Winantivirus/popups/other virus problems

Posted 6/28/2007 3:52 AM
#49690
User avatar

andyp17 Valued member

Date Joined Nov 2016
Total Posts: 15
Hi Touch,


I am having some trouble trying to fix my poor mother's computer. She originally had pop-up problems, then she paid!! for win anti-virus 2007 thinking that it was a sincere offer and now the computer is having major problems. Now I cannot access the internet from it and it is running very slowly. I'm sure it still has popup problems, but as I said it cannot even access the internet.



I have read your "Before Posting a Log" thread, but I cannot get AVGspyware to give me a report. I double-checked that I had all the correct boxes checked, ran the scan, quarantined the infected files, and at the end the save report button was not active. I have done this twice. Below is the HJT log and the rootlog. If I need to include the AVG report, how can I generate one?



Thanks for your help. As I have been reading other posts on the forum, it seems you are a miracle worker... i am hoping for another one. Looking forward to your reply...





Logfile of HijackThis v1.99.1
Scan saved at 11:04:29 PM, on 6/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\hwpnbmsg.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Common Files\WinAntiVirus Pro 2007\uwa7pcw.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
c:\PROGRA~1\mcafee\VIRUSS~2\mcvsshld.exe
C:\WINDOWS\System32\wuauclt.exe
C:\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.comcast.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\xupnlvrt.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {DA0A267B-D27E-4B23-966A-041D8CEFE1E5} - C:\WINDOWS\System32\ljhhi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - https://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: ljhhi - C:\WINDOWS\System32\ljhhi.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\hwpnbmsg.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe











********************************* ROOTCHK-(21-06-07)-LOG, by ejvindh
Wed 06/27/2007 23:00:38.75

Driver Core (visible) is present. Run COMBOFIX by sUBs or SDFIX by AndyManchesta.

********************************* ROOTCHK-LOG-end


catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, https://www.gmer.net
Rootkit scan 2007-06-27 23:00:40
Windows 5.1.2600 Service Pack 1
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
Posted 6/28/2007 4:04 AM
#49692
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hi and welcome :smile:

Have you tried a systemrestore ?
https://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx

If you have, see if can go online from safe mode with network ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/28/2007 4:28 AM
#49694
User avatar

andyp17 Valued member

Date Joined Nov 2016
Total Posts: 15
Thanks for the quick reply!


I tried a system restore, I chose a date and then the system restarted. After the restart, it said it could not do a system restore because no changes had been made? I don't quite understand it, but that was the result.



I then rebooted the computer in safemode with networking and I still have no access to the internet... And for some reason, the two computers showing a connected network in the next to the clock are no longer there.



In addition to that, did you see anything peculiar from the HJT post in my first thread?



Thank you for the help.
Posted 6/28/2007 4:57 AM
#49695
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Start Hijackthis
Click on the Config button
Click on the Misc Tools button
Click on the button labeled Delete a file on reboot...
A new window will open asking you to select the file that you would like to delete on reboot. Navigate to
C:\WINDOWS\System32\xupnlvrt.dll


and click on it once, and then click on the Open button.



You will now be asked if you would like to reboot your computer to delete the file. Click on the NO button

Same procedure with these:
C:\WINDOWS\System32\ljhhi.dll
C:\WINDOWS\System32\hwpnbmsg.exe


You will now be asked if you would like to reboot your computer to delete the file. Click on the YES button


After reboot, tell how things are running

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/28/2007 10:20 PM
#49736
User avatar

andyp17 Valued member

Date Joined Nov 2016
Total Posts: 15
Hi Touch,

Ok.. I deleted the files that you instructed me to delete...

I am getting a weird notification in the system tray from Windows Genuine Adavantage saying "This version of Windows XP is no longer secure." and it tells me to download service pack 2. It doesn't look like a message from microsoft though. The icon that the message appears from kinda looks like a gray star.

Also, I still cannot access the internet. Any ideas? Another weird thing happened when I was transferring my log files from the infected computer to the laptop i am using... My cable internet is connected to my computer via a USB port. After the internet would not work, I plugged in a flash drive to transfer the files and the computer would not recognize the flash drive. I think then rebooted (internet USB disconnected) and the computer recognized the flash drive with no problem. Is this information helpful?

Thanks again, you're help is very much appreciated.

I have attached the latest HJT log and root log below:



Logfile of HijackThis v1.99.1
Scan saved at 5:50:01 PM, on 6/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.comcast.net/
O2 - BHO: (no name) - {002909EB-AC44-4380-BEB0-24B8CD7117C1} - C:\WINDOWS\System32\ljhhi.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\xupnlvrt.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - https://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: ljhhi - C:\WINDOWS\System32\ljhhi.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\hwpnbmsg.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



********************************* ROOTCHK-(21-06-07)-LOG, by ejvindh
Thu 06/28/2007 18:14:57.31

Driver Core (visible) is present. Run COMBOFIX by sUBs or SDFIX by AndyManchesta.

********************************* ROOTCHK-LOG-end


catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, https://www.gmer.net
Rootkit scan 2007-06-28 18:14:59
Windows 5.1.2600 Service Pack 1
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
Posted 6/28/2007 10:32 PM
#49737
User avatar

bunny328 Member

Date Joined Nov 2016
Total Posts: 6
In these cases where the user has nothing to lose on their hard drive, I would just reformat the computer and start with a fresh copy of windows. It doesn't make sense to save something that does not need to be saved.

That is just my opinion.
Posted 6/28/2007 10:55 PM
#49739
User avatar

andyp17 Valued member

Date Joined Nov 2016
Total Posts: 15
good news... internet is back up and running... just got off the phone with my ISP and the account was locked out and needed to be refreshed....

so i am back online, but pop-ups are still abundant. Please let me know what other info you need.

Thanks Touch.
Posted 6/29/2007 4:27 AM
#49744
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
That´s good news :smile:




Please download Combofix:

https://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

download.bleepingcomputer.com/sUBs/ComboFix.exe
and save to the desktop.

1. Double click on combo.exe & follow the prompts.


2. When finished, it will produce a logfile located at C:\ComboFix.txt.


3. Post the contents of that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.





[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/29/2007 11:44 AM
#49767
User avatar

andyp17 Valued member

Date Joined Nov 2016
Total Posts: 15
Ok... I ran combofix and HJT.. below are the logs

i still have that weird "This version of Windows XP is no longer secure" message.. I accessed the internet, it seems a bit slow, but haven't encountered any pop-ups quite yet...

Thanks again.



ComboFix 07-06-18.2 - C:\Documents and Settings\Donna\Desktop\For Mom\ComboFix.exe
"Donna" - 2007-06-29 7:21:18 - Service Pack 1 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\xupnlvrt.dll
C:\WINDOWS\system32\ihhjl.bak1
C:\WINDOWS\system32\ihhjl.bak2
C:\WINDOWS\system32\ihhjl.ini
C:\WINDOWS\system32\ihhjl.ini2
C:\WINDOWS\system32\ihhjl.tmp
C:\WINDOWS\system32\ihhjl.bak1
C:\WINDOWS\system32\ihhjl.bak2
C:\WINDOWS\system32\ihhjl.ini
C:\WINDOWS\system32\ihhjl.ini2
C:\WINDOWS\system32\ihhjl.tmp


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Donna\Desktop.\internet explorer.lnk
C:\DOCUME~1\Donna\Desktop\internet.lnk
C:\Program Files\inetget2
C:\Temp\0b9
C:\Temp\0b9\tmpTF.log
C:\Temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 )))))))))))))))))))))))))))))))


2007-06-29 07:19 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-28 18:57 66,112 --a------ C:\WINDOWS\system32\slpqxsia.dll
2007-06-28 18:53 128,576 --a------ C:\WINDOWS\system32\qrpjagpw.dll
2007-06-27 20:56 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-27 20:29 d-------- C:\Program Files\CCleaner
2007-06-27 20:27 218,112 --a------ C:\alternativ.exe
2007-06-27 19:43 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-25 14:42 dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DriveCleaner
2007-06-25 14:42 d-------- C:\DOCUME~1\Donna\APPLIC~1\DriveCleaner
2007-06-25 14:41 6,144 --a------ C:\WINDOWS\system32\daila.exe
2007-06-25 14:41 d-------- C:\Program Files\Common Files\DriveCleaner
2007-06-25 14:34 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-25 14:13 d--hs---- C:\UWA7P
2007-06-25 14:12 dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor
2007-06-25 14:12 d-------- C:\DOCUME~1\Donna\APPLIC~1\WinAntiVirus Pro 2007
2007-06-25 14:11 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-06-25 14:11 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-25 14:11 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-25 14:11 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-06-25 14:11 d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-06-25 14:11 d-------- C:\Program Files\Common Files\Companion Wizard
2007-06-25 14:11 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
2007-06-25 14:07 87,248 --a------ C:\DOCUME~1\Donna\APPLIC~1\winantiviruspro2007freeinstall[1].exe
2007-06-25 10:03 122,944 --a------ C:\WINDOWS\system32\cqtdesfl.exe
2007-06-25 09:22 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-06-25 07:44 d-------- C:\WINDOWS\system32\bits
2007-06-25 07:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-06-25 07:42 d--h----- C:\WINDOWS\$hf_mig$
2007-06-25 07:42 d-------- C:\WINDOWS\system32\PreInstall
2007-06-24 20:00 d-------- C:\DOCUME~1\Donna\.housecall6.6
2007-06-24 13:16 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-06-24 13:16 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-06-24 13:16 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-06-24 13:16 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-06-24 13:16 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-06-24 13:15 d-------- C:\WINDOWS\LastGood
2007-06-24 12:51 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-06-24 12:48 d-------- C:\Program Files\McAfee.com
2007-06-24 12:47 d-------- C:\Program Files\Common Files\McAfee
2007-06-24 12:34 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-06-24 12:34 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-06-24 12:34 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-06-24 12:34 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-06-24 12:30 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-24 12:28 d-------- C:\WINDOWS\SoftwareDistribution
2007-06-24 12:27 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-06-24 12:27 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-24 12:27 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-06-24 12:27 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-06-24 12:27 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-06-24 12:27 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-06-24 12:27 d-------- C:\WINDOWS\LastGood.Tmp
2007-06-24 11:56 d-------- C:\DOCUME~1\Donna\APPLIC~1\McAfee
2007-06-24 11:56 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-06-24 10:05 4,672 --a------ C:\WINDOWS\system32\ikquxday.exe
2007-06-23 22:02 266,336 --a------ C:\WINDOWS\system32\ljhhi.dll
2007-06-23 21:57 413,079 --a------ C:\Temp\aZ001.exe
2007-06-23 21:57 d-------- C:\WINDOWS\system32\win
2007-06-23 21:57 d-------- C:\WINDOWS\system32\o02PrEz
2007-06-23 21:57 d-------- C:\WINDOWS\system32\G4
2007-06-23 21:57 d-------- C:\WINDOWS\system32\G3
2007-06-23 21:57 d-------- C:\WINDOWS\system32\G2
2007-06-23 21:57 d-------- C:\WINDOWS\system32\G1
2007-06-23 21:57 d-------- C:\Temp\iee
2007-06-14 15:33 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
2007-06-05 21:20 d-------- C:\DOCUME~1\Donna\APPLIC~1\Ulead Systems
2007-06-05 21:14 d-------- C:\DOCUME~1\Roselle\APPLIC~1\Ulead Systems
2007-06-05 21:14 d-------- C:\DOCUME~1\Roselle\APPLIC~1\DivX
2007-06-05 21:12 40,960 --a------ C:\WINDOWS\system32\Ulead Photo Express ScreenSaver.scr
2007-06-05 21:12 114,688 --------- C:\WINDOWS\system32\UPSCR.Scr
2007-06-05 21:09 d-------- C:\Program Files\Common Files\Ulead Systems
2007-06-05 21:08 d-------- C:\Program Files\Ulead Systems
2007-06-05 21:08 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-25 18:43:14 -------- d-----w C:\Program Files\Messenger
2007-06-25 13:05:29 -------- d-----w C:\Program Files\McAfee
2007-06-24 16:28:40 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-06 01:08:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 01:47]
{1F6581D5-AA53-4b73-A6F9-41420C6B61F1}=C:\WINDOWS\System32\slpqxsia.dll [2007-06-28 18:57]
{5C12FCC7-1489-47A6-8C0B-CA27A943403F}=C:\WINDOWS\System32\ljhhi.dll [2007-06-23 22:02]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\program files\mcafee\virusscan\scriptcl.dll [2006-12-22 16:02]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-08-19 00:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-03-10 15:44]
"Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 20:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-08 08:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljhhi]
C:\WINDOWS\System32\ljhhi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-06-24 16:49:38 C:\WINDOWS\tasks\McDefragTask.job
2007-06-24 16:49:36 C:\WINDOWS\tasks\McQcTask.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, https://www.gmer.net
Rootkit scan 2007-06-29 07:32:03
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-29 7:36:40 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-29 07:36

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 7:38:45 AM, on 6/29/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee\VIRUSS~2\mcvsshld.exe
C:\WINDOWS\System32\WgaTray.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.comcast.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\System32\slpqxsia.dll
O2 - BHO: (no name) - {5C12FCC7-1489-47A6-8C0B-CA27A943403F} - C:\WINDOWS\System32\ljhhi.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - https://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: ljhhi - C:\WINDOWS\System32\ljhhi.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\hwpnbmsg.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Posted 6/29/2007 12:20 PM
#49769
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Is this - "This version of Windows XP is no longer secure" - a popup message, or an icon in system tray ?





Please download Vundofix [3][color=#22229c>https://www.superantispyware.com/superantispywarefreevspro.html[/3]



Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.

close the program











Start Superantispyware/rightclick on the black/yellow bug in tray.

Hit - Scan Your Computer - button

Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,

it will scan now. When scan have finished, put a checkmark with all items it found. Next, after cleaning, allow it to Reboot







Start Superantispyware again –

Click Preferences and then click the statistics/logs tab.

Click the dated log and press view log and a text file will appear.







Post this log along with fresh hijackthis log, C:\vundofix.txt and tell how things are running ?























[/color]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/29/2007 1:25 PM
#49773
User avatar

andyp17 Valued member

Date Joined Nov 2016
Total Posts: 15
Hi Touch,

The - "This version of Windows XP is no longer secure" - is a message coming from an icon in the system tray. It kinda looks like a gray star and says "Windows Genuine Advantage" at the top of the message. The message also says to download SP2 and has a link that goes to https://go.microsoft...(can't remember the rest of the link)

I will run those other programs ASAP... Unfortunately, I am at work right now and can't access that computer until later today... work always gets in the way of things!

I will repost later. Thanks!
Posted 6/29/2007 1:47 PM
#49775
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok, that´s probably because You still are running SP1. When Your computer are clean I´ll suggest You update to SP2

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/29/2007 11:01 PM
#49805
User avatar

andyp17 Valued member

Date Joined Nov 2016
Total Posts: 15
Hi again...

I have followed your instructions and run vundofix and superantispyware, then created a new HJT log, they can be found below.

The computer seems to be running much better now, I spent some time on the internet and there doesn't seem to be anymore popups. The -"This version of Windows XP is no longer secure"- message has gone away too.

Now the system tray is prompting me to install windows updates that have been downloaded. Is this safe?

Other than that, it seems to be okay... Whats next? Once again, all of this help is much appreciated... btw, how did you learn all of this?


SUPERAntiSpyware Scan Log
https://www.superantispyware.com

Generated 06/29/2007 at 06:33 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1273

Scan type : Complete Scan
Total Scan Time : 01:21:09

Memory items scanned : 379
Memory threats detected : 0
Registry items scanned : 4644
Registry threats detected : 328
File items scanned : 33592
File threats detected : 54

Adware.Tracking Cookie
C:\Documents and Settings\Donna\Cookies\donna@casalemedia[2].txt
C:\Documents and Settings\Donna\Cookies\donna@ad.yieldmanager[1].txt
C:\Documents and Settings\Donna\Cookies\donna@specificclick[1].txt
C:\Documents and Settings\Donna\Cookies\donna@winantivirus[2].txt
C:\Documents and Settings\Donna\Cookies\donna@hitbox[2].txt
C:\Documents and Settings\Donna\Cookies\donna@bs.serving-sys[1].txt
C:\Documents and Settings\Donna\Cookies\donna@trafficmp[2].txt
C:\Documents and Settings\Donna\Cookies\donna@advertising[2].txt
C:\Documents and Settings\Donna\Cookies\donna@winantispyware[2].txt
C:\Documents and Settings\Donna\Cookies\donna@stats1.reliablestats[1].txt
C:\Documents and Settings\Donna\Cookies\donna@tacoda[2].txt
C:\Documents and Settings\Donna\Cookies\donna@serving-sys[1].txt
C:\Documents and Settings\Donna\Cookies\donna@adopt.specificclick[2].txt
C:\Documents and Settings\Donna\Cookies\donna@indextools[2].txt
C:\Documents and Settings\Donna\Cookies\donna@toseeka[2].txt
C:\Documents and Settings\Donna\Cookies\donna@drivecleaner[1].txt
C:\Documents and Settings\Donna\Cookies\donna@doubleclick[1].txt
C:\Documents and Settings\Donna\Cookies\donna@fastclick[1].txt
C:\Documents and Settings\Donna\Cookies\donna@zedo[1].txt
C:\Documents and Settings\Donna\Cookies\donna@findwhat[1].txt
C:\Documents and Settings\Donna\Cookies\donna@atdmt[2].txt
C:\Documents and Settings\Donna\Cookies\donna@cbs.112.2o7[1].txt
C:\Documents and Settings\Donna\Cookies\donna@pro-market[2].txt
C:\Documents and Settings\Donna\Cookies\donna@partner2profit[1].txt
C:\Documents and Settings\Donna\Cookies\donna@cpvfeed[2].txt
C:\Documents and Settings\Donna\Cookies\donna@ehg-hollywood.hitbox[1].txt
C:\Documents and Settings\Roselle\Cookies\roselle@drivecleaner[1].txt
C:\Documents and Settings\Roselle\Cookies\roselle@winantivirus[1].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKCR\AntiVirusCOM.AVOfficeProtect.1
HKCR\AntiVirusCOM.AVOfficeProtect.1\CLSID
HKCR\AppId\WinPGI.DLL
HKCR\AppId\WinPGI.DLL#AppID
HKLM\SYSTEM\CurrentControlSet\Services\FOPN
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Type
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Start
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Tag
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Group
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Overflow
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\DONNA\LOCALS~1\TEMP\ROOTCHK
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\APPLICATION DATA\GRISOFT\AVG ANTISPYWARE 7.5\QUARANTINE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\DONNA\LOCALS~1\TEMP\NSF11.TMP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\FHGY5N0J
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\NWL0BHM6
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LG43WI0T
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ISBCVN6P
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\VIRUSSCAN\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\MCLOGS\PERSONAL FIREWALL\MPFSRV
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\MCLOGS\MISP\MCNASVC
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\MCLOGS\VIRUSSCAN\MCSYSMON
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\MCLOGS\VIRUSSCAN\MCSHIELD
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\MCLOGS\MISP\MCPROMGR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\MPF\DATA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\CONFIG
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\ALLUSE~1\APPLIC~1\MCAFEE\MSC\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\TEMP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\COOKIES
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\LOCAL SETTINGS\APPLICATION DATA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KTV2TV01.DEFAULT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SALESMONITOR\DATA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\DONNA\LOCALS~1\TEMP\NSZ6A.TMP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\DONNA\LOCALS~1\TEMP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\DESKTOP\FOR MOM
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\AVG ANTI-SPYWARE 7.5
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\SIGNATURES
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRISOFT\AVG ANTI-SPYWARE 7.5\DOWNLOADS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\TRANSLATIONS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\COMMON FILES\WINANTIVIRUS PRO 2007
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\CCLEANER
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\START MENU\PROGRAMS\CCLEANER
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\DESKTOP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\WBEM\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\LOCAL SETTINGS\HISTORY\HISTORY.IE5
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\LOCAL SETTINGS\TEMPORARY INTERNET FILES
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ROSELLE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ROSELLE\LOCAL SETTINGS\APPLICATION DATA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MSN\MSNCOREFILES
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MSN6
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ROSELLE\COOKIES
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ROSELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2XYM5OVG.DEFAULT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\RECYCLER\S-1-5-21-1708537768-152049171-1060284298-1005
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ROSELLE\RECENT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\ROSELLE\LOCALS~1\TEMP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\VIRUSSCAN\DATA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\HACKERWATCH\DATA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\RECYCLER\S-1-5-21-1708537768-152049171-1060284298-1004
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\RECENT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\DONNA\LOCALS~1\TEMP\NSB33.TMP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\PDF995
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\INF
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\CATROOT2
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\MSC
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DLLCACHE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB842773$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\LASTGOOD\SYSTEM32\DLLCACHE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\LASTGOOD
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\LASTGOOD\SYSTEM32
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB914388\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB914388
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB914388$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ADMINISTRATOR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ADMINISTRATOR\RECENT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\~NSU.TMP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\USER ACCOUNT PICTURES
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\MCLOGS\COMMON\MCPROMGR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\MCLOGS\PERSONAL FIREWALL\MCPROMGR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\MCLOGS\VIRUSSCAN\MCPROMGR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\MCLOGS\MISP\MCUPDMGR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\ALLUSE~1\APPLIC~1\MCAFEE\MSC
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\MCLOGS\MISP\MCSVRCNT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\MCLOGS\VIRUSSCAN\MCODS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\DONNA\LOCALS~1\TEMP\IS-0PIP1.TMP\_ISETUP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\DRIVECLEANER
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\MCLOGS\VIRUSSCAN\MCSHELL
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SECURITY\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\W12BO5Y7
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\0JA5WX2D
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SETUP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\LASTGOOD\INF
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\GAMES
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MCAFEE\MCLOGS\VIRUSSCAN\MCUPDMGR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\VQS5M0UZ
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\APPLICATION DATA\WINANTIVIRUS PRO 2007\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\APPLICATION DATA\DRIVECLEANER\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\DRIVECLEANER\DATA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\APPLICATION DATA\DRIVECLEANER
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\MINIDUMP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\LOCAL SETTINGS\HISTORY\HISTORY.IE5\MSHIST012007062520070626
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\WINANTIVIRUS PRO 2007
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WTQJKXMJ
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\DONNA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\K9MJOTQJ
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB899587$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB899587\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB899587
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB899587\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB899587\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1147
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1148
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1148\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1148\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1148\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB899587$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB924496\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB924191\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB924191
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB924191\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB924191\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB923414\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB923414
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB923414\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB923414\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB922819\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB922819
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB922819\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB922819\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB922616\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB922616
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB922616\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB922616\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB921883\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB921883
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB921883\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB921883\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB920685\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB920685
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB920685\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB920685\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB911927\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB911927
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB911927\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB911562\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB911927\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB911562
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB911562\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB911562\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB911280\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB911280
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB911280\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB911280\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB901017\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB901017
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB901017\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB901017\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB899591\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB899591
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB899591\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB899591\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB896424\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB896424
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB896424\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB896424\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB896423\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB896423
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB896423\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB896423\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB893756\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB893756
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB893756\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB893756\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB885836\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB885836
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB885836\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB885836\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB885835\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB885835
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB885835\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB885835\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB873339\UPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB873339
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB873339\SP2GDR
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$HF_MIG$\KB873339\SP2QFE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB924191$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1146
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1147\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1147\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1147\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB924191$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB922819$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1145
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1146\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1146\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1146\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB922819$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB885835$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1144
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1145\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1145\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1145\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\LASTGOOD\DRIVER CACHE\I386
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB885835$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\LASTGOOD\SYSTEM32\DRIVERS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB885836$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\WINDOWS NT\ACCESSORIES
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\TEXTCONV
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1143
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1144\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1144\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1144\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB885836$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB923414$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1142
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1143\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1143\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1143\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB923414$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB921883$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1141
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1142\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1142\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1142\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB921883$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB911927$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1140
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1141\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1141\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1141\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB911927$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB922616$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1139
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1140\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1140\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1140\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB922616$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB901017$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1138
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1139\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1139\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1139\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB901017$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB899591$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1137
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1138\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1138\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1138\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB899591$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB920685$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1136
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1137\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1137\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1137\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB920685$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB896424$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1135
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1136\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1136\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1136\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB896424$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB893756$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1134
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1135\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1135\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1135\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB893756$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB911280$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1133
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1134\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1134\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1134\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB911280$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB911562$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1132
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1133\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1133\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1133\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB911562$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SECURITY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB896423$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1131
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1132\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1132\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1132\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB896423$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB873339$\SPUNINST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1130
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1131\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1131\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1131\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB873339$
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SECURITY\DATABASE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1130\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1130\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1130\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\FIFOED\SNAPSHOT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\FIFOED\SNAPSHOT\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\FIFOED\SNAPSHOT\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\FIFOED
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#NextInstance
HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}
HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\ProxyStubClsid
HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\ProxyStubClsid32
HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\TypeLib
HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\TypeLib#Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\Program Files\Common Files\WinAntiVirus Pro 2007\WAPChk.dll [  ]
C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log
C:\Program Files\Common Files\WinAntiVirus Pro 2007\unicoWS.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\uwa7pcw.exe
C:\Program Files\Common Files\WinAntiVirus Pro 2007
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\avtasks.dat
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\CookieList.dat
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\history.db
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\Logs\update.log
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\Logs
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\PGE.dat
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007
C:\UWA7P\Quar
C:\WINDOWS\..\UWA7P
C:\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1148\A0098965.EXE

Adware.ClickSpring/Outer Info Network
C:\Documents and Settings\Donna\Start Menu\Programs\Outerinfo

Trojan.ZQuest
C:\PROGRAM FILES\MSN\HOREF83122.DLL

Trojan.Downloader-Gen/Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\B122.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1153\A0101861.EXE

Trojan.Downloader-WebBuying/PopEngine
C:\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1148\A0098918.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1148\A0098967.DLL

Adware.WebBuying Assistant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1148\A0098926.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1148\A0098968.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1148\A0098979.EXE

Adware.RAC
C:\SYSTEM VOLUME INFORMATION\_RESTORE{30FC69E1-B257-4243-87C4-388EB4A8B2DE}\RP1151\A0099753.EXE



Logfile of HijackThis v1.99.1
Scan saved at 6:48:31 PM, on 6/29/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.comcast.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C12FCC7-1489-47A6-8C0B-CA27A943403F} - C:\WINDOWS\System32\ljhhi.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - https://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\hwpnbmsg.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe





VundoFix V6.5.4

Checking Java version...

Scan started at 4:56:57 PM 6/29/2007

Listing files found while scanning....

C:\windows\system32\ihhjl.bak1
C:\WINDOWS\System32\ihhjl.ini
C:\WINDOWS\System32\ljhhi.dll
C:\windows\system32\qrpjagpw.dll
C:\WINDOWS\System32\slpqxsia.dll
C:\windows\system32\wpgajprq.ini

Beginning removal...

Attempting to delete C:\windows\system32\ihhjl.bak1
C:\windows\system32\ihhjl.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\ihhjl.ini
C:\WINDOWS\System32\ihhjl.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\ljhhi.dll
C:\WINDOWS\System32\ljhhi.dll Has been deleted!

Attempting to delete C:\windows\system32\qrpjagpw.dll
C:\windows\system32\qrpjagpw.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\slpqxsia.dll
C:\WINDOWS\System32\slpqxsia.dll Has been deleted!

Attempting to delete C:\windows\system32\wpgajprq.ini
C:\windows\system32\wpgajprq.ini Has been deleted!

Performing Repairs to the registry.
Done!
Posted 6/30/2007 4:10 AM
#49817
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked:

O2 - BHO: (no name) - {5C12FCC7-1489-47A6-8C0B-CA27A943403F} - C:\WINDOWS\System32\ljhhi.dll (file missing)

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)





And You´re done :smile:





It should be safe update to SP2 now





Here are some additional software you may wish to consider using, to prevent malicious software installing in your PC - >



IE-SPYADS IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of known ad/spy servers and domains to the "Restricted Zone" of Internet Explorer. (Choose between IE-SPYAD and IE-SPYAD2). Freeware



Spyware Guard Background process to check applications as they begin to run for known spyware and malicious code, produces an alert if necessary.

Freeware.

SpywareBlaster From the same company as Spyware guard, this is not a scanner, it blocks malicious objects and code from being downloaded, in addition to blocking access to sites known to download malware. Spyware Blaster runs silently in the background and does not need to be open to protect your PC.

Freeware





Make sure to keep these programs up-to-date





I´ve learned it by doing hijackthis logs in many years ;-)

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/30/2007 4:00 PM
#49850
User avatar

andyp17 Valued member

Date Joined Nov 2016
Total Posts: 15
Well... like i said in my first post... it seems that you are a miracle worker. I am very grateful for all of your help, thank you very much! It seems that all my problems are fixed, I just have a couple more questions for you...

What happens to all the files that are quarantined? Are they still on the PC? Do I have to delete them? Are they gone for good?

Should I delete any of the programs that I have used during this process (e.g. avgspyware, rootcheck, superantispyware, etc.)?


Again, Thank you. I owe you one and if I can every be of assistance to you in the future, please let me know.
Posted 7/1/2007 4:16 AM
#49867
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
If your computer are running fine, it should be safe to delete quarantinde files
I´ll suggest You keep Superantispyware, as it is an excellent scanner, and delete the other tools/programs




I´ll let You know ;-)






Since your problem appears to be resolved, this thread will now be closed.

If you need this topic reopened, please PM a Moderator and we will reopen it for you



[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, September 24, 2018, 11:03 PM (GMT +2)
There are a total of 61,678 posts in 13,587 threads.
In the last 3 days there were 0 new threads and 1 reply posts.

Who's online

This forum has 38,397 registered members. Please welcome our newest member, NeilBhisma.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.