computer infected

cathyp · 11-22-2006, 09:57 AM

Hi - I am actually writing from another computer as the infected computer does not stay on long enough to do anything. When I turn on the computer the desktop comes up and I can log on to the internet but in less than a minute I get a blue screen with the following message: A problem has been detected and windows has been shut down to prevent damage to your computer......follow these steps: check to be sure you have adequate disk space. If a driver is identified in the stop message, disable the driver or check with the maufacturer for driver updates. Try changing video adapters. Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode remove or disable components, restart your computer, press F8 to select Advance startup options and then select safe mode. Technical info: **STOP: 0x0000008E (0xc0000005, 0xf45669fe, oxf212ca28, 0x00000000. Beginning dump of physical memory. Physical memory dump complete. Contact your system administrator or technical support group for futher assistance.

All that is greek to me except starting in safe mode which I can and I actually ran trojan hunter and got 3 trojans - Adware.PurityScan.292, TrojanDropper.PurityScan.108 and Adware.Adserve.100 which Trojan Hunter seems unable to remove.

I would really appreciate it if you could advise me on what to do. Thank you - Cathy

**Glaswegian** · 11-28-2006, 02:38 PM

Hi Cathy and welcome to TSF.

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

Can you use another machine to download a file and transfer it to your own machine? The file will fit on a floppy and although it should be run in Normal Mode, it can be used in Safe Mode if necessary. Details are

Please download combofix.exe to your desktop. Alternative download location here. Do not use just now.

IMPORTANT - You must place combofix on your desktop!!

Double click combofix.exe & follow the prompts.

When finished, the tool will produce a log for you at c:\combofix.txt. Post that log in your next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

Let me know if this is possible. If so I also need you to download and run HijackThis - this program will help us determine if there is any spyware/malware on your computer.

Create a folder at C:\HJT and move HijackThis.exe there.
Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program.
Run a scan and save the log file.
Copy the text file (Ctrl+A then Ctrl+C) and paste it (Ctrl+V) back in this thread (do not attach it).
Do not fix any entries in HijackThis since they may be harmless.

Make sure to include the System information at the top of the log as well.

Again, it should be run in Normal Mode - that may be possible after running Combofix - if not try Safe Mode.

Let me know how it goes.

cathyp · 11-29-2006, 11:40 AM

Hi - Since I wrote to you I have been doing work on my computer and now it only gets stop errors occasionally. I am able to use the computer so I have done what you asked. This is the combofix log:

Jerms - 06-11-29 13:15:46.62 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Jerms\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\keyboard1.dat
C:\deskbar_e34.exe
C:\Program Files\PrintView
C:\Program Files\Common Files\{3C9D5B05-0AE9-1033-0203-060506210001}
C:\Program Files\Common Files\{9C9D5B05-0AE9-1033-0203-060506210001}

((((((((((((((((((((((((((((((( Files Created from 2006-10-29 to 2006-11-29 ))))))))))))))))))))))))))))))))))

2006-11-28 10:08 <DIR> d-------- C:\WINDOWS\system32\Dell
2006-11-28 08:58 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-28 08:58 <DIR> d-------- C:\c73728d49eb7a2e29c25ae21666b6baf
2006-11-28 08:57 <DIR> d-------- C:\f2edc3c88727fce3440535
2006-11-27 12:12 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-27 12:07 <DIR> d-------- C:\d24b460bec1d525a09c9b9
2006-11-27 12:03 <DIR> d-------- C:\WINDOWS\system32\ODCTOOLS
2006-11-26 16:10 <DIR> d-------- C:\Program Files\PCPitstop
2006-11-26 10:45 <DIR> d-------- C:\Program Files\RegCure
2006-11-23 12:23 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-23 12:23 <DIR> d-------- C:\Program Files\Grisoft
2006-11-23 10:41 86,016 --a------ C:\WINDOWS\unvise32.exe
2006-11-22 18:10 <DIR> d--hs---- C:\WINDOWS\CSC
2006-11-16 16:58 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-11-13 15:05 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-31 20:58 <DIR> d-------- C:\Program Files\BearShare Applications

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-11-29 13:16 -------- d-------- C:\Program Files\Common Files
2006-11-29 13:10 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-28 12:50 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Hamachi
2006-11-28 10:08 -------- d-------- C:\Program Files\Dell
2006-11-23 10:41 -------- d-------- C:\Program Files\RegistryPatrol3.0
2006-11-22 18:21 -------- d-------- C:\Program Files\World of Warcraft
2006-11-18 20:22 -------- d-------- C:\Program Files\Warcraft III
2006-11-18 01:33 -------- d-------- C:\Program Files\Internet Explorer
2006-11-17 18:55 -------- d-------- C:\Program Files\Google Toolbar
2006-11-17 18:33 -------- d-------- C:\Program Files\Norton SystemWorks
2006-11-16 17:39 7438520 --a------ C:\WINDOWS\system32\mi2.exe
2006-11-16 17:37 379071 --a------ C:\WINDOWS\system32\mi1.exe
2006-11-16 16:56 2724 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-09 19:22 -------- d-------- C:\Program Files\Apple Software Update
2006-11-03 19:20 56 -r-hs---- C:\WINDOWS\system32\80020AEA00.sys
2006-11-03 19:19 61678 --a------ C:\Documents and Settings\Jerms\Application Data\PFP120JPR.{PB
2006-11-03 19:19 12358 --a------ C:\Documents and Settings\Jerms\Application Data\PFP120JCM.{PB
2006-11-03 19:19 -------- d-------- C:\Documents and Settings\Jerms\Application Data\COREL
2006-11-02 20:42 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-10-28 20:17 -------- d-------- C:\Program Files\MSN Messenger
2006-10-27 12:08 -------- d-------- C:\Program Files\XPMedic
2006-10-27 08:06 -------- d-------- C:\Program Files\AdwareAlert
2006-10-25 14:27 -------- d-------- C:\Program Files\Lavasoft
2006-10-25 14:27 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Lavasoft
2006-10-25 12:07 -------- d-------- C:\Program Files\Java
2006-10-24 11:57 1886 --a------ C:\WINDOWS\system32\coke.exe
2006-10-24 09:36 -------- d-------- C:\Program Files\Symantec Technical Support
2006-10-23 18:50 -------- d-------- C:\Program Files\MSN
2006-10-23 18:50 -------- d-------- C:\Documents and Settings\Jerms\Application Data\MSNInstaller
2006-10-23 08:30 -------- d-------- C:\Program Files\SpywareBot
2006-10-22 20:33 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-10-22 13:58 -------- d-------- C:\Documents and Settings\Jerms\Application Data\TrojanHunter
2006-10-22 13:57 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Help
2006-10-22 13:48 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Simply Super Software
2006-10-22 13:41 -------- d-------- C:\Program Files\Common Files\Download Manager
2006-10-22 13:00 -------- d---s---- C:\Documents and Settings\Jerms\Application Data\Microsoft
2006-10-16 19:55 -------- d-------- C:\Program Files\Google
2006-10-14 22:22 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Corel Photo Album
2006-10-13 06:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 06:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 04:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-11 13:07 252752 --a------ C:\WINDOWS\system32\odc.dll
2006-09-29 22:21 -------- d-------- C:\Program Files\X Password Generator
2006-09-29 20:46 10578 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2006-09-29 20:46 -------- d-------- C:\Program Files\Hamachi
2006-09-29 19:21 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Macromedia
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"GhostStartTrayApp"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\GhostStartTrayApp.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2240}"="DCOM Server 2240"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-29 13:16:50.70
C:\ComboFix.txt ... 06-11-29 13:16

My HJT log is

Logfile of HijackThis v1.99.1
Scan saved at 1:35:58 PM, on 11/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/search/index.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164582830312
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Thanks for your help

Cathy

**Glaswegian** · 11-29-2006, 01:59 PM

Hi Cathy

You did well whatever it was! Combofix is indicating a rootkit may be present, so we’ll have a look for that. Please don’t change anything on your system while this clean up is in progress – I’ll just get confused, and that can happen very easily…

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your system is clean.

P2P - I see you have P2P software (i.e. Bearshare) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Show Hidden Files
Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Downloads
Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!

I see you already have AVG Anti Spyware. Please update AVG to the latest definition files.

Double-click the icon on Desktop to launch AVG Anti Spyware.
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update.
After the update finishes (the status bar at the bottom will display "Update successful")
select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. DO NOT scan yet.

Download Gmer and extract it to your desktop.

Double-click gmer.exe to run it and select the rootkit tab. Press scan. When it has finished, press copy and paste the log back here.

Reboot
Reboot your system in Safe Mode.

Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Instead of Windows loading as normal, a menu should appear
Use the arrow key to highlight Safe Mode and press Enter.

Uninstall Programmes
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):

My Global Search Bar

HijackThis Entries
Open Hijack This and click on Scan. Check the following entries (if they still exist) (make sure you do not miss any)

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

Please remember to close all other windows, including browsers then click Fix checked.

File Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\MyGlobalSearch
c:\\windows\system32\_mzu_stonedrv8.exe

Run CleanUp!
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!

Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!
Check the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click on the “Temporary Files” tab and uncheck the box for “Scan drives for file matching” if it’s checked.

Click OK, Press the CleanUp! button to start the program and DO NOT REBOOT when prompted.
Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these BEFORE running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.

Run AVG Anti Spyware
Run AVG with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
When the scan is complete click Recommended Action and change it to Quarantine
Then click Apply all actions

Once finished, click the Save report button, then click Save Report As and save it to your desktop.

NOTE: AVG scan may require an hour.

Reboot
Reboot your system in Normal Mode.

Online Scan
Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Combofix - Second Run
Please run combofix again, just as you did the first time.

Logs required
Gmer log
AVG Log
Panda Log
combofix.txt
HijackThis Log

Please also let me know how your system is performing now and if you have any specific problems. In order to provide you with the best possible help, please ensure that HijackThis logs are produced only while in Normal Mode.

cathyp · 12-01-2006, 10:09 AM

Hi Iain - I am sorry I have taken so long to respond - partly an extremely busy schedule and partly because it has taken a good amount of time to do all the things you asked. Here are the logs:

Jerms - 06-12-01 11:55:49.57 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Jerms\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-29 to 2006-11-29 ))))))))))))))))))))))))))))))))))

2006-11-30 13:08 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
2006-11-30 08:36 <DIR> d-------- C:\Program Files\CleanUp!
2006-11-29 13:34 <DIR> d-------- C:\HJT
2006-11-28 10:08 <DIR> d-------- C:\WINDOWS\system32\Dell
2006-11-28 08:58 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-28 08:58 <DIR> d-------- C:\c73728d49eb7a2e29c25ae21666b6baf
2006-11-28 08:57 <DIR> d-------- C:\f2edc3c88727fce3440535
2006-11-27 12:12 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-27 12:07 <DIR> d-------- C:\d24b460bec1d525a09c9b9
2006-11-27 12:03 <DIR> d-------- C:\WINDOWS\system32\ODCTOOLS
2006-11-26 16:10 <DIR> d-------- C:\Program Files\PCPitstop
2006-11-26 10:45 <DIR> d-------- C:\Program Files\RegCure
2006-11-23 12:23 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-23 12:23 <DIR> d-------- C:\Program Files\Grisoft
2006-11-23 10:41 86,016 --a------ C:\WINDOWS\unvise32.exe
2006-11-22 18:10 <DIR> d--hs---- C:\WINDOWS\CSC
2006-11-16 16:58 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-11-13 15:05 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-31 20:58 <DIR> d-------- C:\Program Files\BearShare Applications

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-11-30 17:33 -------- d-------- C:\Program Files\World of Warcraft
2006-11-29 13:16 -------- d-------- C:\Program Files\Common Files
2006-11-28 12:50 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Hamachi
2006-11-28 10:08 -------- d-------- C:\Program Files\Dell
2006-11-23 10:41 -------- d-------- C:\Program Files\RegistryPatrol3.0
2006-11-18 20:22 -------- d-------- C:\Program Files\Warcraft III
2006-11-17 18:55 -------- d-------- C:\Program Files\Google Toolbar
2006-11-16 17:39 7438520 --a------ C:\WINDOWS\system32\mi2.exe
2006-11-16 17:37 379071 --a------ C:\WINDOWS\system32\mi1.exe
2006-11-16 16:56 2724 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-09 19:22 -------- d-------- C:\Program Files\Apple Software Update
2006-11-03 19:20 56 -r-hs---- C:\WINDOWS\system32\80020AEA00.sys
2006-11-03 19:19 61678 --a------ C:\Documents and Settings\Jerms\Application Data\PFP120JPR.{PB
2006-11-03 19:19 12358 --a------ C:\Documents and Settings\Jerms\Application Data\PFP120JCM.{PB
2006-11-03 19:19 -------- d-------- C:\Documents and Settings\Jerms\Application Data\COREL
2006-11-02 20:42 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-10-27 12:08 -------- d-------- C:\Program Files\XPMedic
2006-10-27 08:06 -------- d-------- C:\Program Files\AdwareAlert
2006-10-25 14:27 -------- d-------- C:\Program Files\Lavasoft
2006-10-25 14:27 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Lavasoft
2006-10-25 12:07 -------- d-------- C:\Program Files\Java
2006-10-24 11:57 1886 --a------ C:\WINDOWS\system32\coke.exe
2006-10-24 09:36 -------- d-------- C:\Program Files\Symantec Technical Support
2006-10-23 18:50 -------- d-------- C:\Program Files\MSN
2006-10-23 18:50 -------- d-------- C:\Documents and Settings\Jerms\Application Data\MSNInstaller
2006-10-23 08:30 -------- d-------- C:\Program Files\SpywareBot
2006-10-22 20:33 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-10-22 13:58 -------- d-------- C:\Documents and Settings\Jerms\Application Data\TrojanHunter
2006-10-22 13:57 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Help
2006-10-22 13:48 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Simply Super Software
2006-10-22 13:41 -------- d-------- C:\Program Files\Common Files\Download Manager
2006-10-22 13:00 -------- d---s---- C:\Documents and Settings\Jerms\Application Data\Microsoft
2006-10-14 22:22 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Corel Photo Album
2006-10-13 06:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 06:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 04:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-11 13:07 252752 --a------ C:\WINDOWS\system32\odc.dll
2006-09-29 22:21 -------- d-------- C:\Program Files\X Password Generator
2006-09-29 20:46 10578 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2006-09-29 20:46 -------- d-------- C:\Program Files\Hamachi
2006-09-29 19:21 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Macromedia
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"GhostStartTrayApp"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\GhostStartTrayApp.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2240}"="DCOM Server 2240"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-12-01 11:56:38.42
C:\ComboFix.txt ... 06-12-01 11:56
C:\ComboFix2.txt ... 06-11-29 21:02

Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyGlobalSearch
Adware:adware/commad Not disinfected Windows Registry
Adware:Adware/ActiveSearch Not disinfected C:\Program Files\SoftwareRevenue.org\2r_samba.exe[toolbar-w-google-r.dll]
Possible Virus. Not disinfected C:\sUBs\TSF\swreg.exe
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20061022-201701.backup
Adware:Adware/ActiveSearch Not disinfected C:\WINDOWS\system32\mi1.exe[2r_samba.exe][toolbar-w-google-r.dll]

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:17 06-12-01

+ Scan result:

C:\RECYCLER\NPROTECT\00140176.vbs -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

Okay - the Gmer log could not be completed because I got a blue screen - stop error report with the code: 0x000008E, 0xc0000005, 0x0074006E, 0xF1839cf0, 0x00000000. (I don't think the rootkit thing likes me!)

When I booted up today I also got a Microsoft Windows error message saying that my system has recovered from a serious error and that the following files would be sent in the error report: C: DOCUME1\Jerms\Locals 1\Temp\WERb3b8.dir00\Minill2006-10.dmp, C:DOCUME 1\JermsLocals 1\Temp
WERb3b8.dir00\sysdata.xml. I don't know if any of that is useful but I thought I would let you know anyway.

I realize that I don't have a hijack this log to send so I will run one now and send it shortly.

Thanks

Cathy

cathyp · 12-01-2006, 10:15 AM

Okay here is the log -

Logfile of HijackThis v1.99.1
Scan saved at 12:12:19 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/search/index.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164582830312
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

I noticed that when I ran the Panda Log it was showing something about My Global Search Bar which I was surprised to see because I thought I had deleted everything you told me. I hope I have done what you asked properly - let me know if there is anything I need to redo.

Thanks!

Cathy

**Glaswegian** · 12-01-2006, 02:56 PM

Hi Cathy

Some rootkits simply don't want to be found. In Gmer try unchecking the device and registry boxes, then run a scan again. Also make sure the 'showall' button is unticked. Now try again.

I'll be back with other instructions shortly.

<edit> we need to get rid of the rootkit first - if we don't it will keep re-generating files etc - I'll wait until you get the Gmer log <edit>

cathyp · 12-02-2006, 05:45 PM

Hi Iain - I managed to run the gmr log but when I press copy I get a message that says it has been copied to the clipboard and if I want to save to notepad I must use Ctrl + v. when I press that nothing happens. It won't let me copy and paste either. Where is the clipboard - I need to find the log!

**Glaswegian** · 12-03-2006, 09:07 AM

Hi Cathy

The Windows clipboard is available to all programmes - so you could try using Word or similar. Remember that Windows clipboard will be cleared on system reboot. Try opening Notepad or Word before the Gmer scan - that might help with the copy and paste. Please try another scan - we need that info.

cathyp · 12-07-2006, 03:19 PM

Hi Iain - I sent you my gmer log but I am now looking at our correspondence and not seeing it posted here - did you receive it? I have no idea where it could be! - Cathy

**Glaswegian** · 12-07-2006, 03:24 PM

How did you send it Cathy? Did you try to attach it to your post? Did you save it?

cathyp · 12-07-2006, 03:41 PM

I took the notepad route and copied it from there. Yes I have it saved I will try again - I am getting amessage that it is too long so I will have to send it in pieces - I hope this is right.

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-04 21:12:45
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SYSENTER ? F4C321B3

Code F4C30C10 pIofCallDriver

---- Services - GMER 1.0.12 ----

Service C:\WINDOWS\system32:lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Jerms\Local Settings\Application Data\Microsoft\Messenger\lauracuttie@hotmail.com\SharingMetadata\sunshine_theresa@hotmail.com\DFSR\Staging\CS{280C02BC-F355-91CB-695F-AF7CDA924258}\01\10-{280C02BC-F355-91CB-695F-AF7CDA924258}-v1-{7B504D99-8D06-4613-8C99-38BD72EBDA30}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
File C:\RECYCLER\NPROTECT
File C:\RECYCLER\NPROTECT\00139457.CAC
File C:\RECYCLER\NPROTECT\00139458
File C:\RECYCLER\NPROTECT\00139464.CAC
File C:\RECYCLER\NPROTECT\00139466.C$$
File C:\RECYCLER\NPROTECT\00139467.cfg
File C:\RECYCLER\NPROTECT\00139475
File C:\RECYCLER\NPROTECT\00139476.C$$
File C:\RECYCLER\NPROTECT\00139477.cfg
File C:\RECYCLER\NPROTECT\00139486
File C:\RECYCLER\NPROTECT\00139514.MMC
File C:\RECYCLER\NPROTECT\00139517.MMC
File C:\RECYCLER\NPROTECT\00139536.edb
File C:\RECYCLER\NPROTECT\00139563.ldb
File C:\RECYCLER\NPROTECT\00139568.BIN
File C:\RECYCLER\NPROTECT\00139569.edb
File C:\RECYCLER\NPROTECT\00139570.DAT
File C:\RECYCLER\NPROTECT\00139571.CRM
File C:\RECYCLER\NPROTECT\00139572.XML
File C:\RECYCLER\NPROTECT\00139576.log
File C:\RECYCLER\NPROTECT\00139578.edb
File C:\RECYCLER\NPROTECT\00139579.CRM
File C:\RECYCLER\NPROTECT\00139580.DAT
File C:\RECYCLER\NPROTECT\00139581.DAT
File C:\RECYCLER\NPROTECT\00139582.XML
File C:\RECYCLER\NPROTECT\00139583.edb
File C:\RECYCLER\NPROTECT\00139590
File C:\RECYCLER\NPROTECT\00139591.edb
File C:\RECYCLER\NPROTECT\00139592.inf
File C:\RECYCLER\NPROTECT\00139593.pnf
File C:\RECYCLER\NPROTECT\00139594.cat
File C:\RECYCLER\NPROTECT\00139596.dll
File C:\RECYCLER\NPROTECT\00139597.dll
File C:\RECYCLER\NPROTECT\00139598.dll
File C:\RECYCLER\NPROTECT\00139599.dll
File C:\RECYCLER\NPROTECT\00139600.dll
File C:\RECYCLER\NPROTECT\00139601.dll
File C:\RECYCLER\NPROTECT\00139602.dll
File C:\RECYCLER\NPROTECT\00139603.exe
File C:\RECYCLER\NPROTECT\00139604.rq0
File C:\RECYCLER\NPROTECT\00139605.inf
File C:\RECYCLER\NPROTECT\00139606.txt
File C:\RECYCLER\NPROTECT\00139607.cat
File C:\RECYCLER\NPROTECT\00139608.dll
File C:\RECYCLER\NPROTECT\00139609.exe
File C:\RECYCLER\NPROTECT\00139610.url
File C:\RECYCLER\NPROTECT\00139611.ver
File C:\RECYCLER\NPROTECT\00139612.inf
File C:\RECYCLER\NPROTECT\00139613.INF
File C:\RECYCLER\NPROTECT\00139614.INF
File C:\RECYCLER\NPROTECT\00139615.dll
File C:\RECYCLER\NPROTECT\00139616.PSM
File C:\RECYCLER\NPROTECT\00139617.STA
File C:\RECYCLER\NPROTECT\00139618.STA
File C:\RECYCLER\NPROTECT\00139619.STA
File C:\RECYCLER\NPROTECT\00139620.inf
File C:\RECYCLER\NPROTECT\00139621.pnf
File C:\RECYCLER\NPROTECT\00139622.cat
File C:\RECYCLER\NPROTECT\00139624.dll
File C:\RECYCLER\NPROTECT\00139625.dll
File C:\RECYCLER\NPROTECT\00139626.sys
File C:\RECYCLER\NPROTECT\00139627.dll
File C:\RECYCLER\NPROTECT\00139628.dll
File C:\RECYCLER\NPROTECT\00139629.dll
File C:\RECYCLER\NPROTECT\00139630.sys
File C:\RECYCLER\NPROTECT\00139631.dll
File C:\RECYCLER\NPROTECT\00139632.dll
File C:\RECYCLER\NPROTECT\00139633.exe
File C:\RECYCLER\NPROTECT\00139634.rq0
File C:\RECYCLER\NPROTECT\00139635.inf
File C:\RECYCLER\NPROTECT\00139636.txt
File C:\RECYCLER\NPROTECT\00139637.cat
File C:\RECYCLER\NPROTECT\00139638.dll
File C:\RECYCLER\NPROTECT\00139639.exe
File C:\RECYCLER\NPROTECT\00139640.url
File C:\RECYCLER\NPROTECT\00139641.ver
File C:\RECYCLER\NPROTECT\00139642.inf
File C:\RECYCLER\NPROTECT\00139643.INF
File C:\RECYCLER\NPROTECT\00139644.INF
File C:\RECYCLER\NPROTECT\00139645.dll
File C:\RECYCLER\NPROTECT\00139646.PSM
File C:\RECYCLER\NPROTECT\00139647.STA
File C:\RECYCLER\NPROTECT\00139648.STA
File C:\RECYCLER\NPROTECT\00139649.STA
File C:\RECYCLER\NPROTECT\00139654.cab
File C:\RECYCLER\NPROTECT\00139670.sol
File C:\RECYCLER\NPROTECT\00139676.cab
File C:\RECYCLER\NPROTECT\00139686.DLL
File C:\RECYCLER\NPROTECT\00139689.DLL
File C:\RECYCLER\NPROTECT\00139690.DLL
File C:\RECYCLER\NPROTECT\00139691.DLL
File C:\RECYCLER\NPROTECT\00139692.dll
File C:\RECYCLER\NPROTECT\00139693.dll
File C:\RECYCLER\NPROTECT\00139694.sys
File C:\RECYCLER\NPROTECT\00139695.inf
File C:\RECYCLER\NPROTECT\00139696.pnf
File C:\RECYCLER\NPROTECT\00139697.cat
File C:\RECYCLER\NPROTECT\00139698.DLL
File C:\RECYCLER\NPROTECT\00139701.DLL
File C:\RECYCLER\NPROTECT\00139702.DLL
File C:\RECYCLER\NPROTECT\00139703.dll
File C:\RECYCLER\NPROTECT\00139704.inf
File C:\RECYCLER\NPROTECT\00139705.pnf
File C:\RECYCLER\NPROTECT\00139706.cat
File C:\RECYCLER\NPROTECT\00139707.rbf
File C:\RECYCLER\NPROTECT\00139708.rbf
File C:\RECYCLER\NPROTECT\00139709.rbs
File C:\RECYCLER\NPROTECT\00139710.ipi
File C:\RECYCLER\NPROTECT\00139711.msi
File C:\RECYCLER\NPROTECT\00139713.msi
File C:\RECYCLER\NPROTECT\00139715.EXE
File C:\RECYCLER\NPROTECT\00139716.DAT
File C:\RECYCLER\NPROTECT\00139717.CRM
File C:\RECYCLER\NPROTECT\00139718.DAT
File C:\RECYCLER\NPROTECT\00139719.XML
File C:\RECYCLER\NPROTECT\00139720.log
File C:\RECYCLER\NPROTECT\00139721.edb
File C:\RECYCLER\NPROTECT\00139722.ldb
File C:\RECYCLER\NPROTECT\00139723.CRM
File C:\RECYCLER\NPROTECT\00139724.XML
File C:\RECYCLER\NPROTECT\00139725.edb
File C:\RECYCLER\NPROTECT\00139726.~SA
File C:\RECYCLER\NPROTECT\00139727.DAT
File C:\RECYCLER\NPROTECT\00139728.DAT
File C:\RECYCLER\NPROTECT\00139730.XML
File C:\RECYCLER\NPROTECT\00139758.ldb
File C:\RECYCLER\NPROTECT\00139759.CRM
File C:\RECYCLER\NPROTECT\00139760.XML
File C:\RECYCLER\NPROTECT\00139761.CRM
File C:\RECYCLER\NPROTECT\00139762.XML
File C:\RECYCLER\NPROTECT\00139770.edb
File C:\RECYCLER\NPROTECT\00139772.~SA
File C:\RECYCLER\NPROTECT\00139775.DAT
File C:\RECYCLER\NPROTECT\00139779.DAT
File C:\RECYCLER\NPROTECT\00139793.XML
File C:\RECYCLER\NPROTECT\00139818.wpl
File C:\RECYCLER\NPROTECT\00139821.wpl
File C:\RECYCLER\NPROTECT\00139824.wpl
File C:\RECYCLER\NPROTECT\00139826.wpl
File C:\RECYCLER\NPROTECT\00139828.wpl
File C:\RECYCLER\NPROTECT\00139830.wpl
File C:\RECYCLER\NPROTECT\00139832.wpl
File C:\RECYCLER\NPROTECT\00139833.edb
File C:\RECYCLER\NPROTECT\00139855.edb
File C:\RECYCLER\NPROTECT\00139947.edb
File C:\RECYCLER\NPROTECT\00139960.INI
File C:\RECYCLER\NPROTECT\00139961.INI
File C:\RECYCLER\NPROTECT\00139963.INI
File C:\RECYCLER\NPROTECT\00139965.INI
File C:\RECYCLER\NPROTECT\00139967.INI
File C:\RECYCLER\NPROTECT\00139968.INI
File C:\RECYCLER\NPROTECT\00139971.INI
File C:\RECYCLER\NPROTECT\00139984.INI
File C:\RECYCLER\NPROTECT\00139986.INI
File C:\RECYCLER\NPROTECT\00139987.INI
File C:\RECYCLER\NPROTECT\00139991.INI
File C:\RECYCLER\NPROTECT\00139992.INI
File C:\RECYCLER\NPROTECT\00139994.INI
File C:\RECYCLER\NPROTECT\00140023.ldb
File C:\RECYCLER\NPROTECT\00140024.htm
File C:\RECYCLER\NPROTECT\00140073.SWF
File C:\RECYCLER\NPROTECT\00140074.GIF
File C:\RECYCLER\NPROTECT\00140075.JPG
File C:\RECYCLER\NPROTECT\00140076.JPG
File C:\RECYCLER\NPROTECT\00140077.MMC
File C:\RECYCLER\NPROTECT\00140080.MMC
File C:\RECYCLER\NPROTECT\00140081.LNK
File C:\RECYCLER\NPROTECT\00140082.LOG
File C:\RECYCLER\NPROTECT\00140083.log
File C:\RECYCLER\NPROTECT\00140084.log
File C:\RECYCLER\NPROTECT\00140085.cab
File C:\RECYCLER\NPROTECT\00140086.hdr
File C:\RECYCLER\NPROTECT\00140087.bin
File C:\RECYCLER\NPROTECT\00140088.exe
File C:\RECYCLER\NPROTECT\00140089.ibt
File C:\RECYCLER\NPROTECT\00140090.ilg
File C:\RECYCLER\NPROTECT\00140091.ini
File C:\RECYCLER\NPROTECT\00140092.inx
File C:\RECYCLER\NPROTECT\00140093.SKI
File C:\RECYCLER\NPROTECT\00140094.dll
File C:\RECYCLER\NPROTECT\00140095.CRM
File C:\RECYCLER\NPROTECT\00140096.XML
File C:\RECYCLER\NPROTECT\00140118.edb
File C:\RECYCLER\NPROTECT\00140123.edb
File C:\RECYCLER\NPROTECT\00140211.edb
File C:\RECYCLER\NPROTECT\00140212.cfg
File C:\RECYCLER\NPROTECT\00140214.SYS
File C:\RECYCLER\NPROTECT\00140246.cfg
File C:\RECYCLER\NPROTECT\00140249.SYS
File C:\RECYCLER\NPROTECT\00140286.INI
File C:\RECYCLER\NPROTECT\00140297.wpl
File C:\RECYCLER\NPROTECT\00140331.edb
File C:\RECYCLER\NPROTECT\00140332.log
File C:\RECYCLER\NPROTECT\00140391.cfg
File C:\RECYCLER\NPROTECT\00140394.SYS
File C:\RECYCLER\NPROTECT\00140408.dat
File C:\RECYCLER\NPROTECT\00140409.dat
File C:\RECYCLER\NPROTECT\00140440.dat
File C:\RECYCLER\NPROTECT\00140441.dat
File C:\RECYCLER\NPROTECT\00140442.dat
File C:\RECYCLER\NPROTECT\00140443.dat
File C:\RECYCLER\NPROTECT\00140444.dat
File C:\RECYCLER\NPROTECT\00140445.dat
File C:\RECYCLER\NPROTECT\00140458.edb
File C:\RECYCLER\NPROTECT\00140504.edb
File C:\RECYCLER\NPROTECT\00140506.SOL
File C:\RECYCLER\NPROTECT\00140507.SOL
File C:\RECYCLER\NPROTECT\00140508.SOL
File C:\RECYCLER\NPROTECT\00140509.SOL
File C:\RECYCLER\NPROTECT\00140511.SOL
File C:\RECYCLER\NPROTECT\00140532.edb
File C:\RECYCLER\NPROTECT\00140533.log
File C:\RECYCLER\NPROTECT\00140557.C$$
File C:\RECYCLER\NPROTECT\00140558.cfg
File C:\RECYCLER\NPROTECT\00140566
File C:\RECYCLER\NPROTECT\00140580.edb
File C:\RECYCLER\NPROTECT\00140581.log
File C:\RECYCLER\NPROTECT\00140584.PF
File C:\RECYCLER\NPROTECT\00140585.PF
File C:\RECYCLER\NPROTECT\00140586.PF
File C:\RECYCLER\NPROTECT\00140587.PF
File C:\RECYCLER\NPROTECT\00140588.PF
File C:\RECYCLER\NPROTECT\00140589.PF
File C:\RECYCLER\NPROTECT\00140590.PF
File C:\RECYCLER\NPROTECT\00140591.PF
File C:\RECYCLER\NPROTECT\00140592.PF
File C:\RECYCLER\NPROTECT\00140593.PF
File C:\RECYCLER\NPROTECT\00140594.PF
File C:\RECYCLER\NPROTECT\00140595.PF
File C:\RECYCLER\NPROTECT\00140596.PF
File C:\RECYCLER\NPROTECT\00140597.PF
File C:\RECYCLER\NPROTECT\00140598.PF
File C:\RECYCLER\NPROTECT\00140599.PF
File C:\RECYCLER\NPROTECT\00140600.PF
File C:\RECYCLER\NPROTECT\00140601.PF
File C:\RECYCLER\NPROTECT\00140602.PF
File C:\RECYCLER\NPROTECT\00140603.PF
File C:\RECYCLER\NPROTECT\00140604.PF
File C:\RECYCLER\NPROTECT\00140605.PF
File C:\RECYCLER\NPROTECT\00140606.PF
File C:\RECYCLER\NPROTECT\00140607.PF
File C:\RECYCLER\NPROTECT\00140608.PF
File C:\RECYCLER\NPROTECT\00140609.PF
File C:\RECYCLER\NPROTECT\00140610.PF
File C:\RECYCLER\NPROTECT\00140611.PF
File C:\RECYCLER\NPROTECT\00140612.PF
File C:\RECYCLER\NPROTECT\00140613.PF
File C:\RECYCLER\NPROTECT\00140614.PF
File C:\RECYCLER\NPROTECT\00140615.PF
File C:\RECYCLER\NPROTECT\00140616.PF
File C:\RECYCLER\NPROTECT\00140617.PF
File C:\RECYCLER\NPROTECT\00140618.PF
File C:\RECYCLER\NPROTECT\00140619.PF
File C:\RECYCLER\NPROTECT\00140620.PF

cathyp · 12-07-2006, 03:43 PM

2nd section:

File C:\RECYCLER\NPROTECT\00140621.PF
File C:\RECYCLER\NPROTECT\00140622.PF
File C:\RECYCLER\NPROTECT\00140623.PF
File C:\RECYCLER\NPROTECT\00140624.PF
File C:\RECYCLER\NPROTECT\00140625.PF
File C:\RECYCLER\NPROTECT\00140626.PF
File C:\RECYCLER\NPROTECT\00140627.PF
File C:\RECYCLER\NPROTECT\00140628.PF
File C:\RECYCLER\NPROTECT\00140629.PF
File C:\RECYCLER\NPROTECT\00140630.PF
File C:\RECYCLER\NPROTECT\00140631.PF
File C:\RECYCLER\NPROTECT\00140632.PF
File C:\RECYCLER\NPROTECT\00140633.PF
File C:\RECYCLER\NPROTECT\00140634.PF
File C:\RECYCLER\NPROTECT\00140635.PF
File C:\RECYCLER\NPROTECT\00140636.PF
File C:\RECYCLER\NPROTECT\00140637.PF
File C:\RECYCLER\NPROTECT\00140638.PF
File C:\RECYCLER\NPROTECT\00140639.PF
File C:\RECYCLER\NPROTECT\00140640.PF
File C:\RECYCLER\NPROTECT\00140641.PF
File C:\RECYCLER\NPROTECT\00140642.PF
File C:\RECYCLER\NPROTECT\00140643.PF
File C:\RECYCLER\NPROTECT\00140644.PF
File C:\RECYCLER\NPROTECT\00140645.PF
File C:\RECYCLER\NPROTECT\00140646.PF
File C:\RECYCLER\NPROTECT\00140647.PF
File C:\RECYCLER\NPROTECT\00140648.PF
File C:\RECYCLER\NPROTECT\00140649.PF
File C:\RECYCLER\NPROTECT\00140650.PF
File C:\RECYCLER\NPROTECT\00140651.PF
File C:\RECYCLER\NPROTECT\00140652.PF
File C:\RECYCLER\NPROTECT\00140653.PF
File C:\RECYCLER\NPROTECT\00140654.PF
File C:\RECYCLER\NPROTECT\00140655.PF
File C:\RECYCLER\NPROTECT\00140656.PF
File C:\RECYCLER\NPROTECT\00140657.PF
File C:\RECYCLER\NPROTECT\00140658.PF
File C:\RECYCLER\NPROTECT\00140659.PF
File C:\RECYCLER\NPROTECT\00140660.PF
File C:\RECYCLER\NPROTECT\00140661.PF
File C:\RECYCLER\NPROTECT\00140662.PF
File C:\RECYCLER\NPROTECT\00140663.PF
File C:\RECYCLER\NPROTECT\00140664.PF
File C:\RECYCLER\NPROTECT\00140665.PF
File C:\RECYCLER\NPROTECT\00140666.PF
File C:\RECYCLER\NPROTECT\00140667.PF
File C:\RECYCLER\NPROTECT\00140668.PF
File C:\RECYCLER\NPROTECT\00140669.PF
File C:\RECYCLER\NPROTECT\00140670.PF
File C:\RECYCLER\NPROTECT\00140671.PF
File C:\RECYCLER\NPROTECT\00140672.PF
File C:\RECYCLER\NPROTECT\00140673.PF
File C:\RECYCLER\NPROTECT\00140674.PF
File C:\RECYCLER\NPROTECT\00140675.PF
File C:\RECYCLER\NPROTECT\00140676.PF
File C:\RECYCLER\NPROTECT\00140677.PF
File C:\RECYCLER\NPROTECT\00140678.PF
File C:\RECYCLER\NPROTECT\00140703.edb
File C:\RECYCLER\NPROTECT\00140706.ldb
File C:\RECYCLER\NPROTECT\00140707.DAT
File C:\RECYCLER\NPROTECT\00140708.DAT
File C:\RECYCLER\NPROTECT\00140709.CRM
File C:\RECYCLER\NPROTECT\00140710.XML
File C:\RECYCLER\NPROTECT\00140759.dll
File C:\RECYCLER\NPROTECT\00140760.dll
File C:\RECYCLER\NPROTECT\00140761.dll
File C:\RECYCLER\NPROTECT\00140762.dll
File C:\RECYCLER\NPROTECT\00140763.dll
File C:\RECYCLER\NPROTECT\00140764.dll
File C:\RECYCLER\NPROTECT\00140765.exe
File C:\RECYCLER\NPROTECT\00140766.dll
File C:\RECYCLER\NPROTECT\00140767.dll
File C:\RECYCLER\NPROTECT\00140768.dll
File C:\RECYCLER\NPROTECT\00140769.dll
File C:\RECYCLER\NPROTECT\00140770.dll
File C:\RECYCLER\NPROTECT\00140771.dll
File C:\RECYCLER\NPROTECT\00140772.dll
File C:\RECYCLER\NPROTECT\00140773.dll
File C:\RECYCLER\NPROTECT\00140774.dll
File C:\RECYCLER\NPROTECT\00140775.dll
File C:\RECYCLER\NPROTECT\00140776.dll
File C:\RECYCLER\NPROTECT\00140778.dll
File C:\RECYCLER\NPROTECT\00140779.dll
File C:\RECYCLER\NPROTECT\00140780.exe
File C:\RECYCLER\NPROTECT\00140781.rq0
File C:\RECYCLER\NPROTECT\00140782.inf
File C:\RECYCLER\NPROTECT\00140783.txt
File C:\RECYCLER\NPROTECT\00140784.cat
File C:\RECYCLER\NPROTECT\00140785.dll
File C:\RECYCLER\NPROTECT\00140786.exe
File C:\RECYCLER\NPROTECT\00140787.url
File C:\RECYCLER\NPROTECT\00140788.ver
File C:\RECYCLER\NPROTECT\00140789.inf
File C:\RECYCLER\NPROTECT\00140790.INF
File C:\RECYCLER\NPROTECT\00140791.INF
File C:\RECYCLER\NPROTECT\00140792.dll
File C:\RECYCLER\NPROTECT\00140793.PSM
File C:\RECYCLER\NPROTECT\00140794.STA
File C:\RECYCLER\NPROTECT\00140795.STA
File C:\RECYCLER\NPROTECT\00140796.STA
File C:\RECYCLER\NPROTECT\00140797.CRM
File C:\RECYCLER\NPROTECT\00140798.DAT
File C:\RECYCLER\NPROTECT\00140799.DAT
File C:\RECYCLER\NPROTECT\00140800.XML
File C:\RECYCLER\NPROTECT\00140801.edb
File C:\RECYCLER\NPROTECT\00140811.cab
File C:\RECYCLER\NPROTECT\00140829
File C:\RECYCLER\NPROTECT\00140833
File C:\RECYCLER\NPROTECT\00140835.edb
File C:\RECYCLER\NPROTECT\00140836.VBS
File C:\RECYCLER\NPROTECT\00140837.exe
File C:\RECYCLER\NPROTECT\00140838.exe
File C:\RECYCLER\NPROTECT\00140839.EXE
File C:\RECYCLER\NPROTECT\00140840.exe
File C:\RECYCLER\NPROTECT\00140842.EXE
File C:\RECYCLER\NPROTECT\00140844.exe
File C:\RECYCLER\NPROTECT\00140845.exe
File C:\RECYCLER\NPROTECT\00140855
File C:\RECYCLER\NPROTECT\00140858
File C:\RECYCLER\NPROTECT\00140888
File C:\RECYCLER\NPROTECT\00140895.EXE
File C:\RECYCLER\NPROTECT\00140899.exe
File C:\RECYCLER\NPROTECT\00140901
File C:\RECYCLER\NPROTECT\00140902
File C:\RECYCLER\NPROTECT\00140905
File C:\RECYCLER\NPROTECT\00140907
File C:\RECYCLER\NPROTECT\00140909
File C:\RECYCLER\NPROTECT\00140911.txt
File C:\RECYCLER\NPROTECT\00140912.txt
File C:\RECYCLER\NPROTECT\00140913.txt
File C:\RECYCLER\NPROTECT\00140914.txt
File C:\RECYCLER\NPROTECT\00140916.txt
File C:\RECYCLER\NPROTECT\00140917.txt
File C:\RECYCLER\NPROTECT\00140918.txt
File C:\RECYCLER\NPROTECT\00140919.txt
File C:\RECYCLER\NPROTECT\00140920.txt
File C:\RECYCLER\NPROTECT\00140921.txt
File C:\RECYCLER\NPROTECT\00140922.txt
File C:\RECYCLER\NPROTECT\00140923.txt
File C:\RECYCLER\NPROTECT\00140924.txt
File C:\RECYCLER\NPROTECT\00140925.txt
File C:\RECYCLER\NPROTECT\00140926.txt
File C:\RECYCLER\NPROTECT\00140927.txt
File C:\RECYCLER\NPROTECT\00140928.txt
File C:\RECYCLER\NPROTECT\00140929.txt
File C:\RECYCLER\NPROTECT\00140930.txt
File C:\RECYCLER\NPROTECT\00140931.txt
File C:\RECYCLER\NPROTECT\00140932.txt
File C:\RECYCLER\NPROTECT\00140933.txt
File C:\RECYCLER\NPROTECT\00140934.txt
File C:\RECYCLER\NPROTECT\00140935.txt
File C:\RECYCLER\NPROTECT\00140936.txt
File C:\RECYCLER\NPROTECT\00140937.txt
File C:\RECYCLER\NPROTECT\00140938.txt
File C:\RECYCLER\NPROTECT\00140939.txt
File C:\RECYCLER\NPROTECT\00140940.txt
File C:\RECYCLER\NPROTECT\00140941.txt
File C:\RECYCLER\NPROTECT\00140942.txt
File C:\RECYCLER\NPROTECT\00140943.txt
File C:\RECYCLER\NPROTECT\00140944.txt
File C:\RECYCLER\NPROTECT\00140945.txt
File C:\RECYCLER\NPROTECT\00140946.txt
File C:\RECYCLER\NPROTECT\00140947.txt
File C:\RECYCLER\NPROTECT\00140948.txt
File C:\RECYCLER\NPROTECT\00140949.txt
File C:\RECYCLER\NPROTECT\00140950.txt
File C:\RECYCLER\NPROTECT\00140951.txt
File C:\RECYCLER\NPROTECT\00140952.txt
File C:\RECYCLER\NPROTECT\00140953.txt
File C:\RECYCLER\NPROTECT\00140954.txt
File C:\RECYCLER\NPROTECT\00140955.txt
File C:\RECYCLER\NPROTECT\00140956.ini
File C:\RECYCLER\NPROTECT\00140957.ini
File C:\RECYCLER\NPROTECT\00140958.dat
File C:\RECYCLER\NPROTECT\00140959.ini
File C:\RECYCLER\NPROTECT\00140960.ini
File C:\RECYCLER\NPROTECT\00140961.ini
File C:\RECYCLER\NPROTECT\00140962.HTM
File C:\RECYCLER\NPROTECT\00140963.ini
File C:\RECYCLER\NPROTECT\00140964.edb
File C:\RECYCLER\NPROTECT\00140965.log
File C:\RECYCLER\NPROTECT\00140966
File C:\RECYCLER\NPROTECT\00140967
File C:\RECYCLER\NPROTECT\00140968
File C:\RECYCLER\NPROTECT\00140969.cmd
File C:\RECYCLER\NPROTECT\00140970.exe
File C:\RECYCLER\NPROTECT\00140971
File C:\RECYCLER\NPROTECT\00140972
File C:\RECYCLER\NPROTECT\00140973.log
File C:\RECYCLER\NPROTECT\00140974.reg
File C:\RECYCLER\NPROTECT\00140975
File C:\RECYCLER\NPROTECT\00140976.txt
File C:\RECYCLER\NPROTECT\00140977
File C:\RECYCLER\NPROTECT\00140978.VBS
File C:\RECYCLER\NPROTECT\00140979
File C:\RECYCLER\NPROTECT\00140980
File C:\RECYCLER\NPROTECT\00140981
File C:\RECYCLER\NPROTECT\00140982
File C:\RECYCLER\NPROTECT\00140983.reg
File C:\RECYCLER\NPROTECT\00140984.bat
File C:\RECYCLER\NPROTECT\00140985.exe
File C:\RECYCLER\NPROTECT\00140986.exe
File C:\RECYCLER\NPROTECT\00140987.EXE
File C:\RECYCLER\NPROTECT\00140988.exe
File C:\RECYCLER\NPROTECT\00140989.EXE
File C:\RECYCLER\NPROTECT\00140990.exe
File C:\RECYCLER\NPROTECT\00140991.exe
File C:\RECYCLER\NPROTECT\00140992.reg
File C:\RECYCLER\NPROTECT\00140993
File C:\RECYCLER\NPROTECT\00140994.REG
File C:\RECYCLER\NPROTECT\00140995.bat
File C:\RECYCLER\NPROTECT\00141018
File C:\RECYCLER\NPROTECT\00141020
File C:\RECYCLER\NPROTECT\00141127.MPQ
File C:\RECYCLER\NPROTECT\00141132
File C:\RECYCLER\NPROTECT\00141133.MPQ
File C:\RECYCLER\NPROTECT\00141134.TRA
File C:\RECYCLER\NPROTECT\00141135.TRA
File C:\RECYCLER\NPROTECT\00141136.TRA
File C:\RECYCLER\NPROTECT\00141146.cfg
File C:\RECYCLER\NPROTECT\00141149.SYS
File C:\RECYCLER\NPROTECT\00141196.log
File C:\RECYCLER\NPROTECT\00141201.ocx
File C:\RECYCLER\NPROTECT\00141202.inf
File C:\RECYCLER\NPROTECT\00141203.inf
File C:\RECYCLER\NPROTECT\00141216.INI
File C:\RECYCLER\NPROTECT\00141388.C$$
File C:\RECYCLER\NPROTECT\00141389.cfg
File C:\RECYCLER\NPROTECT\00141397
File C:\RECYCLER\NPROTECT\00141428.edb
File C:\RECYCLER\NPROTECT\00141429.log
File C:\RECYCLER\NPROTECT\00141434.ldb
File C:\RECYCLER\NPROTECT\00141437.edb
File C:\RECYCLER\NPROTECT\00141438.edb
File C:\RECYCLER\NPROTECT\00141439.DAT
File C:\RECYCLER\NPROTECT\00141440.CRM
File C:\RECYCLER\NPROTECT\00141441.DAT
File C:\RECYCLER\NPROTECT\00141444.XML
File C:\RECYCLER\NPROTECT\00141445.INI
File C:\RECYCLER\NPROTECT\00141456.dll
File C:\RECYCLER\NPROTECT\00141457.dll
File C:\RECYCLER\NPROTECT\00141458.exe
File C:\RECYCLER\NPROTECT\00141459.dll
File C:\RECYCLER\NPROTECT\00141460.dll
File C:\RECYCLER\NPROTECT\00141461.exe
File C:\RECYCLER\NPROTECT\00141462.rq0
File C:\RECYCLER\NPROTECT\00141463.inf
File C:\RECYCLER\NPROTECT\00141464.txt
File C:\RECYCLER\NPROTECT\00141465.cat
File C:\RECYCLER\NPROTECT\00141466.dll
File C:\RECYCLER\NPROTECT\00141467.exe
File C:\RECYCLER\NPROTECT\00141468.url
File C:\RECYCLER\NPROTECT\00141469.ver
File C:\RECYCLER\NPROTECT\00141470.inf
File C:\RECYCLER\NPROTECT\00141471.INF
File C:\RECYCLER\NPROTECT\00141472.INF
File C:\RECYCLER\NPROTECT\00141473.dll
File C:\RECYCLER\NPROTECT\00141474.PSM
File C:\RECYCLER\NPROTECT\00141475.STA
File C:\RECYCLER\NPROTECT\00141476.STA
File C:\RECYCLER\NPROTECT\00141477.STA
File C:\RECYCLER\NPROTECT\00141478.DAT
File C:\RECYCLER\NPROTECT\00141479.CRM
File C:\RECYCLER\NPROTECT\00141480.DAT
File C:\RECYCLER\NPROTECT\00141481.XML
File C:\RECYCLER\NPROTECT\00141484.edb
File C:\RECYCLER\NPROTECT\00141499.edb
File C:\RECYCLER\NPROTECT\00141500.DAT

cathyp · 12-07-2006, 03:45 PM

3rd section:

File C:\RECYCLER\NPROTECT\00141501.DAT
File C:\RECYCLER\NPROTECT\00141502.CRM
File C:\RECYCLER\NPROTECT\00141504.XML
File C:\RECYCLER\NPROTECT\00141510.ldb
File C:\RECYCLER\NPROTECT\00141511.DAT
File C:\RECYCLER\NPROTECT\00141512.CRM
File C:\RECYCLER\NPROTECT\00141519.XML
File C:\RECYCLER\NPROTECT\00141526.edb
File C:\RECYCLER\NPROTECT\00141607.cab
File C:\RECYCLER\NPROTECT\00141620.edb
File C:\RECYCLER\NPROTECT\00141621.DAT
File C:\RECYCLER\NPROTECT\00141622.DAT
File C:\RECYCLER\NPROTECT\00141623.CRM
File C:\RECYCLER\NPROTECT\00141624.XML
File C:\RECYCLER\NPROTECT\00141625.ldb
File C:\RECYCLER\NPROTECT\00141626.DAT
File C:\RECYCLER\NPROTECT\00141627.CRM
File C:\RECYCLER\NPROTECT\00141628.DAT
File C:\RECYCLER\NPROTECT\00141629.XML
File C:\RECYCLER\NPROTECT\00141640.edb
File C:\RECYCLER\NPROTECT\00141686.cfg
File C:\RECYCLER\NPROTECT\00141689.SYS
File C:\RECYCLER\NPROTECT\00141711.edb
File C:\RECYCLER\NPROTECT\00141717
File C:\RECYCLER\NPROTECT\00141718.MPQ
File C:\RECYCLER\NPROTECT\00141719.TRA
File C:\RECYCLER\NPROTECT\00141720.TRA
File C:\RECYCLER\NPROTECT\00141721.TRA
File C:\RECYCLER\NPROTECT\00141749.ldb
File C:\RECYCLER\NPROTECT\00141751.htm
File C:\RECYCLER\NPROTECT\00141800.SWF
File C:\RECYCLER\NPROTECT\00141801.GIF
File C:\RECYCLER\NPROTECT\00141802.JPG
File C:\RECYCLER\NPROTECT\00141803.JPG
File C:\RECYCLER\NPROTECT\00141804.MMC
File C:\RECYCLER\NPROTECT\00141807.MMC
File C:\RECYCLER\NPROTECT\00141808.PF
File C:\RECYCLER\NPROTECT\00141809.DAT
File C:\RECYCLER\NPROTECT\00141810.CRM
File C:\RECYCLER\NPROTECT\00141811.DAT
File C:\RECYCLER\NPROTECT\00141812.XML
File C:\RECYCLER\NPROTECT\00141817.cfg
File C:\RECYCLER\NPROTECT\00141819.SYS
File C:\RECYCLER\NPROTECT\00141828.edb
File C:\RECYCLER\NPROTECT\00141831.INI
File C:\RECYCLER\NPROTECT\00141839.edb
File C:\RECYCLER\NPROTECT\00141908.log
File C:\RECYCLER\NPROTECT\00141909.log
File C:\RECYCLER\NPROTECT\00141910.log
File C:\RECYCLER\NPROTECT\00141913.edb
File C:\RECYCLER\NPROTECT\00141914.log
File C:\RECYCLER\NPROTECT\00141946.edb
File C:\RECYCLER\NPROTECT\00141969.edb
File C:\RECYCLER\NPROTECT\00142005.edb
File C:\RECYCLER\NPROTECT\00142099.edb
File C:\RECYCLER\NPROTECT\00142151.cfg
File C:\RECYCLER\NPROTECT\00142153.SYS
File C:\RECYCLER\NPROTECT\00142156.log
File C:\RECYCLER\NPROTECT\00142168.C$$
File C:\RECYCLER\NPROTECT\00142169.cfg
File C:\RECYCLER\NPROTECT\00142177
File C:\RECYCLER\NPROTECT\00142221.ldb
File C:\RECYCLER\NPROTECT\00142224.edb
File C:\RECYCLER\NPROTECT\00142225.edb
File C:\RECYCLER\NPROTECT\00142226.CRM
File C:\RECYCLER\NPROTECT\00142227.XML
File C:\RECYCLER\NPROTECT\00142238.cab
File C:\RECYCLER\NPROTECT\00142254.edb
File C:\RECYCLER\NPROTECT\00142260.DAT
File C:\RECYCLER\NPROTECT\00142261.DLL
File C:\RECYCLER\NPROTECT\00142262.VXD
File C:\RECYCLER\NPROTECT\00142263.DLL
File C:\RECYCLER\NPROTECT\00142264.SYS
File C:\RECYCLER\NPROTECT\00142265.GRD
File C:\RECYCLER\NPROTECT\00142266.SIG
File C:\RECYCLER\NPROTECT\00142267.SPM
File C:\RECYCLER\NPROTECT\00142268.SYS
File C:\RECYCLER\NPROTECT\00142269.BIN
File C:\RECYCLER\NPROTECT\00142270
File C:\RECYCLER\NPROTECT\00142271.EXP
File C:\RECYCLER\NPROTECT\00142272.SYS
File C:\RECYCLER\NPROTECT\00142273.VXD
File C:\RECYCLER\NPROTECT\00142274.DLL
File C:\RECYCLER\NPROTECT\00142275.EXP
File C:\RECYCLER\NPROTECT\00142276.SYS
File C:\RECYCLER\NPROTECT\00142277.VXD
File C:\RECYCLER\NPROTECT\00142278.DLL
File C:\RECYCLER\NPROTECT\00142279.TXT
File C:\RECYCLER\NPROTECT\00142280.DAT
File C:\RECYCLER\NPROTECT\00142281.CAT
File C:\RECYCLER\NPROTECT\00142282.INF
File C:\RECYCLER\NPROTECT\00142283.CAT
File C:\RECYCLER\NPROTECT\00142284.INF
File C:\RECYCLER\NPROTECT\00142285.DAT
File C:\RECYCLER\NPROTECT\00142286.DAT
File C:\RECYCLER\NPROTECT\00142287.DAT
File C:\RECYCLER\NPROTECT\00142288.DAT
File C:\RECYCLER\NPROTECT\00142289.TXT
File C:\RECYCLER\NPROTECT\00142290.DAT
File C:\RECYCLER\NPROTECT\00142291.DAT
File C:\RECYCLER\NPROTECT\00142292.DAT
File C:\RECYCLER\NPROTECT\00142293.DAT
File C:\RECYCLER\NPROTECT\00142294.DAT
File C:\RECYCLER\NPROTECT\00142295.TXT
File C:\RECYCLER\NPROTECT\00142296.GRD
File C:\RECYCLER\NPROTECT\00142297.SIG
File C:\RECYCLER\NPROTECT\00142298.INF
File C:\RECYCLER\NPROTECT\00142299.DAT
File C:\RECYCLER\NPROTECT\00142300.DAT
File C:\RECYCLER\NPROTECT\00142301.DAT
File C:\RECYCLER\NPROTECT\00142302.DAT
File C:\RECYCLER\NPROTECT\00142303.DAT
File C:\RECYCLER\NPROTECT\00142304.DAT
File C:\RECYCLER\NPROTECT\00142305.DAT
File C:\RECYCLER\NPROTECT\00142306.DAT
File C:\RECYCLER\NPROTECT\00142307.DAT
File C:\RECYCLER\NPROTECT\00142308.DAT
File C:\RECYCLER\NPROTECT\00142309.TXT
File C:\RECYCLER\NPROTECT\00142310.DAT
File C:\RECYCLER\NPROTECT\00142333
File C:\RECYCLER\NPROTECT\00142337
File C:\RECYCLER\NPROTECT\00142385
File C:\RECYCLER\NPROTECT\00142387
File C:\RECYCLER\NPROTECT\00142389
File C:\RECYCLER\NPROTECT\00142391.txt
File C:\RECYCLER\NPROTECT\00142392.txt
File C:\RECYCLER\NPROTECT\00142393.txt
File C:\RECYCLER\NPROTECT\00142394.txt
File C:\RECYCLER\NPROTECT\00142395.txt
File C:\RECYCLER\NPROTECT\00142396.txt
File C:\RECYCLER\NPROTECT\00142397.txt
File C:\RECYCLER\NPROTECT\00142398.txt
File C:\RECYCLER\NPROTECT\00142399.txt
File C:\RECYCLER\NPROTECT\00142400.txt
File C:\RECYCLER\NPROTECT\00142401.txt
File C:\RECYCLER\NPROTECT\00142402.txt
File C:\RECYCLER\NPROTECT\00142403.txt
File C:\RECYCLER\NPROTECT\00142404.txt
File C:\RECYCLER\NPROTECT\00142405.txt
File C:\RECYCLER\NPROTECT\00142406.txt
File C:\RECYCLER\NPROTECT\00142407.txt
File C:\RECYCLER\NPROTECT\00142408.txt
File C:\RECYCLER\NPROTECT\00142409.txt
File C:\RECYCLER\NPROTECT\00142410.txt
File C:\RECYCLER\NPROTECT\00142411.txt
File C:\RECYCLER\NPROTECT\00142412.txt
File C:\RECYCLER\NPROTECT\00142413.txt
File C:\RECYCLER\NPROTECT\00142414.txt
File C:\RECYCLER\NPROTECT\00142415.txt
File C:\RECYCLER\NPROTECT\00142416.txt
File C:\RECYCLER\NPROTECT\00142417.txt
File C:\RECYCLER\NPROTECT\00142418.txt
File C:\RECYCLER\NPROTECT\00142419.txt
File C:\RECYCLER\NPROTECT\00142420.txt
File C:\RECYCLER\NPROTECT\00142421.txt
File C:\RECYCLER\NPROTECT\00142422.txt
File C:\RECYCLER\NPROTECT\00142423.txt
File C:\RECYCLER\NPROTECT\00142424.txt
File C:\RECYCLER\NPROTECT\00142425.txt
File C:\RECYCLER\NPROTECT\00142426.txt
File C:\RECYCLER\NPROTECT\00142427.txt
File C:\RECYCLER\NPROTECT\00142428.txt
File C:\RECYCLER\NPROTECT\00142429.txt
File C:\RECYCLER\NPROTECT\00142430.txt
File C:\RECYCLER\NPROTECT\00142431.txt
File C:\RECYCLER\NPROTECT\00142432.txt
File C:\RECYCLER\NPROTECT\00142433.txt
File C:\RECYCLER\NPROTECT\00142434.txt
File C:\RECYCLER\NPROTECT\00142440
File C:\RECYCLER\NPROTECT\00142441
File C:\RECYCLER\NPROTECT\00142442
File C:\RECYCLER\NPROTECT\00142443.cmd
File C:\RECYCLER\NPROTECT\00142444.exe
File C:\RECYCLER\NPROTECT\00142445
File C:\RECYCLER\NPROTECT\00142446
File C:\RECYCLER\NPROTECT\00142447.reg
File C:\RECYCLER\NPROTECT\00142448.txt
File C:\RECYCLER\NPROTECT\00142449
File C:\RECYCLER\NPROTECT\00142450.VBS
File C:\RECYCLER\NPROTECT\00142451
File C:\RECYCLER\NPROTECT\00142452
File C:\RECYCLER\NPROTECT\00142453
File C:\RECYCLER\NPROTECT\00142454
File C:\RECYCLER\NPROTECT\00142455.reg
File C:\RECYCLER\NPROTECT\00142456.bat
File C:\RECYCLER\NPROTECT\00142457.exe
File C:\RECYCLER\NPROTECT\00142458.exe
File C:\RECYCLER\NPROTECT\00142459.EXE
File C:\RECYCLER\NPROTECT\00142460.exe
File C:\RECYCLER\NPROTECT\00142461.EXE
File C:\RECYCLER\NPROTECT\00142462.exe
File C:\RECYCLER\NPROTECT\00142463.exe
File C:\RECYCLER\NPROTECT\00142464.reg
File C:\RECYCLER\NPROTECT\00142465
File C:\RECYCLER\NPROTECT\00142466.REG
File C:\RECYCLER\NPROTECT\00142467.bat
File C:\RECYCLER\NPROTECT\00142468.CRM
File C:\RECYCLER\NPROTECT\00142473.DAT
File C:\RECYCLER\NPROTECT\00142474.~SA
File C:\RECYCLER\NPROTECT\00142477.DAT
File C:\RECYCLER\NPROTECT\00142478.XML
File C:\RECYCLER\NPROTECT\00142479.DAT
File C:\RECYCLER\NPROTECT\00142480.CRM
File C:\RECYCLER\NPROTECT\00142482.XML
File C:\RECYCLER\NPROTECT\00142483.edb
File C:\RECYCLER\NPROTECT\00142488.edb
File C:\RECYCLER\NPROTECT\00142489.DAT
File C:\RECYCLER\NPROTECT\00142490.DAT
File C:\RECYCLER\NPROTECT\00142491.CRM
File C:\RECYCLER\NPROTECT\00142492.XML
File C:\RECYCLER\NPROTECT\00142507.edb
File C:\RECYCLER\NPROTECT\00142532.log
File C:\RECYCLER\NPROTECT\00142533.edb
File C:\RECYCLER\NPROTECT\00142624.cfg
File C:\RECYCLER\NPROTECT\00142626.SYS
File C:\RECYCLER\NPROTECT\00142641.edb
File C:\RECYCLER\NPROTECT\00142650.REG
File C:\RECYCLER\NPROTECT\00142651.REG
File C:\RECYCLER\NPROTECT\00142652.REG
File C:\RECYCLER\NPROTECT\00142653.REG
File C:\RECYCLER\NPROTECT\00142654.REG
File C:\RECYCLER\NPROTECT\00142655.REG
File C:\RECYCLER\NPROTECT\00142656.REG
File C:\RECYCLER\NPROTECT\00142657.REG
File C:\RECYCLER\NPROTECT\00142658.REG
File C:\RECYCLER\NPROTECT\00142659.REG
File C:\RECYCLER\NPROTECT\00142660.REG
File C:\RECYCLER\NPROTECT\00142661.REG
File C:\RECYCLER\NPROTECT\00142662.REG
File C:\RECYCLER\NPROTECT\00142663.REG
File C:\RECYCLER\NPROTECT\00142664.REG
File C:\RECYCLER\NPROTECT\00142665.REG
File C:\RECYCLER\NPROTECT\00142666.REG
File C:\RECYCLER\NPROTECT\00142667.REG
File C:\RECYCLER\NPROTECT\00142668.REG
File C:\RECYCLER\NPROTECT\00142669.REG
File C:\RECYCLER\NPROTECT\00142670.REG
File C:\RECYCLER\NPROTECT\00142671.REG
File C:\RECYCLER\NPROTECT\00142672.REG
File C:\RECYCLER\NPROTECT\00142673.REG
File C:\RECYCLER\NPROTECT\00142674.REG
File C:\RECYCLER\NPROTECT\00142675.REG
File C:\RECYCLER\NPROTECT\00142676.REG
File C:\RECYCLER\NPROTECT\00142677.REG
File C:\RECYCLER\NPROTECT\00142678.REG
File C:\RECYCLER\NPROTECT\00142870.sud
File C:\RECYCLER\NPROTECT\00142871.sud
File C:\RECYCLER\NPROTECT\00142872.INI
File C:\RECYCLER\NPROTECT\00142873.OLD
File C:\RECYCLER\NPROTECT\00142874.INI
File C:\RECYCLER\NPROTECT\00142904.WIN
File C:\RECYCLER\NPROTECT\00142906.WIN
File C:\RECYCLER\NPROTECT\00142907.WIN
File C:\RECYCLER\NPROTECT\00142909.WIN
File C:\RECYCLER\NPROTECT\00142911.WIN
File C:\RECYCLER\NPROTECT\00142913.WIN
File C:\RECYCLER\NPROTECT\00142915.WIN
File C:\RECYCLER\NPROTECT\00142921.WIN
File C:\RECYCLER\NPROTECT\00142952.C$$
File C:\RECYCLER\NPROTECT\00142953.cfg
File C:\RECYCLER\NPROTECT\00142961
File C:\RECYCLER\NPROTECT\00143020.exe

cathyp · 12-07-2006, 03:46 PM

4th section:

File C:\RECYCLER\NPROTECT\00143021.DAT
File C:\RECYCLER\NPROTECT\00143022.CRM
File C:\RECYCLER\NPROTECT\00143023.DAT
File C:\RECYCLER\NPROTECT\00143024.XML
File C:\RECYCLER\NPROTECT\00143041.cfg
File C:\RECYCLER\NPROTECT\00143044.SYS
File C:\RECYCLER\NPROTECT\00143049.edb
File C:\RECYCLER\NPROTECT\00143068.edb
File C:\RECYCLER\NPROTECT\00143077.log
File C:\RECYCLER\NPROTECT\00143078.edb
File C:\RECYCLER\NPROTECT\00143087.edb
File C:\RECYCLER\NPROTECT\00143089.ldb
File C:\RECYCLER\NPROTECT\00143090.CRM
File C:\RECYCLER\NPROTECT\00143091.DAT
File C:\RECYCLER\NPROTECT\00143092.DAT
File C:\RECYCLER\NPROTECT\00143093.edb
File C:\RECYCLER\NPROTECT\00143094.XML
File C:\RECYCLER\NPROTECT\00143102.XML
File C:\RECYCLER\NPROTECT\00143119.cab
File C:\RECYCLER\NPROTECT\00143150.edb
File C:\RECYCLER\NPROTECT\00143248.cfg
File C:\RECYCLER\NPROTECT\00143251.SYS
File C:\RECYCLER\NPROTECT\00143284.log
File C:\RECYCLER\NPROTECT\00143292.cfg
File C:\RECYCLER\NPROTECT\00143295.SYS
File C:\RECYCLER\NPROTECT\00143404.exe
File C:\RECYCLER\NPROTECT\00143603.edb
File C:\RECYCLER\NPROTECT\00143604.log
File C:\RECYCLER\NPROTECT\00143632.ldb
File C:\RECYCLER\NPROTECT\00143637.edb
File C:\RECYCLER\NPROTECT\00143638.edb
File C:\RECYCLER\NPROTECT\00143639.DAT
File C:\RECYCLER\NPROTECT\00143640.DAT
File C:\RECYCLER\NPROTECT\00143641.CRM
File C:\RECYCLER\NPROTECT\00143642.XML
File C:\RECYCLER\NPROTECT\00143651.edb
File C:\RECYCLER\NPROTECT\00143691.cab
File C:\RECYCLER\NPROTECT\00143705.edb
File C:\RECYCLER\NPROTECT\00143742.XML
File C:\RECYCLER\NPROTECT\00143744.ldb
File C:\RECYCLER\NPROTECT\00143745.CRM
File C:\RECYCLER\NPROTECT\00143746.DAT
File C:\RECYCLER\NPROTECT\00143747.DAT
File C:\RECYCLER\NPROTECT\00143748.edb
File C:\RECYCLER\NPROTECT\00143749.XML
File C:\RECYCLER\NPROTECT\00143752.XML
File C:\RECYCLER\NPROTECT\00143777.cfg
File C:\RECYCLER\NPROTECT\00143780.SYS
File C:\RECYCLER\NPROTECT\00143784.edb
File C:\RECYCLER\NPROTECT\00143795.C$$
File C:\RECYCLER\NPROTECT\00143796.cfg
File C:\RECYCLER\NPROTECT\00143804
File C:\RECYCLER\NPROTECT\00143921.edb
File C:\RECYCLER\NPROTECT\00143927.ldb
File C:\RECYCLER\NPROTECT\00143928.CRM
File C:\RECYCLER\NPROTECT\00143929.DAT
File C:\RECYCLER\NPROTECT\00143930.DAT
File C:\RECYCLER\NPROTECT\00143932.XML
File C:\RECYCLER\NPROTECT\00143933.XML
File C:\RECYCLER\NPROTECT\00143939.edb
File C:\RECYCLER\NPROTECT\00144212.edb
File C:\RECYCLER\NPROTECT\00144242.cab
File C:\RECYCLER\NPROTECT\00144254.edb
File C:\RECYCLER\NPROTECT\00144382.INI
File C:\RECYCLER\NPROTECT\00144387.log
File C:\RECYCLER\NPROTECT\00144536.edb
File C:\RECYCLER\NPROTECT\00144537.log
File C:\RECYCLER\NPROTECT\00144653
File C:\RECYCLER\NPROTECT\00144654
File C:\RECYCLER\NPROTECT\00144655
File C:\RECYCLER\NPROTECT\00144656
File C:\RECYCLER\NPROTECT\00144657
File C:\RECYCLER\NPROTECT\00144658
File C:\RECYCLER\NPROTECT\00144659
File C:\RECYCLER\NPROTECT\00144660
File C:\RECYCLER\NPROTECT\00144661
File C:\RECYCLER\NPROTECT\00144664
File C:\RECYCLER\NPROTECT\00144666
File C:\RECYCLER\NPROTECT\00144667
File C:\RECYCLER\NPROTECT\00144670
File C:\RECYCLER\NPROTECT\00144671
File C:\RECYCLER\NPROTECT\00144677
File C:\RECYCLER\NPROTECT\00144678
File C:\RECYCLER\NPROTECT\00144700.edb
File C:\RECYCLER\NPROTECT\00144701.log
File C:\RECYCLER\NPROTECT\00144775.edb
File C:\RECYCLER\NPROTECT\00144777.ldb
File C:\RECYCLER\NPROTECT\00144778.DAT
File C:\RECYCLER\NPROTECT\00144779.DAT
File C:\RECYCLER\NPROTECT\00144780.CRM
File C:\RECYCLER\NPROTECT\00144782.XML
File C:\RECYCLER\NPROTECT\00144809.dat
File C:\RECYCLER\NPROTECT\00144810.dat
File C:\RECYCLER\NPROTECT\00144811.dat
File C:\RECYCLER\NPROTECT\00144812.dat
File C:\RECYCLER\NPROTECT\00144813.dat
File C:\RECYCLER\NPROTECT\00144814.dat
File C:\RECYCLER\NPROTECT\00144815.dat
File C:\RECYCLER\NPROTECT\00144829.cab
File C:\RECYCLER\NPROTECT\00144841.log
File C:\RECYCLER\NPROTECT\00144847.edb
File C:\RECYCLER\NPROTECT\00144857.C$$
File C:\RECYCLER\NPROTECT\00144858.cfg
File C:\RECYCLER\NPROTECT\00144866
File C:\RECYCLER\NPROTECT\00144874.edb
File C:\RECYCLER\NPROTECT\00144875.log
File C:\RECYCLER\NPROTECT\00144877.exe
File C:\RECYCLER\NPROTECT\00144933.ldb
File C:\RECYCLER\NPROTECT\00144934.DAT
File C:\RECYCLER\NPROTECT\00144935.CRM
File C:\RECYCLER\NPROTECT\00144936.DAT
File C:\RECYCLER\NPROTECT\00144938.XML
File C:\RECYCLER\NPROTECT\00144966.edb
File C:\RECYCLER\NPROTECT\00145147.cfg
File C:\RECYCLER\NPROTECT\00145150.SYS
File C:\RECYCLER\NPROTECT\00145167.exe
File C:\RECYCLER\NPROTECT\00145332.cfg

11-22-2006, 09:57 AM	#1 (permalink)
cathyp Registered User Join Date: Nov 2006 Posts: 21 OS: xp	computer infected Hi - I am actually writing from another computer as the infected computer does not stay on long enough to do anything. When I turn on the computer the desktop comes up and I can log on to the internet but in less than a minute I get a blue screen with the following message: A problem has been detected and windows has been shut down to prevent damage to your computer......follow these steps: check to be sure you have adequate disk space. If a driver is identified in the stop message, disable the driver or check with the maufacturer for driver updates. Try changing video adapters. Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode remove or disable components, restart your computer, press F8 to select Advance startup options and then select safe mode. Technical info: **STOP: 0x0000008E (0xc0000005, 0xf45669fe, oxf212ca28, 0x00000000. Beginning dump of physical memory. Physical memory dump complete. Contact your system administrator or technical support group for futher assistance. All that is greek to me except starting in safe mode which I can and I actually ran trojan hunter and got 3 trojans - Adware.PurityScan.292, TrojanDropper.PurityScan.108 and Adware.Adserve.100 which Trojan Hunter seems unable to remove. I would really appreciate it if you could advise me on what to do. Thank you - Cathy

11-28-2006, 02:38 PM	#2 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,342 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Hi Cathy and welcome to TSF. Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers. Can you use another machine to download a file and transfer it to your own machine? The file will fit on a floppy and although it should be run in Normal Mode, it can be used in Safe Mode if necessary. Details are Please download combofix.exe to your desktop. Alternative download location here. Do not use just now. IMPORTANT - You must place combofix on your desktop!! Double click combofix.exe & follow the prompts. When finished, the tool will produce a log for you at c:\combofix.txt. Post that log in your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall. Let me know if this is possible. If so I also need you to download and run HijackThis - this program will help us determine if there is any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program. Run a scan and save the log file. Copy the text file (Ctrl+A then Ctrl+C) and paste it (Ctrl+V) back in this thread (do not attach it). Do not fix any entries in HijackThis since they may be harmless. Make sure to include the System information at the top of the log as well. Again, it should be run in Normal Mode - that may be possible after running Combofix - if not try Safe Mode. Let me know how it goes. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner

11-29-2006, 01:59 PM	#4 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,342 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Hi Cathy You did well whatever it was! Combofix is indicating a rootkit may be present, so we’ll have a look for that. Please don’t change anything on your system while this clean up is in progress – I’ll just get confused, and that can happen very easily… You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply. Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers when you are following the procedures below. Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your system is clean. P2P - I see you have P2P software (i.e. Bearshare) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Show Hidden Files Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option. Downloads Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later. NOTE Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW! I see you already have AVG Anti Spyware. Please update AVG to the latest definition files. Double-click the icon on Desktop to launch AVG Anti Spyware. On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. After the update finishes (the status bar at the bottom will display "Update successful") select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti Spyware. DO NOT scan yet. Download Gmer and extract it to your desktop. Double-click gmer.exe to run it and select the rootkit tab. Press scan. When it has finished, press copy and paste the log back here. Reboot Reboot your system in Safe Mode. Restart the computer. The computer begins processing a set of instructions known as BIOS. After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key) Instead of Windows loading as normal, a menu should appear Use the arrow key to highlight Safe Mode and press Enter. Uninstall Programmes Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present): My Global Search Bar HijackThis Entries Open Hijack This and click on Scan. Check the following entries (if they still exist) (make sure you do not miss any) O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL Please remember to close all other windows, including browsers then click Fix checked. File Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\Program Files\MyGlobalSearch c:\\windows\system32\_mzu_stonedrv8.exe Run CleanUp! NOTE Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW! Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows: Click Options Move the slider button down to Custom CleanUp! Check the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click on the “Temporary Files” tab and uncheck the box for “Scan drives for file matching” if it’s checked. Click OK, Press the CleanUp! button to start the program and DO NOT REBOOT when prompted. Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these BEFORE running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility. Run AVG Anti Spyware Run AVG with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. When the scan is complete click Recommended Action and change it to Quarantine Then click Apply all actions Once finished, click the Save report button, then click Save Report As and save it to your desktop. NOTE: AVG scan may require an hour. Reboot Reboot your system in Normal Mode. Online Scan Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan Combofix - Second Run Please run combofix again, just as you did the first time. Logs required Gmer log AVG Log Panda Log combofix.txt HijackThis Log Please also let me know how your system is performing now and if you have any specific problems. In order to provide you with the best possible help, please ensure that HijackThis logs are produced only while in Normal Mode. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner

12-01-2006, 02:56 PM	#7 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,342 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Hi Cathy Some rootkits simply don't want to be found. In Gmer try unchecking the device and registry boxes, then run a scan again. Also make sure the 'showall' button is unticked. Now try again. I'll be back with other instructions shortly. <edit> we need to get rid of the rootkit first - if we don't it will keep re-generating files etc - I'll wait until you get the Gmer log <edit> __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner Last edited by Glaswegian; 12-01-2006 at 03:01 PM.

12-03-2006, 09:07 AM	#9 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,342 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Hi Cathy The Windows clipboard is available to all programmes - so you could try using Word or similar. Remember that Windows clipboard will be cleared on system reboot. Try opening Notepad or Word before the Gmer scan - that might help with the copy and paste. Please try another scan - we need that info. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner

12-01-2006, 10:09 AM	#5 (permalink)
cathyp Registered User Join Date: Nov 2006 Posts: 21 OS: xp	Hi Iain - I am sorry I have taken so long to respond - partly an extremely busy schedule and partly because it has taken a good amount of time to do all the things you asked. Here are the logs: Jerms - 06-12-01 11:55:49.57 Service Pack 2 ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Jerms\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-10-29 to 2006-11-29 )))))))))))))))))))))))))))))))))) 2006-11-30 13:08 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2006-11-30 08:36 <DIR> d-------- C:\Program Files\CleanUp! 2006-11-29 13:34 <DIR> d-------- C:\HJT 2006-11-28 10:08 <DIR> d-------- C:\WINDOWS\system32\Dell 2006-11-28 08:58 <DIR> d-------- C:\Program Files\MSXML 4.0 2006-11-28 08:58 <DIR> d-------- C:\c73728d49eb7a2e29c25ae21666b6baf 2006-11-28 08:57 <DIR> d-------- C:\f2edc3c88727fce3440535 2006-11-27 12:12 <DIR> d-------- C:\WINDOWS\network diagnostic 2006-11-27 12:07 <DIR> d-------- C:\d24b460bec1d525a09c9b9 2006-11-27 12:03 <DIR> d-------- C:\WINDOWS\system32\ODCTOOLS 2006-11-26 16:10 <DIR> d-------- C:\Program Files\PCPitstop 2006-11-26 10:45 <DIR> d-------- C:\Program Files\RegCure 2006-11-23 12:23 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-11-23 12:23 <DIR> d-------- C:\Program Files\Grisoft 2006-11-23 10:41 86,016 --a------ C:\WINDOWS\unvise32.exe 2006-11-22 18:10 <DIR> d--hs---- C:\WINDOWS\CSC 2006-11-16 16:58 <DIR> d-------- C:\WINDOWS\system32\appmgmt 2006-11-13 15:05 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-10-31 20:58 <DIR> d-------- C:\Program Files\BearShare Applications (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) Rootkit driver pe386 is present. A rootkit scan is required 2006-11-30 17:33 -------- d-------- C:\Program Files\World of Warcraft 2006-11-29 13:16 -------- d-------- C:\Program Files\Common Files 2006-11-28 12:50 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Hamachi 2006-11-28 10:08 -------- d-------- C:\Program Files\Dell 2006-11-23 10:41 -------- d-------- C:\Program Files\RegistryPatrol3.0 2006-11-18 20:22 -------- d-------- C:\Program Files\Warcraft III 2006-11-17 18:55 -------- d-------- C:\Program Files\Google Toolbar 2006-11-16 17:39 7438520 --a------ C:\WINDOWS\system32\mi2.exe 2006-11-16 17:37 379071 --a------ C:\WINDOWS\system32\mi1.exe 2006-11-16 16:56 2724 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2006-11-09 19:22 -------- d-------- C:\Program Files\Apple Software Update 2006-11-03 19:20 56 -r-hs---- C:\WINDOWS\system32\80020AEA00.sys 2006-11-03 19:19 61678 --a------ C:\Documents and Settings\Jerms\Application Data\PFP120JPR.{PB 2006-11-03 19:19 12358 --a------ C:\Documents and Settings\Jerms\Application Data\PFP120JCM.{PB 2006-11-03 19:19 -------- d-------- C:\Documents and Settings\Jerms\Application Data\COREL 2006-11-02 20:42 -------- d-------- C:\Program Files\Spybot - Search & Destroy 2006-10-27 12:08 -------- d-------- C:\Program Files\XPMedic 2006-10-27 08:06 -------- d-------- C:\Program Files\AdwareAlert 2006-10-25 14:27 -------- d-------- C:\Program Files\Lavasoft 2006-10-25 14:27 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Lavasoft 2006-10-25 12:07 -------- d-------- C:\Program Files\Java 2006-10-24 11:57 1886 --a------ C:\WINDOWS\system32\coke.exe 2006-10-24 09:36 -------- d-------- C:\Program Files\Symantec Technical Support 2006-10-23 18:50 -------- d-------- C:\Program Files\MSN 2006-10-23 18:50 -------- d-------- C:\Documents and Settings\Jerms\Application Data\MSNInstaller 2006-10-23 08:30 -------- d-------- C:\Program Files\SpywareBot 2006-10-22 20:33 -------- d-------- C:\Program Files\TrojanHunter 4.6 2006-10-22 13:58 -------- d-------- C:\Documents and Settings\Jerms\Application Data\TrojanHunter 2006-10-22 13:57 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Help 2006-10-22 13:48 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Simply Super Software 2006-10-22 13:41 -------- d-------- C:\Program Files\Common Files\Download Manager 2006-10-22 13:00 -------- d---s---- C:\Documents and Settings\Jerms\Application Data\Microsoft 2006-10-14 22:22 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Corel Photo Album 2006-10-13 06:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 06:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-13 04:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys 2006-10-11 13:07 252752 --a------ C:\WINDOWS\system32\odc.dll 2006-09-29 22:21 -------- d-------- C:\Program Files\X Password Generator 2006-09-29 20:46 10578 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2006-09-29 20:46 -------- d-------- C:\Program Files\Hamachi 2006-09-29 19:21 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Macromedia 2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe" "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\"" "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe" "Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe" "MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall" "ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe" "ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe" "GhostStartTrayApp"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\GhostStartTrayApp.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{2C1CD3D7-86AC-4068-93BC-A02304BB2240}"="DCOM Server 2240" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job C:\WINDOWS\tasks\RegCure.job C:\WINDOWS\tasks\Symantec NetDetect.job Completion time: 06-12-01 11:56:38.42 C:\ComboFix.txt ... 06-12-01 11:56 C:\ComboFix2.txt ... 06-11-29 21:02 Incident Status Location Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyGlobalSearch Adware:adware/commad Not disinfected Windows Registry Adware:Adware/ActiveSearch Not disinfected C:\Program Files\SoftwareRevenue.org\2r_samba.exe[toolbar-w-google-r.dll] Possible Virus. Not disinfected C:\sUBs\TSF\swreg.exe Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20061022-201701.backup Adware:Adware/ActiveSearch Not disinfected C:\WINDOWS\system32\mi1.exe[2r_samba.exe][toolbar-w-google-r.dll] AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:17 06-12-01 + Scan result: C:\RECYCLER\NPROTECT\00140176.vbs -> Trojan.Small : Cleaned with backup (quarantined). ::Report end Okay - the Gmer log could not be completed because I got a blue screen - stop error report with the code: 0x000008E, 0xc0000005, 0x0074006E, 0xF1839cf0, 0x00000000. (I don't think the rootkit thing likes me!) When I booted up today I also got a Microsoft Windows error message saying that my system has recovered from a serious error and that the following files would be sent in the error report: C: DOCUME1\Jerms\Locals 1\Temp\WERb3b8.dir00\Minill2006-10.dmp, C:DOCUME 1\JermsLocals 1\Temp WERb3b8.dir00\sysdata.xml. I don't know if any of that is useful but I thought I would let you know anyway. I realize that I don't have a hijack this log to send so I will run one now and send it shortly. Thanks Cathy

12-01-2006, 10:15 AM	#6 (permalink)
cathyp Registered User Join Date: Nov 2006 Posts: 21 OS: xp	Okay here is the log - Logfile of HijackThis v1.99.1 Scan saved at 12:12:19 PM, on 12/1/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dwwin.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/search/index.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/search/index.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164582830312 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) I noticed that when I ran the Panda Log it was showing something about My Global Search Bar which I was surprised to see because I thought I had deleted everything you told me. I hope I have done what you asked properly - let me know if there is anything I need to redo. Thanks! Cathy

12-02-2006, 05:45 PM	#8 (permalink)
cathyp Registered User Join Date: Nov 2006 Posts: 21 OS: xp	Hi Iain - I managed to run the gmr log but when I press copy I get a message that says it has been copied to the clipboard and if I want to save to notepad I must use Ctrl + v. when I press that nothing happens. It won't let me copy and paste either. Where is the clipboard - I need to find the log!

12-07-2006, 03:19 PM	#10 (permalink)
cathyp Registered User Join Date: Nov 2006 Posts: 21 OS: xp	Hi Iain - I sent you my gmer log but I am now looking at our correspondence and not seeing it posted here - did you receive it? I have no idea where it could be! - Cathy

12-07-2006, 03:24 PM	#11 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,342 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	How did you send it Cathy? Did you try to attach it to your post? Did you save it? __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner

12-07-2006, 03:41 PM	#12 (permalink)
cathyp Registered User Join Date: Nov 2006 Posts: 21 OS: xp	I took the notepad route and copied it from there. Yes I have it saved I will try again - I am getting amessage that it is too long so I will have to send it in pieces - I hope this is right. GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2006-12-04 21:12:45 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SYSENTER ? F4C321B3 Code F4C30C10 pIofCallDriver ---- Services - GMER 1.0.12 ---- Service C:\WINDOWS\system32:lzx32.sys (* hidden * ) [SYSTEM] pe386 <-- ROOTKIT !!! ---- Files - GMER 1.0.12 ---- ADS C:\Documents and Settings\Jerms\Local Settings\Application Data\Microsoft\Messenger\lauracuttie@hotmail.com\SharingMetadata\sunshine_theresa@hotmail.com\DFSR\Staging\CS{280C02BC-F355-91CB-695F-AF7CDA924258}\01\10-{280C02BC-F355-91CB-695F-AF7CDA924258}-v1-{7B504D99-8D06-4613-8C99-38BD72EBDA30}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS File C:\RECYCLER\NPROTECT File C:\RECYCLER\NPROTECT\00139457.CAC File C:\RECYCLER\NPROTECT\00139458 File C:\RECYCLER\NPROTECT\00139464.CAC File C:\RECYCLER\NPROTECT\00139466.C$$ File C:\RECYCLER\NPROTECT\00139467.cfg File C:\RECYCLER\NPROTECT\00139475 File C:\RECYCLER\NPROTECT\00139476.C$$ File C:\RECYCLER\NPROTECT\00139477.cfg File C:\RECYCLER\NPROTECT\00139486 File C:\RECYCLER\NPROTECT\00139514.MMC File C:\RECYCLER\NPROTECT\00139517.MMC File C:\RECYCLER\NPROTECT\00139536.edb File C:\RECYCLER\NPROTECT\00139563.ldb File C:\RECYCLER\NPROTECT\00139568.BIN File C:\RECYCLER\NPROTECT\00139569.edb File C:\RECYCLER\NPROTECT\00139570.DAT File C:\RECYCLER\NPROTECT\00139571.CRM File C:\RECYCLER\NPROTECT\00139572.XML File C:\RECYCLER\NPROTECT\00139576.log File C:\RECYCLER\NPROTECT\00139578.edb File C:\RECYCLER\NPROTECT\00139579.CRM File C:\RECYCLER\NPROTECT\00139580.DAT File C:\RECYCLER\NPROTECT\00139581.DAT File C:\RECYCLER\NPROTECT\00139582.XML File C:\RECYCLER\NPROTECT\00139583.edb File C:\RECYCLER\NPROTECT\00139590 File C:\RECYCLER\NPROTECT\00139591.edb File C:\RECYCLER\NPROTECT\00139592.inf File C:\RECYCLER\NPROTECT\00139593.pnf File C:\RECYCLER\NPROTECT\00139594.cat File C:\RECYCLER\NPROTECT\00139596.dll File C:\RECYCLER\NPROTECT\00139597.dll File C:\RECYCLER\NPROTECT\00139598.dll File C:\RECYCLER\NPROTECT\00139599.dll File C:\RECYCLER\NPROTECT\00139600.dll File C:\RECYCLER\NPROTECT\00139601.dll File C:\RECYCLER\NPROTECT\00139602.dll File C:\RECYCLER\NPROTECT\00139603.exe File C:\RECYCLER\NPROTECT\00139604.rq0 File C:\RECYCLER\NPROTECT\00139605.inf File C:\RECYCLER\NPROTECT\00139606.txt File C:\RECYCLER\NPROTECT\00139607.cat File C:\RECYCLER\NPROTECT\00139608.dll File C:\RECYCLER\NPROTECT\00139609.exe File C:\RECYCLER\NPROTECT\00139610.url File C:\RECYCLER\NPROTECT\00139611.ver File C:\RECYCLER\NPROTECT\00139612.inf File C:\RECYCLER\NPROTECT\00139613.INF File C:\RECYCLER\NPROTECT\00139614.INF File C:\RECYCLER\NPROTECT\00139615.dll File C:\RECYCLER\NPROTECT\00139616.PSM File C:\RECYCLER\NPROTECT\00139617.STA File C:\RECYCLER\NPROTECT\00139618.STA File C:\RECYCLER\NPROTECT\00139619.STA File C:\RECYCLER\NPROTECT\00139620.inf File C:\RECYCLER\NPROTECT\00139621.pnf File C:\RECYCLER\NPROTECT\00139622.cat File C:\RECYCLER\NPROTECT\00139624.dll File C:\RECYCLER\NPROTECT\00139625.dll File C:\RECYCLER\NPROTECT\00139626.sys File C:\RECYCLER\NPROTECT\00139627.dll File C:\RECYCLER\NPROTECT\00139628.dll File C:\RECYCLER\NPROTECT\00139629.dll File C:\RECYCLER\NPROTECT\00139630.sys File C:\RECYCLER\NPROTECT\00139631.dll File C:\RECYCLER\NPROTECT\00139632.dll File C:\RECYCLER\NPROTECT\00139633.exe File C:\RECYCLER\NPROTECT\00139634.rq0 File C:\RECYCLER\NPROTECT\00139635.inf File C:\RECYCLER\NPROTECT\00139636.txt File C:\RECYCLER\NPROTECT\00139637.cat File C:\RECYCLER\NPROTECT\00139638.dll File C:\RECYCLER\NPROTECT\00139639.exe File C:\RECYCLER\NPROTECT\00139640.url File C:\RECYCLER\NPROTECT\00139641.ver File C:\RECYCLER\NPROTECT\00139642.inf File C:\RECYCLER\NPROTECT\00139643.INF File C:\RECYCLER\NPROTECT\00139644.INF File C:\RECYCLER\NPROTECT\00139645.dll File C:\RECYCLER\NPROTECT\00139646.PSM File C:\RECYCLER\NPROTECT\00139647.STA File C:\RECYCLER\NPROTECT\00139648.STA File C:\RECYCLER\NPROTECT\00139649.STA File C:\RECYCLER\NPROTECT\00139654.cab File C:\RECYCLER\NPROTECT\00139670.sol File C:\RECYCLER\NPROTECT\00139676.cab File C:\RECYCLER\NPROTECT\00139686.DLL File C:\RECYCLER\NPROTECT\00139689.DLL File C:\RECYCLER\NPROTECT\00139690.DLL File C:\RECYCLER\NPROTECT\00139691.DLL File C:\RECYCLER\NPROTECT\00139692.dll File C:\RECYCLER\NPROTECT\00139693.dll File C:\RECYCLER\NPROTECT\00139694.sys File C:\RECYCLER\NPROTECT\00139695.inf File C:\RECYCLER\NPROTECT\00139696.pnf File C:\RECYCLER\NPROTECT\00139697.cat File C:\RECYCLER\NPROTECT\00139698.DLL File C:\RECYCLER\NPROTECT\00139701.DLL File C:\RECYCLER\NPROTECT\00139702.DLL File C:\RECYCLER\NPROTECT\00139703.dll File C:\RECYCLER\NPROTECT\00139704.inf File C:\RECYCLER\NPROTECT\00139705.pnf File C:\RECYCLER\NPROTECT\00139706.cat File C:\RECYCLER\NPROTECT\00139707.rbf File C:\RECYCLER\NPROTECT\00139708.rbf File C:\RECYCLER\NPROTECT\00139709.rbs File C:\RECYCLER\NPROTECT\00139710.ipi File C:\RECYCLER\NPROTECT\00139711.msi File C:\RECYCLER\NPROTECT\00139713.msi File C:\RECYCLER\NPROTECT\00139715.EXE File C:\RECYCLER\NPROTECT\00139716.DAT File C:\RECYCLER\NPROTECT\00139717.CRM File C:\RECYCLER\NPROTECT\00139718.DAT File C:\RECYCLER\NPROTECT\00139719.XML File C:\RECYCLER\NPROTECT\00139720.log File C:\RECYCLER\NPROTECT\00139721.edb File C:\RECYCLER\NPROTECT\00139722.ldb File C:\RECYCLER\NPROTECT\00139723.CRM File C:\RECYCLER\NPROTECT\00139724.XML File C:\RECYCLER\NPROTECT\00139725.edb File C:\RECYCLER\NPROTECT\00139726.~SA File C:\RECYCLER\NPROTECT\00139727.DAT File C:\RECYCLER\NPROTECT\00139728.DAT File C:\RECYCLER\NPROTECT\00139730.XML File C:\RECYCLER\NPROTECT\00139758.ldb File C:\RECYCLER\NPROTECT\00139759.CRM File C:\RECYCLER\NPROTECT\00139760.XML File C:\RECYCLER\NPROTECT\00139761.CRM File C:\RECYCLER\NPROTECT\00139762.XML File C:\RECYCLER\NPROTECT\00139770.edb File C:\RECYCLER\NPROTECT\00139772.~SA File C:\RECYCLER\NPROTECT\00139775.DAT File C:\RECYCLER\NPROTECT\00139779.DAT File C:\RECYCLER\NPROTECT\00139793.XML File C:\RECYCLER\NPROTECT\00139818.wpl File C:\RECYCLER\NPROTECT\00139821.wpl File C:\RECYCLER\NPROTECT\00139824.wpl File C:\RECYCLER\NPROTECT\00139826.wpl File C:\RECYCLER\NPROTECT\00139828.wpl File C:\RECYCLER\NPROTECT\00139830.wpl File C:\RECYCLER\NPROTECT\00139832.wpl File C:\RECYCLER\NPROTECT\00139833.edb File C:\RECYCLER\NPROTECT\00139855.edb File C:\RECYCLER\NPROTECT\00139947.edb File C:\RECYCLER\NPROTECT\00139960.INI File C:\RECYCLER\NPROTECT\00139961.INI File C:\RECYCLER\NPROTECT\00139963.INI File C:\RECYCLER\NPROTECT\00139965.INI File C:\RECYCLER\NPROTECT\00139967.INI File C:\RECYCLER\NPROTECT\00139968.INI File C:\RECYCLER\NPROTECT\00139971.INI File C:\RECYCLER\NPROTECT\00139984.INI File C:\RECYCLER\NPROTECT\00139986.INI File C:\RECYCLER\NPROTECT\00139987.INI File C:\RECYCLER\NPROTECT\00139991.INI File C:\RECYCLER\NPROTECT\00139992.INI File C:\RECYCLER\NPROTECT\00139994.INI File C:\RECYCLER\NPROTECT\00140023.ldb File C:\RECYCLER\NPROTECT\00140024.htm File C:\RECYCLER\NPROTECT\00140073.SWF File C:\RECYCLER\NPROTECT\00140074.GIF File C:\RECYCLER\NPROTECT\00140075.JPG File C:\RECYCLER\NPROTECT\00140076.JPG File C:\RECYCLER\NPROTECT\00140077.MMC File C:\RECYCLER\NPROTECT\00140080.MMC File C:\RECYCLER\NPROTECT\00140081.LNK File C:\RECYCLER\NPROTECT\00140082.LOG File C:\RECYCLER\NPROTECT\00140083.log File C:\RECYCLER\NPROTECT\00140084.log File C:\RECYCLER\NPROTECT\00140085.cab File C:\RECYCLER\NPROTECT\00140086.hdr File C:\RECYCLER\NPROTECT\00140087.bin File C:\RECYCLER\NPROTECT\00140088.exe File C:\RECYCLER\NPROTECT\00140089.ibt File C:\RECYCLER\NPROTECT\00140090.ilg File C:\RECYCLER\NPROTECT\00140091.ini File C:\RECYCLER\NPROTECT\00140092.inx File C:\RECYCLER\NPROTECT\00140093.SKI File C:\RECYCLER\NPROTECT\00140094.dll File C:\RECYCLER\NPROTECT\00140095.CRM File C:\RECYCLER\NPROTECT\00140096.XML File C:\RECYCLER\NPROTECT\00140118.edb File C:\RECYCLER\NPROTECT\00140123.edb File C:\RECYCLER\NPROTECT\00140211.edb File C:\RECYCLER\NPROTECT\00140212.cfg File C:\RECYCLER\NPROTECT\00140214.SYS File C:\RECYCLER\NPROTECT\00140246.cfg File C:\RECYCLER\NPROTECT\00140249.SYS File C:\RECYCLER\NPROTECT\00140286.INI File C:\RECYCLER\NPROTECT\00140297.wpl File C:\RECYCLER\NPROTECT\00140331.edb File C:\RECYCLER\NPROTECT\00140332.log File C:\RECYCLER\NPROTECT\00140391.cfg File C:\RECYCLER\NPROTECT\00140394.SYS File C:\RECYCLER\NPROTECT\00140408.dat File C:\RECYCLER\NPROTECT\00140409.dat File C:\RECYCLER\NPROTECT\00140440.dat File C:\RECYCLER\NPROTECT\00140441.dat File C:\RECYCLER\NPROTECT\00140442.dat File C:\RECYCLER\NPROTECT\00140443.dat File C:\RECYCLER\NPROTECT\00140444.dat File C:\RECYCLER\NPROTECT\00140445.dat File C:\RECYCLER\NPROTECT\00140458.edb File C:\RECYCLER\NPROTECT\00140504.edb File C:\RECYCLER\NPROTECT\00140506.SOL File C:\RECYCLER\NPROTECT\00140507.SOL File C:\RECYCLER\NPROTECT\00140508.SOL File C:\RECYCLER\NPROTECT\00140509.SOL File C:\RECYCLER\NPROTECT\00140511.SOL File C:\RECYCLER\NPROTECT\00140532.edb File C:\RECYCLER\NPROTECT\00140533.log File C:\RECYCLER\NPROTECT\00140557.C$$ File C:\RECYCLER\NPROTECT\00140558.cfg File C:\RECYCLER\NPROTECT\00140566 File C:\RECYCLER\NPROTECT\00140580.edb File C:\RECYCLER\NPROTECT\00140581.log File C:\RECYCLER\NPROTECT\00140584.PF File C:\RECYCLER\NPROTECT\00140585.PF File C:\RECYCLER\NPROTECT\00140586.PF File C:\RECYCLER\NPROTECT\00140587.PF File C:\RECYCLER\NPROTECT\00140588.PF File C:\RECYCLER\NPROTECT\00140589.PF File C:\RECYCLER\NPROTECT\00140590.PF File C:\RECYCLER\NPROTECT\00140591.PF File C:\RECYCLER\NPROTECT\00140592.PF File C:\RECYCLER\NPROTECT\00140593.PF File C:\RECYCLER\NPROTECT\00140594.PF File C:\RECYCLER\NPROTECT\00140595.PF File C:\RECYCLER\NPROTECT\00140596.PF File C:\RECYCLER\NPROTECT\00140597.PF File C:\RECYCLER\NPROTECT\00140598.PF File C:\RECYCLER\NPROTECT\00140599.PF File C:\RECYCLER\NPROTECT\00140600.PF File C:\RECYCLER\NPROTECT\00140601.PF File C:\RECYCLER\NPROTECT\00140602.PF File C:\RECYCLER\NPROTECT\00140603.PF File C:\RECYCLER\NPROTECT\00140604.PF File C:\RECYCLER\NPROTECT\00140605.PF File C:\RECYCLER\NPROTECT\00140606.PF File C:\RECYCLER\NPROTECT\00140607.PF File C:\RECYCLER\NPROTECT\00140608.PF File C:\RECYCLER\NPROTECT\00140609.PF File C:\RECYCLER\NPROTECT\00140610.PF File C:\RECYCLER\NPROTECT\00140611.PF File C:\RECYCLER\NPROTECT\00140612.PF File C:\RECYCLER\NPROTECT\00140613.PF File C:\RECYCLER\NPROTECT\00140614.PF File C:\RECYCLER\NPROTECT\00140615.PF File C:\RECYCLER\NPROTECT\00140616.PF File C:\RECYCLER\NPROTECT\00140617.PF File C:\RECYCLER\NPROTECT\00140618.PF File C:\RECYCLER\NPROTECT\00140619.PF File C:\RECYCLER\NPROTECT\00140620.PF

12-07-2006, 03:43 PM	#13 (permalink)
cathyp Registered User Join Date: Nov 2006 Posts: 21 OS: xp	2nd section: File C:\RECYCLER\NPROTECT\00140621.PF File C:\RECYCLER\NPROTECT\00140622.PF File C:\RECYCLER\NPROTECT\00140623.PF File C:\RECYCLER\NPROTECT\00140624.PF File C:\RECYCLER\NPROTECT\00140625.PF File C:\RECYCLER\NPROTECT\00140626.PF File C:\RECYCLER\NPROTECT\00140627.PF File C:\RECYCLER\NPROTECT\00140628.PF File C:\RECYCLER\NPROTECT\00140629.PF File C:\RECYCLER\NPROTECT\00140630.PF File C:\RECYCLER\NPROTECT\00140631.PF File C:\RECYCLER\NPROTECT\00140632.PF File C:\RECYCLER\NPROTECT\00140633.PF File C:\RECYCLER\NPROTECT\00140634.PF File C:\RECYCLER\NPROTECT\00140635.PF File C:\RECYCLER\NPROTECT\00140636.PF File C:\RECYCLER\NPROTECT\00140637.PF File C:\RECYCLER\NPROTECT\00140638.PF File C:\RECYCLER\NPROTECT\00140639.PF File C:\RECYCLER\NPROTECT\00140640.PF File C:\RECYCLER\NPROTECT\00140641.PF File C:\RECYCLER\NPROTECT\00140642.PF File C:\RECYCLER\NPROTECT\00140643.PF File C:\RECYCLER\NPROTECT\00140644.PF File C:\RECYCLER\NPROTECT\00140645.PF File C:\RECYCLER\NPROTECT\00140646.PF File C:\RECYCLER\NPROTECT\00140647.PF File C:\RECYCLER\NPROTECT\00140648.PF File C:\RECYCLER\NPROTECT\00140649.PF File C:\RECYCLER\NPROTECT\00140650.PF File C:\RECYCLER\NPROTECT\00140651.PF File C:\RECYCLER\NPROTECT\00140652.PF File C:\RECYCLER\NPROTECT\00140653.PF File C:\RECYCLER\NPROTECT\00140654.PF File C:\RECYCLER\NPROTECT\00140655.PF File C:\RECYCLER\NPROTECT\00140656.PF File C:\RECYCLER\NPROTECT\00140657.PF File C:\RECYCLER\NPROTECT\00140658.PF File C:\RECYCLER\NPROTECT\00140659.PF File C:\RECYCLER\NPROTECT\00140660.PF File C:\RECYCLER\NPROTECT\00140661.PF File C:\RECYCLER\NPROTECT\00140662.PF File C:\RECYCLER\NPROTECT\00140663.PF File C:\RECYCLER\NPROTECT\00140664.PF File C:\RECYCLER\NPROTECT\00140665.PF File C:\RECYCLER\NPROTECT\00140666.PF File C:\RECYCLER\NPROTECT\00140667.PF File C:\RECYCLER\NPROTECT\00140668.PF File C:\RECYCLER\NPROTECT\00140669.PF File C:\RECYCLER\NPROTECT\00140670.PF File C:\RECYCLER\NPROTECT\00140671.PF File C:\RECYCLER\NPROTECT\00140672.PF File C:\RECYCLER\NPROTECT\00140673.PF File C:\RECYCLER\NPROTECT\00140674.PF File C:\RECYCLER\NPROTECT\00140675.PF File C:\RECYCLER\NPROTECT\00140676.PF File C:\RECYCLER\NPROTECT\00140677.PF File C:\RECYCLER\NPROTECT\00140678.PF File C:\RECYCLER\NPROTECT\00140703.edb File C:\RECYCLER\NPROTECT\00140706.ldb File C:\RECYCLER\NPROTECT\00140707.DAT File C:\RECYCLER\NPROTECT\00140708.DAT File C:\RECYCLER\NPROTECT\00140709.CRM File C:\RECYCLER\NPROTECT\00140710.XML File C:\RECYCLER\NPROTECT\00140759.dll File C:\RECYCLER\NPROTECT\00140760.dll File C:\RECYCLER\NPROTECT\00140761.dll File C:\RECYCLER\NPROTECT\00140762.dll File C:\RECYCLER\NPROTECT\00140763.dll File C:\RECYCLER\NPROTECT\00140764.dll File C:\RECYCLER\NPROTECT\00140765.exe File C:\RECYCLER\NPROTECT\00140766.dll File C:\RECYCLER\NPROTECT\00140767.dll File C:\RECYCLER\NPROTECT\00140768.dll File C:\RECYCLER\NPROTECT\00140769.dll File C:\RECYCLER\NPROTECT\00140770.dll File C:\RECYCLER\NPROTECT\00140771.dll File C:\RECYCLER\NPROTECT\00140772.dll File C:\RECYCLER\NPROTECT\00140773.dll File C:\RECYCLER\NPROTECT\00140774.dll File C:\RECYCLER\NPROTECT\00140775.dll File C:\RECYCLER\NPROTECT\00140776.dll File C:\RECYCLER\NPROTECT\00140778.dll File C:\RECYCLER\NPROTECT\00140779.dll File C:\RECYCLER\NPROTECT\00140780.exe File C:\RECYCLER\NPROTECT\00140781.rq0 File C:\RECYCLER\NPROTECT\00140782.inf File C:\RECYCLER\NPROTECT\00140783.txt File C:\RECYCLER\NPROTECT\00140784.cat File C:\RECYCLER\NPROTECT\00140785.dll File C:\RECYCLER\NPROTECT\00140786.exe File C:\RECYCLER\NPROTECT\00140787.url File C:\RECYCLER\NPROTECT\00140788.ver File C:\RECYCLER\NPROTECT\00140789.inf File C:\RECYCLER\NPROTECT\00140790.INF File C:\RECYCLER\NPROTECT\00140791.INF File C:\RECYCLER\NPROTECT\00140792.dll File C:\RECYCLER\NPROTECT\00140793.PSM File C:\RECYCLER\NPROTECT\00140794.STA File C:\RECYCLER\NPROTECT\00140795.STA File C:\RECYCLER\NPROTECT\00140796.STA File C:\RECYCLER\NPROTECT\00140797.CRM File C:\RECYCLER\NPROTECT\00140798.DAT File C:\RECYCLER\NPROTECT\00140799.DAT File C:\RECYCLER\NPROTECT\00140800.XML File C:\RECYCLER\NPROTECT\00140801.edb File C:\RECYCLER\NPROTECT\00140811.cab File C:\RECYCLER\NPROTECT\00140829 File C:\RECYCLER\NPROTECT\00140833 File C:\RECYCLER\NPROTECT\00140835.edb File C:\RECYCLER\NPROTECT\00140836.VBS File C:\RECYCLER\NPROTECT\00140837.exe File C:\RECYCLER\NPROTECT\00140838.exe File C:\RECYCLER\NPROTECT\00140839.EXE File C:\RECYCLER\NPROTECT\00140840.exe File C:\RECYCLER\NPROTECT\00140842.EXE File C:\RECYCLER\NPROTECT\00140844.exe File C:\RECYCLER\NPROTECT\00140845.exe File C:\RECYCLER\NPROTECT\00140855 File C:\RECYCLER\NPROTECT\00140858 File C:\RECYCLER\NPROTECT\00140888 File C:\RECYCLER\NPROTECT\00140895.EXE File C:\RECYCLER\NPROTECT\00140899.exe File C:\RECYCLER\NPROTECT\00140901 File C:\RECYCLER\NPROTECT\00140902 File C:\RECYCLER\NPROTECT\00140905 File C:\RECYCLER\NPROTECT\00140907 File C:\RECYCLER\NPROTECT\00140909 File C:\RECYCLER\NPROTECT\00140911.txt File C:\RECYCLER\NPROTECT\00140912.txt File C:\RECYCLER\NPROTECT\00140913.txt File C:\RECYCLER\NPROTECT\00140914.txt File C:\RECYCLER\NPROTECT\00140916.txt File C:\RECYCLER\NPROTECT\00140917.txt File C:\RECYCLER\NPROTECT\00140918.txt File C:\RECYCLER\NPROTECT\00140919.txt File C:\RECYCLER\NPROTECT\00140920.txt File C:\RECYCLER\NPROTECT\00140921.txt File C:\RECYCLER\NPROTECT\00140922.txt File C:\RECYCLER\NPROTECT\00140923.txt File C:\RECYCLER\NPROTECT\00140924.txt File C:\RECYCLER\NPROTECT\00140925.txt File C:\RECYCLER\NPROTECT\00140926.txt File C:\RECYCLER\NPROTECT\00140927.txt File C:\RECYCLER\NPROTECT\00140928.txt File C:\RECYCLER\NPROTECT\00140929.txt File C:\RECYCLER\NPROTECT\00140930.txt File C:\RECYCLER\NPROTECT\00140931.txt File C:\RECYCLER\NPROTECT\00140932.txt File C:\RECYCLER\NPROTECT\00140933.txt File C:\RECYCLER\NPROTECT\00140934.txt File C:\RECYCLER\NPROTECT\00140935.txt File C:\RECYCLER\NPROTECT\00140936.txt File C:\RECYCLER\NPROTECT\00140937.txt File C:\RECYCLER\NPROTECT\00140938.txt File C:\RECYCLER\NPROTECT\00140939.txt File C:\RECYCLER\NPROTECT\00140940.txt File C:\RECYCLER\NPROTECT\00140941.txt File C:\RECYCLER\NPROTECT\00140942.txt File C:\RECYCLER\NPROTECT\00140943.txt File C:\RECYCLER\NPROTECT\00140944.txt File C:\RECYCLER\NPROTECT\00140945.txt File C:\RECYCLER\NPROTECT\00140946.txt File C:\RECYCLER\NPROTECT\00140947.txt File C:\RECYCLER\NPROTECT\00140948.txt File C:\RECYCLER\NPROTECT\00140949.txt File C:\RECYCLER\NPROTECT\00140950.txt File C:\RECYCLER\NPROTECT\00140951.txt File C:\RECYCLER\NPROTECT\00140952.txt File C:\RECYCLER\NPROTECT\00140953.txt File C:\RECYCLER\NPROTECT\00140954.txt File C:\RECYCLER\NPROTECT\00140955.txt File C:\RECYCLER\NPROTECT\00140956.ini File C:\RECYCLER\NPROTECT\00140957.ini File C:\RECYCLER\NPROTECT\00140958.dat File C:\RECYCLER\NPROTECT\00140959.ini File C:\RECYCLER\NPROTECT\00140960.ini File C:\RECYCLER\NPROTECT\00140961.ini File C:\RECYCLER\NPROTECT\00140962.HTM File C:\RECYCLER\NPROTECT\00140963.ini File C:\RECYCLER\NPROTECT\00140964.edb File C:\RECYCLER\NPROTECT\00140965.log File C:\RECYCLER\NPROTECT\00140966 File C:\RECYCLER\NPROTECT\00140967 File C:\RECYCLER\NPROTECT\00140968 File C:\RECYCLER\NPROTECT\00140969.cmd File C:\RECYCLER\NPROTECT\00140970.exe File C:\RECYCLER\NPROTECT\00140971 File C:\RECYCLER\NPROTECT\00140972 File C:\RECYCLER\NPROTECT\00140973.log File C:\RECYCLER\NPROTECT\00140974.reg File C:\RECYCLER\NPROTECT\00140975 File C:\RECYCLER\NPROTECT\00140976.txt File C:\RECYCLER\NPROTECT\00140977 File C:\RECYCLER\NPROTECT\00140978.VBS File C:\RECYCLER\NPROTECT\00140979 File C:\RECYCLER\NPROTECT\00140980 File C:\RECYCLER\NPROTECT\00140981 File C:\RECYCLER\NPROTECT\00140982 File C:\RECYCLER\NPROTECT\00140983.reg File C:\RECYCLER\NPROTECT\00140984.bat File C:\RECYCLER\NPROTECT\00140985.exe File C:\RECYCLER\NPROTECT\00140986.exe File C:\RECYCLER\NPROTECT\00140987.EXE File C:\RECYCLER\NPROTECT\00140988.exe File C:\RECYCLER\NPROTECT\00140989.EXE File C:\RECYCLER\NPROTECT\00140990.exe File C:\RECYCLER\NPROTECT\00140991.exe File C:\RECYCLER\NPROTECT\00140992.reg File C:\RECYCLER\NPROTECT\00140993 File C:\RECYCLER\NPROTECT\00140994.REG File C:\RECYCLER\NPROTECT\00140995.bat File C:\RECYCLER\NPROTECT\00141018 File C:\RECYCLER\NPROTECT\00141020 File C:\RECYCLER\NPROTECT\00141127.MPQ File C:\RECYCLER\NPROTECT\00141132 File C:\RECYCLER\NPROTECT\00141133.MPQ File C:\RECYCLER\NPROTECT\00141134.TRA File C:\RECYCLER\NPROTECT\00141135.TRA File C:\RECYCLER\NPROTECT\00141136.TRA File C:\RECYCLER\NPROTECT\00141146.cfg File C:\RECYCLER\NPROTECT\00141149.SYS File C:\RECYCLER\NPROTECT\00141196.log File C:\RECYCLER\NPROTECT\00141201.ocx File C:\RECYCLER\NPROTECT\00141202.inf File C:\RECYCLER\NPROTECT\00141203.inf File C:\RECYCLER\NPROTECT\00141216.INI File C:\RECYCLER\NPROTECT\00141388.C$$ File C:\RECYCLER\NPROTECT\00141389.cfg File C:\RECYCLER\NPROTECT\00141397 File C:\RECYCLER\NPROTECT\00141428.edb File C:\RECYCLER\NPROTECT\00141429.log File C:\RECYCLER\NPROTECT\00141434.ldb File C:\RECYCLER\NPROTECT\00141437.edb File C:\RECYCLER\NPROTECT\00141438.edb File C:\RECYCLER\NPROTECT\00141439.DAT File C:\RECYCLER\NPROTECT\00141440.CRM File C:\RECYCLER\NPROTECT\00141441.DAT File C:\RECYCLER\NPROTECT\00141444.XML File C:\RECYCLER\NPROTECT\00141445.INI File C:\RECYCLER\NPROTECT\00141456.dll File C:\RECYCLER\NPROTECT\00141457.dll File C:\RECYCLER\NPROTECT\00141458.exe File C:\RECYCLER\NPROTECT\00141459.dll File C:\RECYCLER\NPROTECT\00141460.dll File C:\RECYCLER\NPROTECT\00141461.exe File C:\RECYCLER\NPROTECT\00141462.rq0 File C:\RECYCLER\NPROTECT\00141463.inf File C:\RECYCLER\NPROTECT\00141464.txt File C:\RECYCLER\NPROTECT\00141465.cat File C:\RECYCLER\NPROTECT\00141466.dll File C:\RECYCLER\NPROTECT\00141467.exe File C:\RECYCLER\NPROTECT\00141468.url File C:\RECYCLER\NPROTECT\00141469.ver File C:\RECYCLER\NPROTECT\00141470.inf File C:\RECYCLER\NPROTECT\00141471.INF File C:\RECYCLER\NPROTECT\00141472.INF File C:\RECYCLER\NPROTECT\00141473.dll File C:\RECYCLER\NPROTECT\00141474.PSM File C:\RECYCLER\NPROTECT\00141475.STA File C:\RECYCLER\NPROTECT\00141476.STA File C:\RECYCLER\NPROTECT\00141477.STA File C:\RECYCLER\NPROTECT\00141478.DAT File C:\RECYCLER\NPROTECT\00141479.CRM File C:\RECYCLER\NPROTECT\00141480.DAT File C:\RECYCLER\NPROTECT\00141481.XML File C:\RECYCLER\NPROTECT\00141484.edb File C:\RECYCLER\NPROTECT\00141499.edb File C:\RECYCLER\NPROTECT\00141500.DAT

12-07-2006, 03:45 PM	#14 (permalink)
cathyp Registered User Join Date: Nov 2006 Posts: 21 OS: xp	3rd section: File C:\RECYCLER\NPROTECT\00141501.DAT File C:\RECYCLER\NPROTECT\00141502.CRM File C:\RECYCLER\NPROTECT\00141504.XML File C:\RECYCLER\NPROTECT\00141510.ldb File C:\RECYCLER\NPROTECT\00141511.DAT File C:\RECYCLER\NPROTECT\00141512.CRM File C:\RECYCLER\NPROTECT\00141519.XML File C:\RECYCLER\NPROTECT\00141526.edb File C:\RECYCLER\NPROTECT\00141607.cab File C:\RECYCLER\NPROTECT\00141620.edb File C:\RECYCLER\NPROTECT\00141621.DAT File C:\RECYCLER\NPROTECT\00141622.DAT File C:\RECYCLER\NPROTECT\00141623.CRM File C:\RECYCLER\NPROTECT\00141624.XML File C:\RECYCLER\NPROTECT\00141625.ldb File C:\RECYCLER\NPROTECT\00141626.DAT File C:\RECYCLER\NPROTECT\00141627.CRM File C:\RECYCLER\NPROTECT\00141628.DAT File C:\RECYCLER\NPROTECT\00141629.XML File C:\RECYCLER\NPROTECT\00141640.edb File C:\RECYCLER\NPROTECT\00141686.cfg File C:\RECYCLER\NPROTECT\00141689.SYS File C:\RECYCLER\NPROTECT\00141711.edb File C:\RECYCLER\NPROTECT\00141717 File C:\RECYCLER\NPROTECT\00141718.MPQ File C:\RECYCLER\NPROTECT\00141719.TRA File C:\RECYCLER\NPROTECT\00141720.TRA File C:\RECYCLER\NPROTECT\00141721.TRA File C:\RECYCLER\NPROTECT\00141749.ldb File C:\RECYCLER\NPROTECT\00141751.htm File C:\RECYCLER\NPROTECT\00141800.SWF File C:\RECYCLER\NPROTECT\00141801.GIF File C:\RECYCLER\NPROTECT\00141802.JPG File C:\RECYCLER\NPROTECT\00141803.JPG File C:\RECYCLER\NPROTECT\00141804.MMC File C:\RECYCLER\NPROTECT\00141807.MMC File C:\RECYCLER\NPROTECT\00141808.PF File C:\RECYCLER\NPROTECT\00141809.DAT File C:\RECYCLER\NPROTECT\00141810.CRM File C:\RECYCLER\NPROTECT\00141811.DAT File C:\RECYCLER\NPROTECT\00141812.XML File C:\RECYCLER\NPROTECT\00141817.cfg File C:\RECYCLER\NPROTECT\00141819.SYS File C:\RECYCLER\NPROTECT\00141828.edb File C:\RECYCLER\NPROTECT\00141831.INI File C:\RECYCLER\NPROTECT\00141839.edb File C:\RECYCLER\NPROTECT\00141908.log File C:\RECYCLER\NPROTECT\00141909.log File C:\RECYCLER\NPROTECT\00141910.log File C:\RECYCLER\NPROTECT\00141913.edb File C:\RECYCLER\NPROTECT\00141914.log File C:\RECYCLER\NPROTECT\00141946.edb File C:\RECYCLER\NPROTECT\00141969.edb File C:\RECYCLER\NPROTECT\00142005.edb File C:\RECYCLER\NPROTECT\00142099.edb File C:\RECYCLER\NPROTECT\00142151.cfg File C:\RECYCLER\NPROTECT\00142153.SYS File C:\RECYCLER\NPROTECT\00142156.log File C:\RECYCLER\NPROTECT\00142168.C$$ File C:\RECYCLER\NPROTECT\00142169.cfg File C:\RECYCLER\NPROTECT\00142177 File C:\RECYCLER\NPROTECT\00142221.ldb File C:\RECYCLER\NPROTECT\00142224.edb File C:\RECYCLER\NPROTECT\00142225.edb File C:\RECYCLER\NPROTECT\00142226.CRM File C:\RECYCLER\NPROTECT\00142227.XML File C:\RECYCLER\NPROTECT\00142238.cab File C:\RECYCLER\NPROTECT\00142254.edb File C:\RECYCLER\NPROTECT\00142260.DAT File C:\RECYCLER\NPROTECT\00142261.DLL File C:\RECYCLER\NPROTECT\00142262.VXD File C:\RECYCLER\NPROTECT\00142263.DLL File C:\RECYCLER\NPROTECT\00142264.SYS File C:\RECYCLER\NPROTECT\00142265.GRD File C:\RECYCLER\NPROTECT\00142266.SIG File C:\RECYCLER\NPROTECT\00142267.SPM File C:\RECYCLER\NPROTECT\00142268.SYS File C:\RECYCLER\NPROTECT\00142269.BIN File C:\RECYCLER\NPROTECT\00142270 File C:\RECYCLER\NPROTECT\00142271.EXP File C:\RECYCLER\NPROTECT\00142272.SYS File C:\RECYCLER\NPROTECT\00142273.VXD File C:\RECYCLER\NPROTECT\00142274.DLL File C:\RECYCLER\NPROTECT\00142275.EXP File C:\RECYCLER\NPROTECT\00142276.SYS File C:\RECYCLER\NPROTECT\00142277.VXD File C:\RECYCLER\NPROTECT\00142278.DLL File C:\RECYCLER\NPROTECT\00142279.TXT File C:\RECYCLER\NPROTECT\00142280.DAT File C:\RECYCLER\NPROTECT\00142281.CAT File C:\RECYCLER\NPROTECT\00142282.INF File C:\RECYCLER\NPROTECT\00142283.CAT File C:\RECYCLER\NPROTECT\00142284.INF File C:\RECYCLER\NPROTECT\00142285.DAT File C:\RECYCLER\NPROTECT\00142286.DAT File C:\RECYCLER\NPROTECT\00142287.DAT File C:\RECYCLER\NPROTECT\00142288.DAT File C:\RECYCLER\NPROTECT\00142289.TXT File C:\RECYCLER\NPROTECT\00142290.DAT File C:\RECYCLER\NPROTECT\00142291.DAT File C:\RECYCLER\NPROTECT\00142292.DAT File C:\RECYCLER\NPROTECT\00142293.DAT File C:\RECYCLER\NPROTECT\00142294.DAT File C:\RECYCLER\NPROTECT\00142295.TXT File C:\RECYCLER\NPROTECT\00142296.GRD File C:\RECYCLER\NPROTECT\00142297.SIG File C:\RECYCLER\NPROTECT\00142298.INF File C:\RECYCLER\NPROTECT\00142299.DAT File C:\RECYCLER\NPROTECT\00142300.DAT File C:\RECYCLER\NPROTECT\00142301.DAT File C:\RECYCLER\NPROTECT\00142302.DAT File C:\RECYCLER\NPROTECT\00142303.DAT File C:\RECYCLER\NPROTECT\00142304.DAT File C:\RECYCLER\NPROTECT\00142305.DAT File C:\RECYCLER\NPROTECT\00142306.DAT File C:\RECYCLER\NPROTECT\00142307.DAT File C:\RECYCLER\NPROTECT\00142308.DAT File C:\RECYCLER\NPROTECT\00142309.TXT File C:\RECYCLER\NPROTECT\00142310.DAT File C:\RECYCLER\NPROTECT\00142333 File C:\RECYCLER\NPROTECT\00142337 File C:\RECYCLER\NPROTECT\00142385 File C:\RECYCLER\NPROTECT\00142387 File C:\RECYCLER\NPROTECT\00142389 File C:\RECYCLER\NPROTECT\00142391.txt File C:\RECYCLER\NPROTECT\00142392.txt File C:\RECYCLER\NPROTECT\00142393.txt File C:\RECYCLER\NPROTECT\00142394.txt File C:\RECYCLER\NPROTECT\00142395.txt File C:\RECYCLER\NPROTECT\00142396.txt File C:\RECYCLER\NPROTECT\00142397.txt File C:\RECYCLER\NPROTECT\00142398.txt File C:\RECYCLER\NPROTECT\00142399.txt File C:\RECYCLER\NPROTECT\00142400.txt File C:\RECYCLER\NPROTECT\00142401.txt File C:\RECYCLER\NPROTECT\00142402.txt File C:\RECYCLER\NPROTECT\00142403.txt File C:\RECYCLER\NPROTECT\00142404.txt File C:\RECYCLER\NPROTECT\00142405.txt File C:\RECYCLER\NPROTECT\00142406.txt File C:\RECYCLER\NPROTECT\00142407.txt File C:\RECYCLER\NPROTECT\00142408.txt File C:\RECYCLER\NPROTECT\00142409.txt File C:\RECYCLER\NPROTECT\00142410.txt File C:\RECYCLER\NPROTECT\00142411.txt File C:\RECYCLER\NPROTECT\00142412.txt File C:\RECYCLER\NPROTECT\00142413.txt File C:\RECYCLER\NPROTECT\00142414.txt File C:\RECYCLER\NPROTECT\00142415.txt File C:\RECYCLER\NPROTECT\00142416.txt File C:\RECYCLER\NPROTECT\00142417.txt File C:\RECYCLER\NPROTECT\00142418.txt File C:\RECYCLER\NPROTECT\00142419.txt File C:\RECYCLER\NPROTECT\00142420.txt File C:\RECYCLER\NPROTECT\00142421.txt File C:\RECYCLER\NPROTECT\00142422.txt File C:\RECYCLER\NPROTECT\00142423.txt File C:\RECYCLER\NPROTECT\00142424.txt File C:\RECYCLER\NPROTECT\00142425.txt File C:\RECYCLER\NPROTECT\00142426.txt File C:\RECYCLER\NPROTECT\00142427.txt File C:\RECYCLER\NPROTECT\00142428.txt File C:\RECYCLER\NPROTECT\00142429.txt File C:\RECYCLER\NPROTECT\00142430.txt File C:\RECYCLER\NPROTECT\00142431.txt File C:\RECYCLER\NPROTECT\00142432.txt File C:\RECYCLER\NPROTECT\00142433.txt File C:\RECYCLER\NPROTECT\00142434.txt File C:\RECYCLER\NPROTECT\00142440 File C:\RECYCLER\NPROTECT\00142441 File C:\RECYCLER\NPROTECT\00142442 File C:\RECYCLER\NPROTECT\00142443.cmd File C:\RECYCLER\NPROTECT\00142444.exe File C:\RECYCLER\NPROTECT\00142445 File C:\RECYCLER\NPROTECT\00142446 File C:\RECYCLER\NPROTECT\00142447.reg File C:\RECYCLER\NPROTECT\00142448.txt File C:\RECYCLER\NPROTECT\00142449 File C:\RECYCLER\NPROTECT\00142450.VBS File C:\RECYCLER\NPROTECT\00142451 File C:\RECYCLER\NPROTECT\00142452 File C:\RECYCLER\NPROTECT\00142453 File C:\RECYCLER\NPROTECT\00142454 File C:\RECYCLER\NPROTECT\00142455.reg File C:\RECYCLER\NPROTECT\00142456.bat File C:\RECYCLER\NPROTECT\00142457.exe File C:\RECYCLER\NPROTECT\00142458.exe File C:\RECYCLER\NPROTECT\00142459.EXE File C:\RECYCLER\NPROTECT\00142460.exe File C:\RECYCLER\NPROTECT\00142461.EXE File C:\RECYCLER\NPROTECT\00142462.exe File C:\RECYCLER\NPROTECT\00142463.exe File C:\RECYCLER\NPROTECT\00142464.reg File C:\RECYCLER\NPROTECT\00142465 File C:\RECYCLER\NPROTECT\00142466.REG File C:\RECYCLER\NPROTECT\00142467.bat File C:\RECYCLER\NPROTECT\00142468.CRM File C:\RECYCLER\NPROTECT\00142473.DAT File C:\RECYCLER\NPROTECT\00142474.~SA File C:\RECYCLER\NPROTECT\00142477.DAT File C:\RECYCLER\NPROTECT\00142478.XML File C:\RECYCLER\NPROTECT\00142479.DAT File C:\RECYCLER\NPROTECT\00142480.CRM File C:\RECYCLER\NPROTECT\00142482.XML File C:\RECYCLER\NPROTECT\00142483.edb File C:\RECYCLER\NPROTECT\00142488.edb File C:\RECYCLER\NPROTECT\00142489.DAT File C:\RECYCLER\NPROTECT\00142490.DAT File C:\RECYCLER\NPROTECT\00142491.CRM File C:\RECYCLER\NPROTECT\00142492.XML File C:\RECYCLER\NPROTECT\00142507.edb File C:\RECYCLER\NPROTECT\00142532.log File C:\RECYCLER\NPROTECT\00142533.edb File C:\RECYCLER\NPROTECT\00142624.cfg File C:\RECYCLER\NPROTECT\00142626.SYS File C:\RECYCLER\NPROTECT\00142641.edb File C:\RECYCLER\NPROTECT\00142650.REG File C:\RECYCLER\NPROTECT\00142651.REG File C:\RECYCLER\NPROTECT\00142652.REG File C:\RECYCLER\NPROTECT\00142653.REG File C:\RECYCLER\NPROTECT\00142654.REG File C:\RECYCLER\NPROTECT\00142655.REG File C:\RECYCLER\NPROTECT\00142656.REG File C:\RECYCLER\NPROTECT\00142657.REG File C:\RECYCLER\NPROTECT\00142658.REG File C:\RECYCLER\NPROTECT\00142659.REG File C:\RECYCLER\NPROTECT\00142660.REG File C:\RECYCLER\NPROTECT\00142661.REG File C:\RECYCLER\NPROTECT\00142662.REG File C:\RECYCLER\NPROTECT\00142663.REG File C:\RECYCLER\NPROTECT\00142664.REG File C:\RECYCLER\NPROTECT\00142665.REG File C:\RECYCLER\NPROTECT\00142666.REG File C:\RECYCLER\NPROTECT\00142667.REG File C:\RECYCLER\NPROTECT\00142668.REG File C:\RECYCLER\NPROTECT\00142669.REG File C:\RECYCLER\NPROTECT\00142670.REG File C:\RECYCLER\NPROTECT\00142671.REG File C:\RECYCLER\NPROTECT\00142672.REG File C:\RECYCLER\NPROTECT\00142673.REG File C:\RECYCLER\NPROTECT\00142674.REG File C:\RECYCLER\NPROTECT\00142675.REG File C:\RECYCLER\NPROTECT\00142676.REG File C:\RECYCLER\NPROTECT\00142677.REG File C:\RECYCLER\NPROTECT\00142678.REG File C:\RECYCLER\NPROTECT\00142870.sud File C:\RECYCLER\NPROTECT\00142871.sud File C:\RECYCLER\NPROTECT\00142872.INI File C:\RECYCLER\NPROTECT\00142873.OLD File C:\RECYCLER\NPROTECT\00142874.INI File C:\RECYCLER\NPROTECT\00142904.WIN File C:\RECYCLER\NPROTECT\00142906.WIN File C:\RECYCLER\NPROTECT\00142907.WIN File C:\RECYCLER\NPROTECT\00142909.WIN File C:\RECYCLER\NPROTECT\00142911.WIN File C:\RECYCLER\NPROTECT\00142913.WIN File C:\RECYCLER\NPROTECT\00142915.WIN File C:\RECYCLER\NPROTECT\00142921.WIN File C:\RECYCLER\NPROTECT\00142952.C$$ File C:\RECYCLER\NPROTECT\00142953.cfg File C:\RECYCLER\NPROTECT\00142961 File C:\RECYCLER\NPROTECT\00143020.exe