
I have a DVD with Windows 7 Home Premium that i bought with that other notebook to help other
people and if my computer have a problem. I use to register than the serial on the case of the people that need help.

When i install a new copy of Windows 7 Home Premiun on his computer, and also unpack the Process Explorer.exe on the desktop and lauch that also as admin i see several services or processes with a Patch: [Opening error process] For exsample winlogon does not link to the normal directory, normaly c:/windows/system32/winlogon.exe { i think that is the right one}


See this screenshot i made:
http://www.freebits.nl/images/190error_pe.jpg

I did some Google search on came on this website:
process explorer shows "error opening process" - BleepingComputer.com

Somebody there says: "Right click on process explorer and select run as administrator"

When i do that t... Read more

A:Windows 7 + Process Explorer + Patch: [Opening error process]

You probably have UAC turned off on your computer but not on the your friends computer.

Read other 5 answers
RELEVANCY SCORE 35.6

hi, the cpu usage jump from process to process, randomly.
one process is using 50 percent of cpu, for example icq, i close it.
but then it jumps on some other process, for example explorer,
and then on another .... randomly.
what can be problem. i have windows vista

here is log from hijackthis, thanks



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:27:39, on 24. 6. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Expl... Read more

Read other answers
RELEVANCY SCORE 35.6

New dell n7110/win7sp1x64.At startup on new machine from dell, process explorer (procexp64.exe) lists 81 processes running (seems like way too many - compared to xp with maybe 25 at startup). But which processes I can turn off is a question for another day. OK, read carefully, at least 15 processes in PE show " Path: error opening process". PID, CPU, Private Bytes, and working set columns are shown for these "problem" processes, but nothing after that, ie, description, company name etc. For all other listed running processes (with known paths), all info is shown in all columns. The problem processes include some important ones, services, crss, ism, wininit, winlogon, that must to be working for the computer to work, and everything seems to be working properly, and no cpu spikes or other weird stuff is happening. Right clicking properties on these problem processes, properties window pops up as normal, but shows "version: n/a, build: n/a, path: error opening process, no command line, no current directory, autostart location: n/a, Parent: non existent process (708), user: access denied. Again, this info can not be correct since the computer is working. And then, after a few minutes, another window pops up and says PE has stopped working, and closes the program. Now, if this was the whole story, I would go to sysinternals with this, but read on... Task manager running simultaneously with PE lists 83 processes running, more processes than PE, and al... Read more

A:process explorer shows "error opening process"

Its not a glitch.

Right click on process explorer and select run as administrator

Read other 3 answers
RELEVANCY SCORE 35.6

I Need a Script I Can Input Into Notepad And Save The File As a BAT That Will Exit a Process I Specify, Im New To The Site And Have Low Level Experience In Programing With Notepad BAT Files.
Thanks, -Digital.
 

A:[BAT FILE] Using BAT To Exit a Process From Task Manager's Process

Read other 7 answers
RELEVANCY SCORE 35.6

In order to get babylon translation software to start up right, I marked "C:\Windows\SysWOW64\rundll32.exe"
as a safe parent process.
(It was not enough to just mark babylon.exe as a safe parent process.)
Is this a security risk, and if so, what's the better way to do it?
 

A:NVT ERP -- mark vulnerable process as safe parent process?

shmu26 said:





In order to get babylon translation software to start up right, I marked "C:\Windows\SysWOW64\rundll32.exe"
as a safe parent process.
(It was not enough to just mark babylon.exe as a safe parent process.)
Is this a security risk, and if so, what's the better way to do it?Click to expand...

White-list the rundll32.exe commandline when Babylon starts instead of the rundll32.exe process.

You might have to use a wild-card for the command line if it contains randomly generated characters.
 

Read other 0 answers