MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Hijack this log file
June 06, 2020, 11:53:29 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 06, 2020, 11:53:29 AM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2 3 4 Go Down Print
Author Topic: Hijack this log file  (Read 11248 times)
sleepypunk1111
Full Member
***

Karma: +0/-0
Offline Offline

Posts: 97


Bookmark and Share

View Profile
« on: January 11, 2008, 05:38:46 AM »

 
It seem like an a year occurence with my computer getting hit by spyware

after all of the required scans and restarts here is my hijack this log file

Logfile of HijackThis v1.99.1
Scan saved at 11:34:43 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX32.453\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask    .exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [20c42d77] rundll32.exe "C:\WINDOWS\system32\adyveuml.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win84.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvfud.dll,startup
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179489774609
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: January 12, 2008, 12:32:57 AM »

Its a Vundo infection...

This will  help to identify  malware on your system.
Please download Combofix from  any of these locations:

 Here
 or
Here

Save ComboFix to the desktop and please ensure that you disable realtime security/virus programs that  monitors your PC while CF is running.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Caution...Never run and remove files using ComboFix without being supervised by a security analyst.
« Last Edit: January 12, 2008, 12:38:52 AM by Pancake » Logged

An Australian Member of

EDDY
sleepypunk1111
Full Member
***

Karma: +0/-0
Offline Offline

Posts: 97


Bookmark and Share

View Profile
« Reply #2 on: January 13, 2008, 07:40:05 AM »

I've attached the combo fix log because it is too large

here is the hijack this log file

Logfile of HijackThis v1.99.1
Scan saved at 1:35:40 AM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.765\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {FFC2F35C-CD72-4378-B983-0A90B6AE7622} - C:\WINDOWS\system32\ddcyx.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask     .exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [SpyRid] C:\Program Files\Spy-Rid\Spy-Rid.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179489774609
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyvsrr - xxyvsrr.dll (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: January 13, 2008, 08:01:17 AM »

I need the Combofix log...post it in two halfs.
Logged

An Australian Member of

EDDY
sleepypunk1111
Full Member
***

Karma: +0/-0
Offline Offline

Posts: 97


Bookmark and Share

View Profile
« Reply #4 on: January 13, 2008, 05:07:28 PM »

ComboFix 08-01-13.1 - HP_Administrator 2008-01-13  0:19:45.2 - NTFSx86
Running from: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\3Q10O6QQ\ComboFix[1].exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\HP_Administrator\Application Data\printer.exe
C:\Documents and Settings\HP_Administrator\Application Data\ultra
C:\Documents and Settings\HP_Administrator\Application Data\ultra\ultra.inf
C:\Documents and Settings\HP_Administrator\Application Data\ultra\uninstall.bat
C:\Documents and Settings\HP_Administrator\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\HP_Administrator\Desktop\Free Online Dating.lnk
C:\Documents and Settings\HP_Administrator\Desktop\Go to Casino.lnk
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\findfast.exe
C:\pos10.tmp
C:\pos100.tmp
C:\pos101.tmp
C:\pos102.tmp
C:\pos103.tmp
C:\pos104.tmp
C:\pos105.tmp
C:\pos106.tmp
C:\pos107.tmp
C:\pos108.tmp
C:\pos109.tmp
C:\pos10A.tmp
C:\pos10B.tmp
C:\pos10C.tmp
C:\pos10D.tmp
C:\pos10E.tmp
C:\pos10F.tmp
C:\pos11.tmp
C:\pos110.tmp
C:\pos111.tmp
C:\pos112.tmp
C:\pos113.tmp
C:\pos114.tmp
C:\pos115.tmp
C:\pos116.tmp
C:\pos117.tmp
C:\pos118.tmp
C:\pos119.tmp
C:\pos11A.tmp
C:\pos11B.tmp
C:\pos11C.tmp
C:\pos11D.tmp
C:\pos11E.tmp
C:\pos11F.tmp
C:\pos12.tmp
C:\pos120.tmp
C:\pos121.tmp
C:\pos122.tmp
C:\pos123.tmp
C:\pos124.tmp
C:\pos125.tmp
C:\pos126.tmp
C:\pos127.tmp
C:\pos128.tmp
C:\pos129.tmp
C:\pos12A.tmp
C:\pos12B.tmp
C:\pos12C.tmp
C:\pos12D.tmp
C:\pos12E.tmp
C:\pos12F.tmp
C:\pos13.tmp
C:\pos130.tmp
C:\pos131.tmp
C:\pos132.tmp
C:\pos133.tmp
C:\pos134.tmp
C:\pos135.tmp
C:\pos136.tmp
C:\pos137.tmp
C:\pos138.tmp
C:\pos139.tmp
C:\pos13A.tmp
C:\pos13B.tmp
C:\pos13C.tmp
C:\pos13D.tmp
C:\pos13E.tmp
C:\pos13F.tmp
C:\pos14.tmp
C:\pos140.tmp
C:\pos141.tmp
C:\pos142.tmp
C:\pos143.tmp
C:\pos144.tmp
C:\pos145.tmp
C:\pos146.tmp
C:\pos147.tmp
C:\pos148.tmp
C:\pos149.tmp
C:\pos14A.tmp
C:\pos14B.tmp
C:\pos14C.tmp
C:\pos14D.tmp
C:\pos14E.tmp
C:\pos14F.tmp
C:\pos15.tmp
C:\pos150.tmp
C:\pos151.tmp
C:\pos152.tmp
C:\pos153.tmp
C:\pos154.tmp
C:\pos155.tmp
C:\pos156.tmp
C:\pos157.tmp
C:\pos158.tmp
C:\pos159.tmp
C:\pos15A.tmp
C:\pos15B.tmp
C:\pos15C.tmp
C:\pos15D.tmp
C:\pos15E.tmp
C:\pos15F.tmp
C:\pos16.tmp
C:\pos160.tmp
C:\pos161.tmp
C:\pos162.tmp
C:\pos163.tmp
C:\pos164.tmp
C:\pos165.tmp
C:\pos166.tmp
C:\pos167.tmp
C:\pos168.tmp
C:\pos169.tmp
C:\pos16A.tmp
C:\pos16B.tmp
C:\pos16C.tmp
C:\pos16D.tmp
C:\pos16E.tmp
C:\pos16F.tmp
C:\pos17.tmp
C:\pos170.tmp
C:\pos171.tmp
C:\pos172.tmp
C:\pos173.tmp
C:\pos174.tmp
C:\pos175.tmp
C:\pos176.tmp
C:\pos177.tmp
C:\pos178.tmp
C:\pos179.tmp
C:\pos17A.tmp
C:\pos17B.tmp
C:\pos17C.tmp
C:\pos17D.tmp
C:\pos17E.tmp
C:\pos17F.tmp
C:\pos18.tmp
C:\pos180.tmp
C:\pos181.tmp
C:\pos182.tmp
C:\pos183.tmp
C:\pos184.tmp
C:\pos185.tmp
C:\pos186.tmp
C:\pos187.tmp
C:\pos188.tmp
C:\pos189.tmp
C:\pos18A.tmp
C:\pos18B.tmp
C:\pos18C.tmp
C:\pos18D.tmp
C:\pos18E.tmp
C:\pos18F.tmp
C:\pos19.tmp
C:\pos190.tmp
C:\pos191.tmp
C:\pos192.tmp
C:\pos193.tmp
C:\pos194.tmp
C:\pos195.tmp
C:\pos196.tmp
C:\pos197.tmp
C:\pos198.tmp
C:\pos199.tmp
C:\pos19A.tmp
C:\pos19B.tmp
C:\pos19C.tmp
C:\pos19D.tmp
C:\pos19E.tmp
C:\pos19F.tmp
C:\pos1A.tmp
C:\pos1A0.tmp
C:\pos1A1.tmp
C:\pos1A2.tmp
C:\pos1A3.tmp
C:\pos1A4.tmp
C:\pos1A5.tmp
C:\pos1A6.tmp
C:\pos1A7.tmp
C:\pos1A8.tmp
C:\pos1A9.tmp
C:\pos1AA.tmp
C:\pos1AB.tmp
C:\pos1AC.tmp
C:\pos1AD.tmp
C:\pos1AE.tmp
C:\pos1AF.tmp
C:\pos1B.tmp
C:\pos1B0.tmp
C:\pos1B1.tmp
C:\pos1B2.tmp
C:\pos1B3.tmp
C:\pos1B4.tmp
C:\pos1B5.tmp
C:\pos1B6.tmp
C:\pos1B7.tmp
C:\pos1B8.tmp
C:\pos1B9.tmp
C:\pos1BA.tmp
C:\pos1BB.tmp
C:\pos1BC.tmp
C:\pos1BD.tmp
C:\pos1BE.tmp
C:\pos1BF.tmp
C:\pos1C.tmp
C:\pos1C0.tmp
C:\pos1C1.tmp
C:\pos1C2.tmp
C:\pos1C3.tmp
C:\pos1C4.tmp
C:\pos1C5.tmp
C:\pos1C6.tmp
C:\pos1C7.tmp
C:\pos1C8.tmp
C:\pos1C9.tmp
C:\pos1CA.tmp
C:\pos1CB.tmp
C:\pos1CC.tmp
C:\pos1CD.tmp
C:\pos1CE.tmp
C:\pos1CF.tmp
C:\pos1D.tmp
C:\pos1D0.tmp
C:\pos1D1.tmp
C:\pos1D2.tmp
C:\pos1D3.tmp
C:\pos1D4.tmp
C:\pos1D5.tmp
C:\pos1D6.tmp
C:\pos1D7.tmp
C:\pos1D8.tmp
C:\pos1D9.tmp
C:\pos1DA.tmp
C:\pos1DB.tmp
C:\pos1DC.tmp
C:\pos1DD.tmp
C:\pos1DE.tmp
C:\pos1DF.tmp
C:\pos1E.tmp
C:\pos1E0.tmp
C:\pos1E1.tmp
C:\pos1E2.tmp
C:\pos1E3.tmp
C:\pos1E4.tmp
C:\pos1E5.tmp
C:\pos1E6.tmp
C:\pos1E7.tmp
C:\pos1E8.tmp
C:\pos1E9.tmp
C:\pos1EA.tmp
C:\pos1EB.tmp
C:\pos1EC.tmp
C:\pos1ED.tmp
C:\pos1EE.tmp
C:\pos1EF.tmp
C:\pos1F.tmp
C:\pos1F0.tmp
C:\pos1F1.tmp
C:\pos1F2.tmp
C:\pos1F3.tmp
C:\pos1F4.tmp
C:\pos1F5.tmp
C:\pos1F6.tmp
C:\pos1F7.tmp
C:\pos1F8.tmp
C:\pos1F9.tmp
C:\pos1FA.tmp
C:\pos1FB.tmp
C:\pos1FC.tmp
C:\pos1FD.tmp
C:\pos1FE.tmp
C:\pos1FF.tmp
C:\pos20.tmp
C:\pos200.tmp
C:\pos201.tmp
C:\pos202.tmp
C:\pos203.tmp
C:\pos204.tmp
C:\pos205.tmp
C:\pos206.tmp
C:\pos207.tmp
C:\pos208.tmp
C:\pos209.tmp
C:\pos20A.tmp
C:\pos20B.tmp
C:\pos20C.tmp
C:\pos20D.tmp
C:\pos20E.tmp
C:\pos20F.tmp
C:\pos21.tmp
C:\pos210.tmp
C:\pos211.tmp
C:\pos212.tmp
C:\pos213.tmp
C:\pos214.tmp
C:\pos215.tmp
C:\pos216.tmp
C:\pos217.tmp
C:\pos218.tmp
C:\pos219.tmp
C:\pos21A.tmp
C:\pos21B.tmp
C:\pos21C.tmp
C:\pos21D.tmp
C:\pos21E.tmp
C:\pos21F.tmp
C:\pos22.tmp
C:\pos220.tmp
C:\pos221.tmp
C:\pos222.tmp
C:\pos223.tmp
C:\pos224.tmp
C:\pos225.tmp
C:\pos226.tmp
C:\pos227.tmp
C:\pos228.tmp
C:\pos229.tmp
C:\pos22A.tmp
C:\pos22B.tmp
C:\pos22C.tmp
C:\pos22D.tmp
C:\pos22E.tmp
C:\pos22F.tmp
C:\pos23.tmp
C:\pos230.tmp
C:\pos231.tmp
C:\pos232.tmp
C:\pos233.tmp
C:\pos234.tmp
C:\pos235.tmp
C:\pos236.tmp
C:\pos237.tmp
C:\pos238.tmp
C:\pos239.tmp
C:\pos23A.tmp
C:\pos23B.tmp
C:\pos23C.tmp
C:\pos23D.tmp
C:\pos23E.tmp
C:\pos23F.tmp
C:\pos24.tmp
C:\pos240.tmp
C:\pos241.tmp
C:\pos242.tmp
C:\pos243.tmp
C:\pos244.tmp
C:\pos245.tmp
C:\pos246.tmp
C:\pos247.tmp
C:\pos248.tmp
C:\pos249.tmp
C:\pos24A.tmp
C:\pos24B.tmp
C:\pos24C.tmp
C:\pos24D.tmp
C:\pos24E.tmp
C:\pos24F.tmp
C:\pos25.tmp
C:\pos250.tmp
C:\pos251.tmp
C:\pos252.tmp
C:\pos253.tmp
C:\pos254.tmp
C:\pos255.tmp
C:\pos256.tmp
C:\pos257.tmp
C:\pos258.tmp
C:\pos259.tmp
C:\pos25A.tmp
C:\pos25B.tmp
C:\pos25C.tmp
C:\pos25D.tmp
C:\pos25E.tmp
C:\pos25F.tmp
C:\pos26.tmp
C:\pos260.tmp
C:\pos261.tmp
C:\pos262.tmp
C:\pos263.tmp
C:\pos264.tmp
C:\pos265.tmp
C:\pos266.tmp
C:\pos267.tmp
C:\pos268.tmp
C:\pos269.tmp
C:\pos26A.tmp
C:\pos26B.tmp
C:\pos26C.tmp
C:\pos26D.tmp
C:\pos26E.tmp
C:\pos26F.tmp
C:\pos27.tmp
C:\pos270.tmp
C:\pos271.tmp
C:\pos272.tmp
C:\pos273.tmp
C:\pos274.tmp
C:\pos275.tmp
C:\pos276.tmp
C:\pos277.tmp
C:\pos278.tmp
C:\pos279.tmp
C:\pos27A.tmp
C:\pos27B.tmp
C:\pos27C.tmp
C:\pos27D.tmp
C:\pos27E.tmp
C:\pos27F.tmp
C:\pos28.tmp
C:\pos280.tmp
C:\pos281.tmp
C:\pos282.tmp
C:\pos283.tmp
C:\pos284.tmp
C:\pos285.tmp
C:\pos286.tmp
C:\pos287.tmp
C:\pos288.tmp
C:\pos289.tmp
C:\pos28A.tmp
C:\pos28B.tmp
C:\pos28C.tmp
C:\pos28D.tmp
C:\pos28E.tmp
C:\pos28F.tmp
C:\pos29.tmp
C:\pos290.tmp
C:\pos291.tmp
C:\pos292.tmp
C:\pos293.tmp
C:\pos294.tmp
C:\pos295.tmp
C:\pos296.tmp
C:\pos297.tmp
C:\pos298.tmp
C:\pos299.tmp
C:\pos29A.tmp
C:\pos29B.tmp
C:\pos29C.tmp
C:\pos29D.tmp
C:\pos29E.tmp
C:\pos29F.tmp
C:\pos2A.tmp
C:\pos2A0.tmp
C:\pos2A1.tmp
C:\pos2A2.tmp
C:\pos2A3.tmp
C:\pos2A4.tmp
C:\pos2A5.tmp
C:\pos2A6.tmp
C:\pos2A7.tmp
C:\pos2A8.tmp
C:\pos2A9.tmp
C:\pos2AA.tmp
C:\pos2AB.tmp
C:\pos2AC.tmp
C:\pos2AD.tmp
C:\pos2AE.tmp
C:\pos2AF.tmp
C:\pos2B.tmp
C:\pos2B0.tmp
C:\pos2B1.tmp
C:\pos2B2.tmp
C:\pos2B3.tmp
C:\pos2B4.tmp
C:\pos2B5.tmp
C:\pos2B6.tmp
C:\pos2B7.tmp
C:\pos2B8.tmp
C:\pos2B9.tmp
C:\pos2BA.tmp
C:\pos2BB.tmp
C:\pos2BC.tmp
C:\pos2BD.tmp
C:\pos2BE.tmp
C:\pos2BF.tmp
C:\pos2C.tmp
C:\pos2C0.tmp
C:\pos2C1.tmp
C:\pos2C2.tmp
C:\pos2C3.tmp
C:\pos2C4.tmp
C:\pos2C5.tmp
C:\pos2C6.tmp
C:\pos2C7.tmp
C:\pos2C8.tmp
C:\pos2C9.tmp
C:\pos2CA.tmp
C:\pos2CB.tmp
C:\pos2CC.tmp
C:\pos2CD.tmp
C:\pos2CE.tmp
C:\pos2CF.tmp
C:\pos2D.tmp
C:\pos2D0.tmp
C:\pos2D1.tmp
C:\pos2D2.tmp
C:\pos2D3.tmp
C:\pos2D4.tmp
C:\pos2D5.tmp
C:\pos2D6.tmp
C:\pos2D7.tmp
C:\pos2D8.tmp
C:\pos2D9.tmp
C:\pos2DA.tmp
C:\pos2DB.tmp
C:\pos2DC.tmp
C:\pos2DD.tmp
C:\pos2DE.tmp
C:\pos2DF.tmp
C:\pos2E.tmp
C:\pos2E0.tmp
C:\pos2E1.tmp
C:\pos2E2.tmp
C:\pos2E3.tmp
C:\pos2E4.tmp
C:\pos2E5.tmp
C:\pos2E6.tmp
C:\pos2E7.tmp
C:\pos2E8.tmp
C:\pos2E9.tmp
C:\pos2EA.tmp
C:\pos2EB.tmp
C:\pos2EC.tmp
C:\pos2ED.tmp
C:\pos2EE.tmp
C:\pos2EF.tmp
C:\pos2F.tmp
C:\pos2F0.tmp
C:\pos2F1.tmp
C:\pos2F2.tmp
C:\pos2F3.tmp
C:\pos2F4.tmp



Logged

 
sleepypunk1111
Full Member
***

Karma: +0/-0
Offline Offline

Posts: 97


Bookmark and Share

View Profile
« Reply #5 on: January 13, 2008, 05:08:50 PM »

C:\pos2F5.tmp
C:\pos2F6.tmp
C:\pos2F7.tmp
C:\pos2F8.tmp
C:\pos2F9.tmp
C:\pos2FA.tmp
C:\pos2FB.tmp
C:\pos2FC.tmp
C:\pos2FD.tmp
C:\pos2FE.tmp
C:\pos2FF.tmp
C:\pos30.tmp
C:\pos300.tmp
C:\pos301.tmp
C:\pos302.tmp
C:\pos303.tmp
C:\pos304.tmp
C:\pos305.tmp
C:\pos306.tmp
C:\pos307.tmp
C:\pos308.tmp
C:\pos309.tmp
C:\pos30A.tmp
C:\pos30B.tmp
C:\pos30C.tmp
C:\pos30D.tmp
C:\pos30E.tmp
C:\pos30F.tmp
C:\pos31.tmp
C:\pos310.tmp
C:\pos311.tmp
C:\pos312.tmp
C:\pos313.tmp
C:\pos314.tmp
C:\pos315.tmp
C:\pos316.tmp
C:\pos317.tmp
C:\pos318.tmp
C:\pos319.tmp
C:\pos31A.tmp
C:\pos31B.tmp
C:\pos31C.tmp
C:\pos31D.tmp
C:\pos31E.tmp
C:\pos31F.tmp
C:\pos32.tmp
C:\pos320.tmp
C:\pos321.tmp
C:\pos322.tmp
C:\pos323.tmp
C:\pos324.tmp
C:\pos325.tmp
C:\pos326.tmp
C:\pos327.tmp
C:\pos328.tmp
C:\pos329.tmp
C:\pos32A.tmp
C:\pos32B.tmp
C:\pos32C.tmp
C:\pos32D.tmp
C:\pos32E.tmp
C:\pos32F.tmp
C:\pos33.tmp
C:\pos330.tmp
C:\pos331.tmp
C:\pos332.tmp
C:\pos333.tmp
C:\pos334.tmp
C:\pos335.tmp
C:\pos336.tmp
C:\pos337.tmp
C:\pos338.tmp
C:\pos339.tmp
C:\pos33A.tmp
C:\pos33B.tmp
C:\pos33C.tmp
C:\pos33D.tmp
C:\pos33E.tmp
C:\pos33F.tmp
C:\pos34.tmp
C:\pos340.tmp
C:\pos341.tmp
C:\pos342.tmp
C:\pos343.tmp
C:\pos344.tmp
C:\pos345.tmp
C:\pos346.tmp
C:\pos347.tmp
C:\pos348.tmp
C:\pos349.tmp
C:\pos34A.tmp
C:\pos34B.tmp
C:\pos34C.tmp
C:\pos34D.tmp
C:\pos34E.tmp
C:\pos34F.tmp
C:\pos35.tmp
C:\pos350.tmp
C:\pos351.tmp
C:\pos352.tmp
C:\pos353.tmp
C:\pos354.tmp
C:\pos355.tmp
C:\pos356.tmp
C:\pos357.tmp
C:\pos358.tmp
C:\pos359.tmp
C:\pos35A.tmp
C:\pos35B.tmp
C:\pos35C.tmp
C:\pos35D.tmp
C:\pos35E.tmp
C:\pos35F.tmp
C:\pos36.tmp
C:\pos360.tmp
C:\pos361.tmp
C:\pos362.tmp
C:\pos363.tmp
C:\pos364.tmp
C:\pos365.tmp
C:\pos366.tmp
C:\pos367.tmp
C:\pos368.tmp
C:\pos369.tmp
C:\pos36A.tmp
C:\pos36B.tmp
C:\pos36C.tmp
C:\pos36D.tmp
C:\pos36E.tmp
C:\pos36F.tmp
C:\pos37.tmp
C:\pos370.tmp
C:\pos371.tmp
C:\pos372.tmp
C:\pos373.tmp
C:\pos374.tmp
C:\pos375.tmp
C:\pos376.tmp
C:\pos377.tmp
C:\pos378.tmp
C:\pos379.tmp
C:\pos37A.tmp
C:\pos37B.tmp
C:\pos37C.tmp
C:\pos37D.tmp
C:\pos37E.tmp
C:\pos37F.tmp
C:\pos38.tmp
C:\pos380.tmp
C:\pos381.tmp
C:\pos382.tmp
C:\pos383.tmp
C:\pos384.tmp
C:\pos385.tmp
C:\pos386.tmp
C:\pos387.tmp
C:\pos388.tmp
C:\pos389.tmp
C:\pos38A.tmp
C:\pos38B.tmp
C:\pos38C.tmp
C:\pos38D.tmp
C:\pos38E.tmp
C:\pos38F.tmp
C:\pos39.tmp
C:\pos390.tmp
C:\pos391.tmp
C:\pos392.tmp
C:\pos393.tmp
C:\pos394.tmp
C:\pos395.tmp
C:\pos396.tmp
C:\pos397.tmp
C:\pos398.tmp
C:\pos399.tmp
C:\pos39A.tmp
C:\pos39B.tmp
C:\pos39C.tmp
C:\pos39D.tmp
C:\pos39E.tmp
C:\pos39F.tmp
C:\pos3A.tmp
C:\pos3A0.tmp
C:\pos3A1.tmp
C:\pos3A2.tmp
C:\pos3A3.tmp
C:\pos3A4.tmp
C:\pos3A5.tmp
C:\pos3A6.tmp
C:\pos3A7.tmp
C:\pos3A8.tmp
C:\pos3A9.tmp
C:\pos3AA.tmp
C:\pos3AB.tmp
C:\pos3AC.tmp
C:\pos3AD.tmp
C:\pos3AE.tmp
C:\pos3AF.tmp
C:\pos3B.tmp
C:\pos3B0.tmp
C:\pos3B1.tmp
C:\pos3B2.tmp
C:\pos3B3.tmp
C:\pos3B4.tmp
C:\pos3B5.tmp
C:\pos3B6.tmp
C:\pos3B7.tmp
C:\pos3B8.tmp
C:\pos3B9.tmp
C:\pos3BA.tmp
C:\pos3BB.tmp
C:\pos3BC.tmp
C:\pos3BD.tmp
C:\pos3BE.tmp
C:\pos3BF.tmp
C:\pos3C.tmp
C:\pos3C0.tmp
C:\pos3C1.tmp
C:\pos3C2.tmp
C:\pos3C3.tmp
C:\pos3C4.tmp
C:\pos3C5.tmp
C:\pos3C6.tmp
C:\pos3C7.tmp
C:\pos3C8.tmp
C:\pos3C9.tmp
C:\pos3CA.tmp
C:\pos3CB.tmp
C:\pos3CC.tmp
C:\pos3CD.tmp
C:\pos3CE.tmp
C:\pos3CF.tmp
C:\pos3D.tmp
C:\pos3D0.tmp
C:\pos3D1.tmp
C:\pos3D2.tmp
C:\pos3D3.tmp
C:\pos3D4.tmp
C:\pos3D5.tmp
C:\pos3D6.tmp
C:\pos3D7.tmp
C:\pos3D8.tmp
C:\pos3D9.tmp
C:\pos3DA.tmp
C:\pos3DB.tmp
C:\pos3DC.tmp
C:\pos3DD.tmp
C:\pos3DE.tmp
C:\pos3DF.tmp
C:\pos3E.tmp
C:\pos3E0.tmp
C:\pos3E1.tmp
C:\pos3E2.tmp
C:\pos3E3.tmp
C:\pos3E4.tmp
C:\pos3E5.tmp
C:\pos3E6.tmp
C:\pos3E7.tmp
C:\pos3E8.tmp
C:\pos3E9.tmp
C:\pos3EA.tmp
C:\pos3EB.tmp
C:\pos3EC.tmp
C:\pos3ED.tmp
C:\pos3EE.tmp
C:\pos3EF.tmp
C:\pos3F.tmp
C:\pos3F0.tmp
C:\pos3F1.tmp
C:\pos3F2.tmp
C:\pos3F3.tmp
C:\pos3F4.tmp
C:\pos3F5.tmp
C:\pos3F6.tmp
C:\pos3F7.tmp
C:\pos3F8.tmp
C:\pos3F9.tmp
C:\pos3FA.tmp
C:\pos3FB.tmp
C:\pos3FC.tmp
C:\pos3FD.tmp
C:\pos3FE.tmp
C:\pos3FF.tmp
C:\pos40.tmp
C:\pos400.tmp
C:\pos401.tmp
C:\pos402.tmp
C:\pos403.tmp
C:\pos404.tmp
C:\pos405.tmp
C:\pos406.tmp
C:\pos407.tmp
C:\pos408.tmp
C:\pos409.tmp
C:\pos40A.tmp
C:\pos40B.tmp
C:\pos40C.tmp
C:\pos40D.tmp
C:\pos40E.tmp
C:\pos40F.tmp
C:\pos41.tmp
C:\pos410.tmp
C:\pos411.tmp
C:\pos412.tmp
C:\pos413.tmp
C:\pos414.tmp
C:\pos415.tmp
C:\pos416.tmp
C:\pos417.tmp
C:\pos418.tmp
C:\pos419.tmp
C:\pos41A.tmp
C:\pos41B.tmp
C:\pos41C.tmp
C:\pos41D.tmp
C:\pos41E.tmp
C:\pos41F.tmp
C:\pos42.tmp
C:\pos420.tmp
C:\pos421.tmp
C:\pos422.tmp
C:\pos423.tmp
C:\pos424.tmp
C:\pos425.tmp
C:\pos426.tmp
C:\pos427.tmp
C:\pos428.tmp
C:\pos429.tmp
C:\pos42A.tmp
C:\pos42B.tmp
C:\pos42C.tmp
C:\pos42D.tmp
C:\pos42E.tmp
C:\pos42F.tmp
C:\pos43.tmp
C:\pos430.tmp
C:\pos431.tmp
C:\pos432.tmp
C:\pos433.tmp
C:\pos434.tmp
C:\pos435.tmp
C:\pos436.tmp
C:\pos437.tmp
C:\pos438.tmp
C:\pos439.tmp
C:\pos43A.tmp
C:\pos43B.tmp
C:\pos43C.tmp
C:\pos43D.tmp
C:\pos43E.tmp
C:\pos43F.tmp
C:\pos44.tmp
C:\pos440.tmp
C:\pos441.tmp
C:\pos442.tmp
C:\pos443.tmp
C:\pos444.tmp
C:\pos445.tmp
C:\pos446.tmp
C:\pos447.tmp
C:\pos448.tmp
C:\pos449.tmp
C:\pos44A.tmp
C:\pos44B.tmp
C:\pos44C.tmp
C:\pos44D.tmp
C:\pos44E.tmp
C:\pos44F.tmp
C:\pos45.tmp
C:\pos450.tmp
C:\pos451.tmp
C:\pos452.tmp
C:\pos453.tmp
C:\pos454.tmp
C:\pos455.tmp
C:\pos456.tmp
C:\pos457.tmp
C:\pos458.tmp
C:\pos459.tmp
C:\pos45A.tmp
C:\pos45B.tmp
C:\pos45C.tmp
C:\pos45D.tmp
C:\pos45E.tmp
C:\pos45F.tmp
C:\pos46.tmp
C:\pos460.tmp
C:\pos461.tmp
C:\pos462.tmp
C:\pos463.tmp
C:\pos464.tmp
C:\pos465.tmp
C:\pos466.tmp
C:\pos467.tmp
C:\pos468.tmp
C:\pos469.tmp
C:\pos46A.tmp
C:\pos46B.tmp
C:\pos46C.tmp
C:\pos46D.tmp
C:\pos46E.tmp
C:\pos46F.tmp
C:\pos47.tmp
C:\pos470.tmp
C:\pos471.tmp
C:\pos472.tmp
C:\pos473.tmp
C:\pos474.tmp
C:\pos475.tmp
C:\pos476.tmp
C:\pos477.tmp
C:\pos478.tmp
C:\pos479.tmp
C:\pos47A.tmp
C:\pos47B.tmp
C:\pos47C.tmp
C:\pos47D.tmp
C:\pos47E.tmp
C:\pos47F.tmp
C:\pos48.tmp
C:\pos480.tmp
C:\pos481.tmp
C:\pos482.tmp
C:\pos483.tmp
C:\pos484.tmp
C:\pos485.tmp
C:\pos486.tmp
C:\pos487.tmp
C:\pos488.tmp
C:\pos489.tmp
C:\pos48A.tmp
C:\pos48B.tmp
C:\pos48C.tmp
C:\pos48D.tmp
C:\pos48E.tmp
C:\pos48F.tmp
C:\pos49.tmp
C:\pos490.tmp
C:\pos491.tmp
C:\pos492.tmp
C:\pos493.tmp
C:\pos494.tmp
C:\pos495.tmp
C:\pos496.tmp
C:\pos497.tmp
C:\pos498.tmp
C:\pos499.tmp
C:\pos49A.tmp
C:\pos49B.tmp
C:\pos49C.tmp
C:\pos49D.tmp
C:\pos49E.tmp
C:\pos49F.tmp
C:\pos4A.tmp
C:\pos4A0.tmp
C:\pos4A1.tmp
C:\pos4A2.tmp
C:\pos4A3.tmp
C:\pos4A4.tmp
C:\pos4A5.tmp
C:\pos4A6.tmp
C:\pos4A7.tmp
C:\pos4A8.tmp
C:\pos4A9.tmp
C:\pos4AA.tmp
C:\pos4AB.tmp
C:\pos4AC.tmp
C:\pos4AD.tmp
C:\pos4AE.tmp
C:\pos4AF.tmp
C:\pos4B.tmp
C:\pos4B0.tmp
C:\pos4B1.tmp
C:\pos4B2.tmp
C:\pos4B3.tmp
C:\pos4B4.tmp
C:\pos4B5.tmp
C:\pos4B6.tmp
C:\pos4B7.tmp
C:\pos4B8.tmp
C:\pos4B9.tmp
C:\pos4BA.tmp
C:\pos4BB.tmp
C:\pos4BC.tmp
C:\pos4BD.tmp
C:\pos4BE.tmp
C:\pos4BF.tmp
C:\pos4C.tmp
C:\pos4C0.tmp
C:\pos4C1.tmp
C:\pos4C2.tmp
C:\pos4C3.tmp
C:\pos4C4.tmp
C:\pos4C5.tmp
C:\pos4C6.tmp
C:\pos4C7.tmp
C:\pos4C8.tmp
C:\pos4C9.tmp
C:\pos4CA.tmp
C:\pos4CB.tmp
C:\pos4CC.tmp
C:\pos4CD.tmp
C:\pos4CE.tmp
C:\pos4CF.tmp
C:\pos4D.tmp
C:\pos4D0.tmp
C:\pos4D1.tmp
C:\pos4D2.tmp
C:\pos4D3.tmp
C:\pos4D4.tmp
C:\pos4D5.tmp
C:\pos4D6.tmp
C:\pos4D7.tmp
C:\pos4D8.tmp
C:\pos4D9.tmp
C:\pos4DA.tmp
C:\pos4DB.tmp
C:\pos4DC.tmp
C:\pos4DD.tmp
C:\pos4DE.tmp
C:\pos4DF.tmp
C:\pos4E.tmp
C:\pos4E0.tmp
C:\pos4E1.tmp
C:\pos4E2.tmp
C:\pos4E3.tmp
C:\pos4E4.tmp
C:\pos4E5.tmp
C:\pos4E6.tmp
C:\pos4E7.tmp
C:\pos4E8.tmp
C:\pos4E9.tmp
C:\pos4EA.tmp
C:\pos4EB.tmp
C:\pos4EC.tmp
C:\pos4ED.tmp
C:\pos4EE.tmp
C:\pos4EF.tmp
C:\pos4F.tmp
C:\pos4F0.tmp
C:\pos4F1.tmp
C:\pos4F2.tmp
C:\pos4F3.tmp
C:\pos4F4.tmp
C:\pos4F5.tmp
C:\pos4F6.tmp
C:\pos4F7.tmp
C:\pos4F8.tmp
C:\pos4F9.tmp
C:\pos4FA.tmp
C:\pos4FB.tmp
C:\pos4FC.tmp
C:\pos4FD.tmp
C:\pos4FE.tmp
C:\pos4FF.tmp
C:\pos50.tmp
C:\pos500.tmp
C:\pos501.tmp
C:\pos502.tmp
C:\pos503.tmp
C:\pos504.tmp
C:\pos505.tmp
C:\pos506.tmp
C:\pos507.tmp
C:\pos508.tmp
C:\pos509.tmp
C:\pos50A.tmp
C:\pos50B.tmp
C:\pos50C.tmp
C:\pos50D.tmp
C:\pos50E.tmp
C:\pos50F.tmp
C:\pos51.tmp
C:\pos510.tmp
C:\pos511.tmp
C:\pos512.tmp
C:\pos513.tmp
C:\pos514.tmp
C:\pos515.tmp
C:\pos516.tmp
C:\pos517.tmp
C:\pos518.tmp
C:\pos519.tmp
C:\pos51A.tmp
C:\pos51B.tmp
C:\pos51C.tmp
C:\pos51D.tmp
C:\pos51E.tmp
C:\pos51F.tmp
C:\pos52.tmp
C:\pos520.tmp
C:\pos521.tmp
C:\pos522.tmp
C:\pos523.tmp
C:\pos524.tmp
C:\pos525.tmp
C:\pos526.tmp
C:\pos527.tmp
C:\pos528.tmp
C:\pos529.tmp
C:\pos52A.tmp
C:\pos52B.tmp
C:\pos52C.tmp
C:\pos52D.tmp
C:\pos52E.tmp
C:\pos52F.tmp
C:\pos53.tmp
C:\pos530.tmp
C:\pos531.tmp
C:\pos532.tmp
C:\pos533.tmp
C:\pos534.tmp
C:\pos535.tmp
C:\pos536.tmp
C:\pos537.tmp
C:\pos538.tmp
C:\pos539.tmp
C:\pos53A.tmp
C:\pos53B.tmp
C:\pos53C.tmp
C:\pos53D.tmp
C:\pos53E.tmp
C:\pos53F.tmp
C:\pos54.tmp
C:\pos540.tmp
C:\pos541.tmp
C:\pos542.tmp
C:\pos543.tmp
C:\pos544.tmp
C:\pos545.tmp
C:\pos546.tmp
C:\pos547.tmp
C:\pos548.tmp
C:\pos549.tmp
C:\pos54A.tmp
C:\pos54B.tmp
C:\pos54C.tmp
C:\pos54D.tmp
C:\pos54E.tmp
C:\pos54F.tmp
C:\pos55.tmp
C:\pos550.tmp
C:\pos551.tmp
C:\pos552.tmp
C:\pos553.tmp
C:\pos554.tmp
C:\pos555.tmp
C:\pos556.tmp
C:\pos557.tmp
C:\pos558.tmp
C:\pos559.tmp
C:\pos55A.tmp
C:\pos55B.tmp
C:\pos55C.tmp
C:\pos55D.tmp
C:\pos55E.tmp
C:\pos55F.tmp
C:\pos56.tmp
C:\pos560.tmp
C:\pos561.tmp
C:\pos562.tmp
C:\pos563.tmp
C:\pos564.tmp
C:\pos565.tmp
C:\pos566.tmp
C:\pos567.tmp
C:\pos568.tmp
C:\pos569.tmp
C:\pos56A.tmp
C:\pos56B.tmp
C:\pos56C.tmp
C:\pos56D.tmp
C:\pos56E.tmp
C:\pos56F.tmp
C:\pos57.tmp
C:\pos570.tmp
C:\pos571.tmp
C:\pos572.tmp
C:\pos573.tmp
C:\pos574.tmp
C:\pos575.tmp
C:\pos576.tmp
C:\pos577.tmp
C:\pos578.tmp
C:\pos579.tmp
C:\pos57A.tmp
C:\pos57B.tmp
C:\pos57C.tmp
C:\pos57D.tmp
C:\pos57E.tmp
C:\pos57F.tmp
C:\pos58.tmp
C:\pos580.tmp
C:\pos581.tmp
C:\pos582.tmp
C:\pos583.tmp
C:\pos584.tmp
C:\pos585.tmp
C:\pos586.tmp
C:\pos587.tmp
C:\pos588.tmp
C:\pos589.tmp
C:\pos58A.tmp
C:\pos58B.tmp
C:\pos58C.tmp
C:\pos58D.tmp
C:\pos58E.tmp
C:\pos58F.tmp
C:\pos59.tmp
C:\pos590.tmp
C:\pos591.tmp
C:\pos592.tmp
C:\pos593.tmp
C:\pos594.tmp
C:\pos595.tmp
C:\pos596.tmp
C:\pos597.tmp
C:\pos598.tmp
C:\pos599.tmp
C:\pos59A.tmp
C:\pos59B.tmp
C:\pos59C.tmp
C:\pos59D.tmp
C:\pos59E.tmp
C:\pos59F.tmp
C:\pos5A.tmp
C:\pos5A0.tmp
C:\pos5A1.tmp
C:\pos5A2.tmp
C:\pos5A3.tmp
C:\pos5A4.tmp
C:\pos5A5.tmp
C:\pos5A6.tmp
C:\pos5A7.tmp
C:\pos5A8.tmp
C:\pos5A9.tmp
C:\pos5AA.tmp
C:\pos5AB.tmp
C:\pos5AC.tmp
C:\pos5AD.tmp
C:\pos5AE.tmp
C:\pos5AF.tmp
C:\pos5B.tmp
C:\pos5B0.tmp
C:\pos5B1.tmp
C:\pos5B2.tmp
C:\pos5B3.tmp
C:\pos5B4.tmp
C:\pos5B5.tmp
C:\pos5B6.tmp
C:\pos5B7.tmp
C:\pos5B8.tmp
C:\pos5B9.tmp
C:\pos5BA.tmp
C:\pos5BB.tmp
C:\pos5BC.tmp
C:\pos5BD.tmp
C:\pos5BE.tmp
C:\pos5BF.tmp
C:\pos5C.tmp
C:\pos5C0.tmp
C:\pos5C1.tmp
C:\pos5C2.tmp
C:\pos5C3.tmp
C:\pos5C4.tmp
C:\pos5C5.tmp
C:\pos5C6.tmp
C:\pos5C7.tmp
C:\pos5C8.tmp
C:\pos5C9.tmp
C:\pos5CA.tmp
C:\pos5CB.tmp
C:\pos5CC.tmp
C:\pos5CD.tmp
C:\pos5CE.tmp
C:\pos5CF.tmp
C:\pos5D.tmp
C:\pos5D0.tmp
C:\pos5D1.tmp
C:\pos5D2.tmp
C:\pos5D3.tmp
C:\pos5D4.tmp
C:\pos5D5.tmp
C:\pos5D6.tmp
C:\pos5D7.tmp
C:\pos5D8.tmp
C:\pos5D9.tmp
C:\pos5DA.tmp
C:\pos5DB.tmp
C:\pos5DC.tmp
C:\pos5DD.tmp
C:\pos5DE.tmp
C:\pos5DF.tmp
C:\pos5E.tmp
C:\pos5E0.tmp
C:\pos5E1.tmp
C:\pos5E2.tmp
C:\pos5E3.tmp
C:\pos5E4.tmp
C:\pos5E5.tmp
C:\pos5E6.tmp
C:\pos5E7.tmp
C:\pos5E8.tmp
C:\pos5E9.tmp
C:\pos5EA.tmp
C:\pos5EB.tmp
C:\pos5EC.tmp
C:\pos5ED.tmp
C:\pos5EE.tmp
C:\pos5EF.tmp
C:\pos5F.tmp
C:\pos5F0.tmp
C:\pos5F1.tmp
C:\pos5F2.tmp
C:\pos5F3.tmp
C:\pos5F4.tmp
C:\pos5F5.tmp
C:\pos5F6.tmp
C:\pos5F7.tmp
C:\pos5F8.tmp
C:\pos5F9.tmp
C:\pos5FA.tmp
C:\pos5FB.tmp
C:\pos5FC.tmp
C:\pos5FD.tmp
C:\pos5FE.tmp
C:\pos5FF.tmp
C:\pos60.tmp
C:\pos600.tmp
C:\pos601.tmp
C:\pos602.tmp
C:\pos603.tmp
C:\pos604.tmp
C:\pos605.tmp
C:\pos606.tmp
C:\pos607.tmp
C:\pos608.tmp
C:\pos60B.tmp
C:\pos60C.tmp
C:\pos60D.tmp
C:\pos60E.tmp
C:\pos60F.tmp
C:\pos61.tmp
C:\pos610.tmp
C:\pos612.tmp
C:\pos613.tmp
C:\pos614.tmp
C:\pos615.tmp
C:\pos616.tmp
C:\pos617.tmp
C:\pos618.tmp
C:\pos61B.tmp
C:\pos61C.tmp
C:\pos61D.tmp
C:\pos61E.tmp
C:\pos61F.tmp
C:\pos62.tmp
C:\pos621.tmp
C:\pos622.tmp
C:\pos623.tmp
C:\pos625.tmp
C:\pos627.tmp
C:\pos628.tmp
C:\pos629.tmp
C:\pos62A.tmp
C:\pos62C.tmp
C:\pos62D.tmp
C:\pos62E.tmp
C:\pos62F.tmp
C:\pos63.tmp
C:\pos630.tmp
C:\pos631.tmp
C:\pos632.tmp
C:\pos633.tmp
C:\pos634.tmp
C:\pos635.tmp
C:\pos636.tmp
C:\pos637.tmp
C:\pos638.tmp
C:\pos639.tmp
C:\pos63A.tmp
C:\pos63B.tmp
C:\pos63D.tmp
C:\pos63E.tmp
C:\pos63F.tmp
C:\pos64.tmp
C:\pos640.tmp
C:\pos641.tmp
C:\pos642.tmp
C:\pos643.tmp
C:\pos644.tmp
C:\pos645.tmp
C:\pos646.tmp
C:\pos647.tmp
C:\pos648.tmp
C:\pos649.tmp
C:\pos64A.tmp
C:\pos64B.tmp
C:\pos64C.tmp
C:\pos64D.tmp
C:\pos64E.tmp
C:\pos64F.tmp
C:\pos65.tmp
C:\pos650.tmp
C:\pos651.tmp
C:\pos652.tmp
C:\pos653.tmp
C:\pos654.tmp
C:\pos655.tmp
C:\pos656.tmp
C:\pos657.tmp
C:\pos658.tmp
C:\pos659.tmp
C:\pos65A.tmp
C:\pos65B.tmp
C:\pos65C.tmp
C:\pos65D.tmp
C:\pos65E.tmp
C:\pos65F.tmp
C:\pos66.tmp


Logged

 
sleepypunk1111
Full Member
***

Karma: +0/-0
Offline Offline

Posts: 97


Bookmark and Share

View Profile
« Reply #6 on: January 13, 2008, 05:10:20 PM »

C:\pos660.tmp
C:\pos661.tmp
C:\pos662.tmp
C:\pos663.tmp
C:\pos664.tmp
C:\pos665.tmp
C:\pos666.tmp
C:\pos667.tmp
C:\pos668.tmp
C:\pos669.tmp
C:\pos66A.tmp
C:\pos66B.tmp
C:\pos66C.tmp
C:\pos66D.tmp
C:\pos66E.tmp
C:\pos66F.tmp
C:\pos67.tmp
C:\pos670.tmp
C:\pos671.tmp
C:\pos672.tmp
C:\pos673.tmp
C:\pos674.tmp
C:\pos675.tmp
C:\pos676.tmp
C:\pos677.tmp
C:\pos678.tmp
C:\pos679.tmp
C:\pos67A.tmp
C:\pos67B.tmp
C:\pos67C.tmp
C:\pos67D.tmp
C:\pos67E.tmp
C:\pos67F.tmp
C:\pos68.tmp
C:\pos680.tmp
C:\pos681.tmp
C:\pos682.tmp
C:\pos683.tmp
C:\pos684.tmp
C:\pos685.tmp
C:\pos686.tmp
C:\pos687.tmp
C:\pos688.tmp
C:\pos689.tmp
C:\pos68A.tmp
C:\pos68B.tmp
C:\pos68C.tmp
C:\pos68D.tmp
C:\pos68E.tmp
C:\pos68F.tmp
C:\pos69.tmp
C:\pos690.tmp
C:\pos691.tmp
C:\pos692.tmp
C:\pos693.tmp
C:\pos694.tmp
C:\pos695.tmp
C:\pos696.tmp
C:\pos697.tmp
C:\pos698.tmp
C:\pos699.tmp
C:\pos69A.tmp
C:\pos69B.tmp
C:\pos69C.tmp
C:\pos69D.tmp
C:\pos69E.tmp
C:\pos69F.tmp
C:\pos6A.tmp
C:\pos6A0.tmp
C:\pos6A1.tmp
C:\pos6A2.tmp
C:\pos6A3.tmp
C:\pos6A4.tmp
C:\pos6A5.tmp
C:\pos6A6.tmp
C:\pos6A7.tmp
C:\pos6A8.tmp
C:\pos6A9.tmp
C:\pos6AA.tmp
C:\pos6AB.tmp
C:\pos6AC.tmp
C:\pos6AD.tmp
C:\pos6AE.tmp
C:\pos6AF.tmp
C:\pos6B.tmp
C:\pos6B0.tmp
C:\pos6B1.tmp
C:\pos6B2.tmp
C:\pos6B3.tmp
C:\pos6B4.tmp
C:\pos6B5.tmp
C:\pos6B6.tmp
C:\pos6B7.tmp
C:\pos6B8.tmp
C:\pos6B9.tmp
C:\pos6BA.tmp
C:\pos6BB.tmp
C:\pos6BC.tmp
C:\pos6BD.tmp
C:\pos6BE.tmp
C:\pos6BF.tmp
C:\pos6C.tmp
C:\pos6C0.tmp
C:\pos6C1.tmp
C:\pos6C2.tmp
C:\pos6C3.tmp
C:\pos6C4.tmp
C:\pos6C5.tmp
C:\pos6C6.tmp
C:\pos6C7.tmp
C:\pos6C8.tmp
C:\pos6C9.tmp
C:\pos6CA.tmp
C:\pos6CB.tmp
C:\pos6CC.tmp
C:\pos6CD.tmp
C:\pos6CE.tmp
C:\pos6CF.tmp
C:\pos6D.tmp
C:\pos6D0.tmp
C:\pos6D1.tmp
C:\pos6D2.tmp
C:\pos6D3.tmp
C:\pos6D4.tmp
C:\pos6D5.tmp
C:\pos6D6.tmp
C:\pos6D7.tmp
C:\pos6D8.tmp
C:\pos6D9.tmp
C:\pos6DA.tmp
C:\pos6DB.tmp
C:\pos6DC.tmp
C:\pos6DD.tmp
C:\pos6DE.tmp
C:\pos6DF.tmp
C:\pos6E.tmp
C:\pos6E0.tmp
C:\pos6E1.tmp
C:\pos6E2.tmp
C:\pos6E3.tmp
C:\pos6E4.tmp
C:\pos6E5.tmp
C:\pos6E6.tmp
C:\pos6E7.tmp
C:\pos6E8.tmp
C:\pos6E9.tmp
C:\pos6EA.tmp
C:\pos6EB.tmp
C:\pos6EC.tmp
C:\pos6ED.tmp
C:\pos6EE.tmp
C:\pos6EF.tmp
C:\pos6F.tmp
C:\pos6F0.tmp
C:\pos6F1.tmp
C:\pos6F2.tmp
C:\pos6F3.tmp
C:\pos6F4.tmp
C:\pos6F5.tmp
C:\pos6F6.tmp
C:\pos6F7.tmp
C:\pos6F8.tmp
C:\pos6F9.tmp
C:\pos6FA.tmp
C:\pos6FB.tmp
C:\pos6FC.tmp
C:\pos6FD.tmp
C:\pos6FE.tmp
C:\pos6FF.tmp
C:\pos70.tmp
C:\pos700.tmp
C:\pos701.tmp
C:\pos702.tmp
C:\pos703.tmp
C:\pos704.tmp
C:\pos705.tmp
C:\pos706.tmp
C:\pos707.tmp
C:\pos708.tmp
C:\pos709.tmp
C:\pos70A.tmp
C:\pos70B.tmp
C:\pos70C.tmp
C:\pos70D.tmp
C:\pos70E.tmp
C:\pos70F.tmp
C:\pos71.tmp
C:\pos710.tmp
C:\pos711.tmp
C:\pos712.tmp
C:\pos713.tmp
C:\pos714.tmp
C:\pos715.tmp
C:\pos716.tmp
C:\pos717.tmp
C:\pos718.tmp
C:\pos719.tmp
C:\pos71A.tmp
C:\pos71B.tmp
C:\pos71C.tmp
C:\pos71D.tmp
C:\pos71E.tmp
C:\pos71F.tmp
C:\pos72.tmp
C:\pos720.tmp
C:\pos721.tmp
C:\pos722.tmp
C:\pos723.tmp
C:\pos724.tmp
C:\pos725.tmp
C:\pos726.tmp
C:\pos727.tmp
C:\pos728.tmp
C:\pos729.tmp
C:\pos72A.tmp
C:\pos72B.tmp
C:\pos72C.tmp
C:\pos72D.tmp
C:\pos72E.tmp
C:\pos72F.tmp
C:\pos73.tmp
C:\pos730.tmp
C:\pos731.tmp
C:\pos732.tmp
C:\pos733.tmp
C:\pos734.tmp
C:\pos735.tmp
C:\pos736.tmp
C:\pos737.tmp
C:\pos738.tmp
C:\pos739.tmp
C:\pos73A.tmp
C:\pos73B.tmp
C:\pos73C.tmp
C:\pos73D.tmp
C:\pos73E.tmp
C:\pos73F.tmp
C:\pos74.tmp
C:\pos740.tmp
C:\pos741.tmp
C:\pos742.tmp
C:\pos743.tmp
C:\pos744.tmp
C:\pos745.tmp
C:\pos746.tmp
C:\pos747.tmp
C:\pos748.tmp
C:\pos749.tmp
C:\pos74A.tmp
C:\pos74B.tmp
C:\pos74C.tmp
C:\pos74D.tmp
C:\pos74E.tmp
C:\pos74F.tmp
C:\pos75.tmp
C:\pos750.tmp
C:\pos751.tmp
C:\pos752.tmp
C:\pos753.tmp
C:\pos754.tmp
C:\pos755.tmp
C:\pos756.tmp
C:\pos757.tmp
C:\pos758.tmp
C:\pos759.tmp
C:\pos75A.tmp
C:\pos75B.tmp
C:\pos75C.tmp
C:\pos75D.tmp
C:\pos75E.tmp
C:\pos75F.tmp
C:\pos76.tmp
C:\pos760.tmp
C:\pos761.tmp
C:\pos762.tmp
C:\pos763.tmp
C:\pos764.tmp
C:\pos765.tmp
C:\pos766.tmp
C:\pos767.tmp
C:\pos768.tmp
C:\pos769.tmp
C:\pos76A.tmp
C:\pos76B.tmp
C:\pos76C.tmp
C:\pos76D.tmp
C:\pos76E.tmp
C:\pos76F.tmp
C:\pos77.tmp
C:\pos770.tmp
C:\pos771.tmp
C:\pos772.tmp
C:\pos773.tmp
C:\pos774.tmp
C:\pos775.tmp
C:\pos776.tmp
C:\pos777.tmp
C:\pos778.tmp
C:\pos779.tmp
C:\pos77A.tmp
C:\pos77B.tmp
C:\pos77C.tmp
C:\pos77D.tmp
C:\pos77E.tmp
C:\pos77F.tmp
C:\pos78.tmp
C:\pos780.tmp
C:\pos781.tmp
C:\pos782.tmp
C:\pos783.tmp
C:\pos784.tmp
C:\pos785.tmp
C:\pos786.tmp
C:\pos787.tmp
C:\pos788.tmp
C:\pos789.tmp
C:\pos78A.tmp
C:\pos78B.tmp
C:\pos78C.tmp
C:\pos78D.tmp
C:\pos78E.tmp
C:\pos78F.tmp
C:\pos79.tmp
C:\pos790.tmp
C:\pos791.tmp
C:\pos792.tmp
C:\pos793.tmp
C:\pos794.tmp
C:\pos795.tmp
C:\pos796.tmp
C:\pos797.tmp
C:\pos798.tmp
C:\pos799.tmp
C:\pos79A.tmp
C:\pos79B.tmp
C:\pos79C.tmp
C:\pos79D.tmp
C:\pos79E.tmp
C:\pos79F.tmp
C:\pos7A.tmp
C:\pos7A0.tmp
C:\pos7A1.tmp
C:\pos7A2.tmp
C:\pos7A3.tmp
C:\pos7A4.tmp
C:\pos7A5.tmp
C:\pos7A6.tmp
C:\pos7A7.tmp
C:\pos7A8.tmp
C:\pos7A9.tmp
C:\pos7AA.tmp
C:\pos7AB.tmp
C:\pos7AC.tmp
C:\pos7AD.tmp
C:\pos7AE.tmp
C:\pos7AF.tmp
C:\pos7B.tmp
C:\pos7B0.tmp
C:\pos7B1.tmp
C:\pos7B2.tmp
C:\pos7B3.tmp
C:\pos7B4.tmp
C:\pos7B5.tmp
C:\pos7B6.tmp
C:\pos7B7.tmp
C:\pos7B8.tmp
C:\pos7B9.tmp
C:\pos7BA.tmp
C:\pos7BB.tmp
C:\pos7BC.tmp
C:\pos7BD.tmp
C:\pos7BE.tmp
C:\pos7BF.tmp
C:\pos7C.tmp
C:\pos7C0.tmp
C:\pos7C1.tmp
C:\pos7C2.tmp
C:\pos7C3.tmp
C:\pos7C4.tmp
C:\pos7C5.tmp
C:\pos7C6.tmp
C:\pos7C7.tmp
C:\pos7C8.tmp
C:\pos7C9.tmp
C:\pos7CA.tmp
C:\pos7CB.tmp
C:\pos7CC.tmp
C:\pos7CD.tmp
C:\pos7CE.tmp
C:\pos7CF.tmp
C:\pos7D.tmp
C:\pos7D0.tmp
C:\pos7D1.tmp
C:\pos7D2.tmp
C:\pos7D3.tmp
C:\pos7D4.tmp
C:\pos7D5.tmp
C:\pos7D6.tmp
C:\pos7D7.tmp
C:\pos7D8.tmp
C:\pos7D9.tmp
C:\pos7DA.tmp
C:\pos7DB.tmp
C:\pos7DC.tmp
C:\pos7DD.tmp
C:\pos7DE.tmp
C:\pos7DF.tmp
C:\pos7E.tmp
C:\pos7E0.tmp
C:\pos7E1.tmp
C:\pos7E2.tmp
C:\pos7E3.tmp
C:\pos7E4.tmp
C:\pos7F.tmp
C:\pos80.tmp
C:\pos81.tmp
C:\pos82.tmp
C:\pos83.tmp
C:\pos84.tmp
C:\pos85.tmp
C:\pos86.tmp
C:\pos87.tmp
C:\pos88.tmp
C:\pos89.tmp
C:\pos8A.tmp
C:\pos8B.tmp
C:\pos8C.tmp
C:\pos8D.tmp
C:\pos8E.tmp
C:\pos8F.tmp
C:\pos90.tmp
C:\pos91.tmp
C:\pos92.tmp
C:\pos93.tmp
C:\pos94.tmp
C:\pos95.tmp
C:\pos96.tmp
C:\pos97.tmp
C:\pos98.tmp
C:\pos99.tmp
C:\pos9A.tmp
C:\pos9B.tmp
C:\pos9C.tmp
C:\pos9D.tmp
C:\pos9E.tmp
C:\pos9F.tmp
C:\posA0.tmp
C:\posA1.tmp
C:\posA2.tmp
C:\posA3.tmp
C:\posA4.tmp
C:\posA5.tmp
C:\posA6.tmp
C:\posA7.tmp
C:\posA8.tmp
C:\posA9.tmp
C:\posAA.tmp
C:\posAB.tmp
C:\posAC.tmp
C:\posAD.tmp
C:\posAE.tmp
C:\posAF.tmp
C:\posB.tmp
C:\posB0.tmp
C:\posB1.tmp
C:\posB2.tmp
C:\posB3.tmp
C:\posB4.tmp
C:\posB5.tmp
C:\posB6.tmp
C:\posB7.tmp
C:\posB8.tmp
C:\posB9.tmp
C:\posBA.tmp
C:\posBB.tmp
C:\posBC.tmp
C:\posBD.tmp
C:\posBE.tmp
C:\posBF.tmp
C:\posC.tmp
C:\posC0.tmp
C:\posC1.tmp
C:\posC2.tmp
C:\posC3.tmp
C:\posC4.tmp
C:\posC5.tmp
C:\posC6.tmp
C:\posC7.tmp
C:\posC8.tmp
C:\posC9.tmp
C:\posCA.tmp
C:\posCB.tmp
C:\posCC.tmp
C:\posCD.tmp
C:\posCE.tmp
C:\posCF.tmp
C:\posD.tmp
C:\posD0.tmp
C:\posD1.tmp
C:\posD2.tmp
C:\posD3.tmp
C:\posD4.tmp
C:\posD5.tmp
C:\posD6.tmp
C:\posD7.tmp
C:\posD8.tmp
Logged

 
sleepypunk1111
Full Member
***

Karma: +0/-0
Offline Offline

Posts: 97


Bookmark and Share

View Profile
« Reply #7 on: January 13, 2008, 05:10:56 PM »

C:\posD9.tmp
C:\posDA.tmp
C:\posDB.tmp
C:\posDC.tmp
C:\posDD.tmp
C:\posDE.tmp
C:\posDF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE1.tmp
C:\posE2.tmp
C:\posE3.tmp
C:\posE4.tmp
C:\posE5.tmp
C:\posE6.tmp
C:\posE7.tmp
C:\posE8.tmp
C:\posE9.tmp
C:\posEA.tmp
C:\posEB.tmp
C:\posEC.tmp
C:\posED.tmp
C:\posEE.tmp
C:\posEF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF1.tmp
C:\posF2.tmp
C:\posF3.tmp
C:\posF4.tmp
C:\posF5.tmp
C:\posF6.tmp
C:\posF7.tmp
C:\posF8.tmp
C:\posF9.tmp
C:\posFA.tmp
C:\posFB.tmp
C:\posFC.tmp
C:\posFD.tmp
C:\posFE.tmp
C:\posFF.tmp
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Helper
C:\Program Files\Helper\ifastseek.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OinFP.exe
C:\Program Files\outerinfo\OinUninstall.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\Outerinfo.dll
C:\Program Files\outerinfo\Outerinfo.exe~
C:\Program Files\outerinfo\OuterinfoUpdate.exe~
C:\Program Files\QuickTime\qttask     .exe
C:\Program Files\spoolsv.exe
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\WINDOWS\Casino.ico
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\mgrs.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\adyveuml.dll
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\dfqpwedl.dll
C:\WINDOWS\system32\dinsuckj.dll
C:\WINDOWS\system32\drvfudr.dll
C:\WINDOWS\system32\drvmexr.dll
C:\WINDOWS\system32\drvtilr.dll
C:\WINDOWS\system32\goufbqfc.dll
C:\WINDOWS\system32\grctvpvn.dll
C:\WINDOWS\system32\hqijiznr.dll
C:\WINDOWS\system32\hqijiznr.dllbox
C:\WINDOWS\system32\jkcusnid.ini
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkhfd.exe
C:\WINDOWS\system32\lmuevyda.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljijjk.dll
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\qsyhuxvl.exe
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\ssqqrop.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\winpcn32.dll
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\xycdd.ini2
C:\WINDOWS\TEMP\win84 .exe
D:\Autorun.inf

Code:
<pre>
C:\WINDOWS\ehome\ehtray .exe ---> QooBox
C:\WINDOWS\system32\ctfmon .exe ---> ctfmon.exe
C:\WINDOWS\system32\ctfmona .exe ---> ctfmona.exe
C:\WINDOWS\system32\printer .exe ---> printer.exe
C:\WINDOWS\system32\spoolvs .exe ---> spoolvs.exe
</pre>
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


(((((((((((((((((((((((((   Files Created from 2007-12-13 to 2008-01-13  )))))))))))))))))))))))))))))))
.

2008-01-13 00:06 . 2008-01-13 00:06   29,764   --a------   C:\WINDOWS\system32\ctfmona.exe
2008-01-10 22:44 . 2008-01-10 22:44   103,424   --a------   C:\WINDOWS\system32\drvmex.dll
2008-01-10 22:22 . 2008-01-10 22:22   <DIR>   d--------   C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2008-01-10 22:22 . 2008-01-10 22:22   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-10 22:22 . 2007-05-30 06:10   10,872   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-09 21:52 . 2008-01-09 21:52   104,448   --a------   C:\WINDOWS\system32\drvfud.dll
2008-01-09 20:09 . 2008-01-09 20:09   <DIR>   d--------   C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com
2008-01-09 20:08 . 2008-01-09 20:09   <DIR>   d--------   C:\Program Files\EasySpywareCleaner
2008-01-09 20:06 . 2008-01-09 20:06   9,728   --a------   C:\WINDOWS\system32\spoolvs.exe
2008-01-09 20:06 . 2008-01-09 20:06   9,728   --a------   C:\WINDOWS\system32\printer.exe
2008-01-09 19:58 . 2008-01-09 19:54   102,664   --a------   C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-09 19:53 . 2008-01-09 19:58   <DIR>   d--------   C:\Documents and Settings\HP_Administrator\.housecall6.6
2008-01-09 19:47 . 2008-01-09 19:47   1,283,174   --a------   C:\Install
2008-01-09 19:47 . 2008-01-09 19:47   104,448   --a------   C:\WINDOWS\system32\drvtil.dll
2008-01-09 19:47 . 2008-01-09 19:47   81,656   --a------   C:\tshl.exe
2008-01-09 19:42 . 2008-01-09 20:58   <DIR>   d--------   C:\Program Files\PFConfig
2007-12-31 17:28 . 2007-12-31 17:31   1,661,384,704   --a------   C:\DVD_VIDEO_RECORDER.ISO
2007-12-31 17:14 . 2007-12-31 17:19   <DIR>   d--------   C:\DVD_VIDEO_RECORDER
2007-12-19 20:05 . 2007-12-31 17:27   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-19 20:04 . 2007-12-19 20:04   <DIR>   d--------   C:\Program Files\DVD Shrink
2007-12-14 07:42 . 2007-12-14 16:11   <DIR>   d--------   C:\Program Files\iPod Access for Windows
2007-12-14 07:42 . 2007-12-14 07:42   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Findley Designs

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 07:20   ---------   d-----w   C:\Program Files\QuickTime
2008-01-11 22:34   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2008-01-11 04:24   ---------   d-----w   C:\Program Files\AIM6
2008-01-11 04:23   ---------   d-----w   C:\Program Files\iTunes
2008-01-11 04:16   ---------   d-----w   C:\Program Files\ewido anti-malware
2008-01-10 03:52   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-10 02:48   ---------   d-----w   C:\Program Files\utorrent
2008-01-10 01:21   ---------   d-----w   C:\Program Files\Viewpoint
2008-01-10 01:20   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-10 01:19   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-02 03:15   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\dvdcss
2007-12-31 23:31   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\Vso
2007-12-06 14:44   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\CopyToDvd
2007-11-21 05:08   ---------   d-----w   C:\Program Files\MySpace
2007-11-20 03:45   ---------   d-----w   C:\Program Files\iPod
2007-11-20 03:38   ---------   d-----w   C:\Program Files\Apple Software Update
2007-11-15 09:12   ---------   d-----w   C:\Program Files\Pure Networks
2007-11-13 10:25   20,480   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-25 16:04   81   ----a-w   C:\CTX.DAT
2007-08-12 20:35   47,360   ----a-w   C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
.
Code:
<pre>
----a-w           253,952 2008-01-11 04:04:34  C:\hp\drivers\hplsbwatcher\lsburnwatcher .exe
----a-w           313,472 2008-01-11 04:05:09  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w            50,528 2008-01-11 04:05:13  C:\Program Files\AIM6\aim6 .exe
----a-w           180,269 2008-01-11 04:04:34  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w         1,836,544 2008-01-11 04:04:43  C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
----a-w            68,856 2008-01-11 04:05:14  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w           267,048 2008-01-11 04:04:52  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2008-01-11 04:05:07  C:\Program Files\Messenger\msmsgs .exe
----a-w         5,562,368 2008-01-10 02:06:26  C:\Program Files\MySpace\IM\MySpaceIM .exe
----a-w         1,460,560 2008-01-11 04:05:38  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w         1,544,192 2008-01-11 04:04:35  C:\Program Files\Support.com\bin\tgcmd .exe
----a-w         4,670,704 2008-01-11 04:05:29  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
</pre>


(((((((((((((((((((((((((((((   snapshot@2007-10-29_19.24.33.58   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-06 09:52:38   72,960   ----a-w   C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys
+ 2007-07-06 13:08:11   138,240   ----a-w   C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqad.dll
+ 2007-07-06 13:08:11   47,104   ----a-w   C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqdscli.dll
+ 2007-07-06 13:08:11   16,896   ----a-w   C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqise.dll
+ 2007-07-06 13:08:11   660,992   ----a-w   C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqqm.dll
+ 2007-07-06 13:08:11   177,152   ----a-w   C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqrt.dll
+ 2007-07-06 13:08:11   95,744   ----a-w   C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqsec.dll
+ 2007-07-06 13:08:11   48,640   ----a-w   C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll
+ 2007-07-06 13:08:11   471,552   ----a-w   C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqutil.dll
+ 2005-10-12 23:12:25   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB937894\spmsg.dll
+ 2005-10-12 23:12:26   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB937894\spuninst.exe
+ 2005-10-12 23:12:25   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB937894\update\spcustom.dll
+ 2005-10-12 23:12:29   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
+ 2005-10-12 23:12:34   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB937894\update\updspapi.dll
+ 2007-10-30 16:53:32   360,832   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-10-10 23:47:27   124,928   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll
+ 2007-10-10 23:47:27   214,528   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll
+ 2007-10-10 23:47:27   132,608   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll
+ 2007-10-10 23:47:27   63,488   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll
+ 2007-10-10 08:16:47   70,656   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe
+ 2007-10-10 23:47:27   153,088   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll
+ 2007-10-10 23:47:27   230,400   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll
+ 2007-10-10 05:47:20   161,792   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12   2,455,488   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat
+ 2007-10-10 23:47:27   383,488   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll
+ 2007-10-10 23:47:27   388,096   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll
+ 2007-10-10 23:47:27   6,067,200   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll
+ 2007-10-10 23:47:27   44,544   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll
+ 2007-10-10 23:47:27   267,776   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll
+ 2007-10-10 08:16:47   13,824   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe
+ 2007-10-10 08:16:56   625,664   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
+ 2007-10-10 23:47:28   27,648   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll
+ 2007-10-10 23:47:28   459,264   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll
+ 2007-10-10 23:47:28   52,224   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll
+ 2007-10-30 23:48:49   3,593,216   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
+ 2007-10-10 23:47:28   478,208   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll
+ 2007-10-10 23:47:28   193,024   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll
+ 2007-10-10 23:47:28   671,232   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll
+ 2007-10-10 23:47:28   102,912   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll
+ 2007-10-10 23:47:28   105,984   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\url.dll
+ 2007-10-10 23:47:29   1,162,240   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll
+ 2007-10-10 23:47:29   233,472   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll
+ 2007-10-10 23:47:29   825,344   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB942615-IE7\update\updspapi.dll
+ 2007-11-13 11:02:46   60,416   ----a-w   C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-07 09:50:47   727,040   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-11-13 08:47:45   20,480   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36   14,048   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41   213,216   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59   716,000   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51   371,424   ----a-w   C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2004-08-10 19:00:00   72,960   -c----w   C:\WINDOWS\$NtUninstallKB937894$\mqac.sys
+ 2004-08-10 19:00:00   138,240   -c----w   C:\WINDOWS\$NtUninstallKB937894$\mqad.dll
+ 2004-08-10 19:00:00   47,104   -c----w   C:\WINDOWS\$NtUninstallKB937894$\mqdscli.dll
+ 2004-08-10 19:00:00   16,896   -c----w   C:\WINDOWS\$NtUninstallKB937894$\mqise.dll
Logged

 
sleepypunk1111
Full Member
***

Karma: +0/-0
Offline Offline

Posts: 97


Bookmark and Share

View Profile
« Reply #8 on: January 13, 2008, 05:12:47 PM »

+ 2004-08-10 19:00:00   660,992   -c----w   C:\WINDOWS\$NtUninstallKB937894$\mqqm.dll
+ 2004-08-10 19:00:00   177,152   -c----w   C:\WINDOWS\$NtUninstallKB937894$\mqrt.dll
+ 2004-08-10 19:00:00   95,744   -c----w   C:\WINDOWS\$NtUninstallKB937894$\mqsec.dll
+ 2004-08-10 19:00:00   48,640   -c----w   C:\WINDOWS\$NtUninstallKB937894$\mqupgrd.dll
+ 2004-08-10 19:00:00   471,552   -c----w   C:\WINDOWS\$NtUninstallKB937894$\mqutil.dll
+ 2005-10-12 23:12:26   213,216   -c----w   C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34   371,424   -c----w   C:\WINDOWS\$NtUninstallKB937894$\spuninst\updspapi.dll
+ 2005-08-30 04:13:42   1,287,680   -c----w   C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:22:41   213,216   -c----w   C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51   371,424   -c----w   C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
+ 2007-10-27 22:39:36   213,216   -c----w   C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2007-10-27 22:39:46   371,424   -c----w   C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2005-01-29 03:44:28   224,768   -c----w   C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
+ 2007-03-06 01:22:41   213,216   -c----w   C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51   371,424   -c----w   C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
+ 2007-07-18 12:42:22   60,416   -c----w   C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
+ 2006-12-19 21:52:18   8,453,632   -c----w   C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2007-03-06 01:22:39   213,216   -c----w   C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47   371,424   -c----w   C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2007-06-19 07:24:36   350,720   -c----w   C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll
+ 2004-08-10 19:00:00   27,440   -c----w   C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
+ 2007-03-06 01:22:41   213,216   -c----w   C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51   371,424   -c----w   C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
+ 2006-07-11 15:41:36   345,656   ----a-w   C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll
- 2007-06-28 23:28:28   38,428   ----a-w   C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
+ 2008-01-10 01:20:37   38,428   ----a-w   C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
+ 2000-08-31 14:00:00   163,328   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-13 06:16:52   237,568   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 06:16:52   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-13 06:16:52   4,780,032   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-13 06:16:52   204,800   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 06:16:52   237,568   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-13 06:16:52   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2000-08-31 14:00:00   163,328   ----a-w   C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-08-20 10:04:34   124,928   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-20 10:04:34   214,528   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-20 10:04:34   132,608   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-20 10:04:34   63,488   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-17 10:20:54   63,488   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-20 10:04:34   153,088   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-20 10:04:35   230,400   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-17 07:34:25   161,792   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-08-20 10:04:35   383,488   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-20 10:04:35   384,512   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-20 10:04:37   6,058,496   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-20 10:04:38   44,544   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-20 10:04:38   267,776   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-17 10:20:54   13,824   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-17 10:21:21   625,152   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-20 10:04:39   27,648   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-20 10:04:39   459,264   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-20 10:04:39   52,224   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-20 10:04:41   3,584,512   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-20 10:04:41   477,696   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-20 10:04:41   193,024   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-20 10:04:42   671,232   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-20 10:04:42   102,400   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 01:22:41   213,216   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51   371,424   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-20 10:04:42   105,984   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-20 10:04:42   1,152,000   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-20 10:04:42   232,960   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-20 10:04:43   824,832   -c----w   C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
+ 2007-11-20 03:46:52   102,400   ----a-r   C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe
+ 2007-12-12 09:10:18   593,920   ----a-r   C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-12-12 09:10:18   12,288   ----a-r   C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-12-12 09:10:18   135,168   ----a-r   C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-12 09:10:18   11,264   ----a-r   C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-12-12 09:10:18   27,136   ----a-r   C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-12-12 09:10:18   4,096   ----a-r   C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-12-12 09:10:18   794,624   ----a-r   C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-12 09:10:18   249,856   ----a-r   C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-12-12 09:10:18   61,440   ----a-r   C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-12-12 09:10:18   23,040   ----a-r   C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-12-12 09:10:18   286,720   ----a-r   C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-12-12 09:10:18   409,600   ----a-r   C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-10-11 08:01:33   12,288   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-12-12 09:10:32   12,288   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-10-11 08:01:33   135,168   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-12 09:10:32   135,168   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-10-11 08:01:33   11,264   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-12-12 09:10:32   11,264   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-11 08:01:33   27,136   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-12-12 09:10:32   27,136   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-10-11 08:01:33   4,096   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-12-12 09:10:32   4,096   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-10-11 08:01:33   794,624   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-12 09:10:32   794,624   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-10-11 08:01:33   249,856   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-12-12 09:10:32   249,856   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-11 08:01:33   23,040   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-12-12 09:10:32   23,040   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-10-11 08:01:33   286,720   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-12-12 09:10:32   286,720   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-10-11 08:01:33   409,600   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-12 09:10:32   409,600   ----a-r   C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-11-20 03:39:02   27,136   ----a-r   C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
- 2007-06-17 05:11:58   51,200   ----a-w   C:\WINDOWS\NirCmd.exe
+ 2000-08-31 14:00:00   51,200   ----a-w   C:\WINDOWS\NirCmd.exe
- 2007-08-20 10:04:34   124,928   ----a-w   C:\WINDOWS\system32\advpack.dll
+ 2007-10-10 23:55:51   124,928   ----a-w   C:\WINDOWS\system32\advpack.dll
- 2007-08-20 10:04:34   124,928   ----a-w   C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-10-10 23:55:51   124,928   ----a-w   C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-20 10:04:34   214,528   ----a-w   C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-10-10 23:55:51   214,528   ----a-w   C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-20 10:04:34   132,608   ----a-w   C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-10 23:55:51   132,608   ----a-w   C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-20 10:04:34   63,488   ------w   C:\WINDOWS\system32\dllcache\icardie.dll
+ 2007-10-10 23:55:51   63,488   ----a-w   C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-08-17 10:20:54   63,488   ----a-w   C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-10-10 10:59:40   70,656   ----a-w   C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-20 10:04:34   153,088   ----a-w   C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-10-10 23:55:51   153,088   ----a-w   C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-20 10:04:35   230,400   ----a-w   C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-10-10 23:55:51   230,400   ----a-w   C:\WINDOWS\system32\dllcache\ieaksie.dll
Logged

 
sleepypunk1111
Full Member
***

Karma: +0/-0
Offline Offline

Posts: 97


Bookmark and Share

View Profile
« Reply #9 on: January 13, 2008, 05:13:03 PM »

- 2007-08-17 07:34:25   161,792   ----a-w   C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-10-10 05:46:55   161,792   ----a-w   C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-20 10:04:35   383,488   ------w   C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2007-10-10 23:55:52   383,488   ----a-w   C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-08-20 10:04:35   384,512   ----a-w   C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-10-10 23:55:52   384,512   ----a-w   C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-20 10:04:37   6,058,496   ------w   C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2007-10-10 23:55:54   6,065,664   ----a-w   C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-08-20 10:04:38   44,544   ----a-w   C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-10-10 23:55:55   44,544   ----a-w   C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-20 10:04:38   267,776   ------w   C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2007-10-10 23:55:55   267,776   ----a-w   C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-08-17 10:20:54   13,824   ------w   C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2007-10-10 10:59:40   13,824   ----a-w   C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-08-17 10:21:21   625,152   ----a-w   C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-10-10 10:59:52   625,152   ----a-w   C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-20 10:04:39   27,648   ----a-w   C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-10-10 23:55:56   27,648   ----a-w   C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-08-17 12:28:27   721,920   ----a-w   C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56   721,920   ----a-w   C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2004-08-10 19:00:00   72,960   ----a-w   C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 10:05:47   72,960   ----a-w   C:\WINDOWS\system32\dllcache\mqac.sys
- 2004-08-10 19:00:00   138,240   ----a-w   C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59   138,240   ----a-w   C:\WINDOWS\system32\dllcache\mqad.dll
- 2004-08-10 19:00:00   47,104   ----a-w   C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59   47,104   ----a-w   C:\WINDOWS\system32\dllcache\mqdscli.dll
- 2004-08-10 19:00:00   16,896   ----a-w   C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59   16,896   ----a-w   C:\WINDOWS\system32\dllcache\mqise.dll
- 2004-08-10 19:00:00   660,992   ----a-w   C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59   660,992   ----a-w   C:\WINDOWS\system32\dllcache\mqqm.dll
- 2004-08-10 19:00:00   177,152   ----a-w   C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59   177,152   ----a-w   C:\WINDOWS\system32\dllcache\mqrt.dll
- 2004-08-10 19:00:00   95,744   ----a-w   C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59   95,744   ----a-w   C:\WINDOWS\system32\dllcache\mqsec.dll
- 2004-08-10 19:00:00   48,640   ----a-w   C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59   48,640   ----a-w   C:\WINDOWS\system32\dllcache\mqupgrd.dll
- 2004-08-10 19:00:00   471,552   ----a-w   C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-07-06 12:46:59   471,552   ----a-w   C:\WINDOWS\system32\dllcache\mqutil.dll
- 2007-08-20 10:04:39   459,264   ------w   C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2007-10-10 23:55:56   459,264   ----a-w   C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-08-20 10:04:39   52,224   ------w   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2007-10-10 23:55:56   52,224   ----a-w   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-08-20 10:04:41   3,584,512   ----a-w   C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-10-30 23:42:28   3,590,656   ----a-w   C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-20 10:04:41   477,696   ----a-w   C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-10-10 23:55:58   478,208   ----a-w   C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-20 10:04:41   193,024   ----a-w   C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-10-10 23:55:58   193,024   ----a-w   C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-20 10:04:42   671,232   ----a-w   C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-10 23:55:59   671,232   ----a-w   C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-20 10:04:42   102,400   ----a-w   C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-10-10 23:55:59   102,400   ----a-w   C:\WINDOWS\system32\dllcache\occache.dll
- 2005-08-30 04:13:42   1,287,680   ----a-w   C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-10-29 22:35:13   1,287,680   ----a-w   C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-12-19 21:52:18   8,453,632   ----a-w   C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:34:01   8,460,288   ----a-w   C:\WINDOWS\system32\dllcache\shell32.dll
- 2006-04-20 11:51:50   359,808   ----a-w   C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55   360,064   ----a-w   C:\WINDOWS\system32\dllcache\tcpip.sys
- 2007-08-20 10:04:42   105,984   ----a-w   C:\WINDOWS\system32\dllcache\url.dll
+ 2007-10-10 23:55:59   105,984   ----a-w   C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-20 10:04:42   1,152,000   ----a-w   C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-10-10 23:56:00   1,159,680   ----a-w   C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-20 10:04:42   232,960   ----a-w   C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-10-10 23:56:00   232,960   ----a-w   C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-20 10:04:43   824,832   ----a-w   C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-10 23:56:00   824,832   ----a-w   C:\WINDOWS\system32\dllcache\wininet.dll
- 2005-01-29 03:44:28   224,768   ----a-w   C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 23:40:06   227,328   ----a-w   C:\WINDOWS\system32\dllcache\wmasf.dll
- 2004-08-10 19:00:00   72,960   ----a-w   C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47   72,960   ----a-w   C:\WINDOWS\system32\drivers\mqac.sys
- 2006-04-20 11:51:50   359,808   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55   360,064   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-31 20:09:14   30,464   ----a-w   C:\WINDOWS\system32\drivers\usbaapl.sys
+ 2007-10-31 20:09:14   30,464   -c--a-w   C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
- 2007-08-20 10:04:34   214,528   ----a-w   C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-10 23:55:51   214,528   ----a-w   C:\WINDOWS\system32\dxtrans.dll
+ 2006-01-17 19:50:29   61,952   ----a-w   C:\WINDOWS\system32\execryptorvb.dll
- 2007-08-20 10:04:34   132,608   ----a-w   C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:55:51   132,608   ----a-w   C:\WINDOWS\system32\extmgr.dll
- 2007-05-20 02:09:01   253,472   ----a-w   C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-11-15 09:13:01   302,824   ----a-w   C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-08-20 10:04:34   63,488   ----a-w   C:\WINDOWS\system32\icardie.dll
+ 2007-10-10 23:55:51   63,488   ----a-w   C:\WINDOWS\system32\icardie.dll
- 2007-08-17 10:20:54   63,488   ----a-w   C:\WINDOWS\system32\ie4uinit.exe
+ 2007-10-10 10:59:40   70,656   ----a-w   C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-20 10:04:34   153,088   ----a-w   C:\WINDOWS\system32\ieakeng.dll
+ 2007-10-10 23:55:51   153,088   ----a-w   C:\WINDOWS\system32\ieakeng.dll
- 2007-08-20 10:04:35   230,400   ----a-w   C:\WINDOWS\system32\ieaksie.dll
+ 2007-10-10 23:55:51   230,400   ----a-w   C:\WINDOWS\system32\ieaksie.dll
- 2007-08-17 07:34:25   161,792   ----a-w   C:\WINDOWS\system32\ieakui.dll
+ 2007-10-10 05:46:55   161,792   ----a-w   C:\WINDOWS\system32\ieakui.dll
- 2007-08-20 10:04:35   383,488   ----a-w   C:\WINDOWS\system32\ieapfltr.dll
+ 2007-10-10 23:55:52   383,488   ----a-w   C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-20 10:04:35   384,512   ----a-w   C:\WINDOWS\system32\iedkcs32.dll
+ 2007-10-10 23:55:52   384,512   ----a-w   C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-20 10:04:37   6,058,496   ----a-w   C:\WINDOWS\system32\ieframe.dll
+ 2007-10-10 23:55:54   6,065,664   ----a-w   C:\WINDOWS\system32\ieframe.dll
- 2007-08-20 10:04:38   44,544   ----a-w   C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:55:55   44,544   ----a-w   C:\WINDOWS\system32\iernonce.dll
- 2007-08-20 10:04:38   267,776   ----a-w   C:\WINDOWS\system32\iertutil.dll
+ 2007-10-10 23:55:55   267,776   ----a-w   C:\WINDOWS\system32\iertutil.dll
- 2007-08-17 10:20:54   13,824   ----a-w   C:\WINDOWS\system32\ieudinit.exe
+ 2007-10-10 10:59:40   13,824   ----a-w   C:\WINDOWS\system32\ieudinit.exe
- 2007-08-20 10:04:39   27,648   ----a-w   C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-10 23:55:56   27,648   ----a-w   C:\WINDOWS\system32\jsproxy.dll
- 2006-08-17 12:28:27   721,920   ----a-w   C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56   721,920   ----a-w   C:\WINDOWS\system32\lsasrv.dll
- 2004-08-10 19:00:00   138,240   ----a-w   C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59   138,240   ----a-w   C:\WINDOWS\system32\mqad.dll
- 2004-08-10 19:00:00   47,104   ----a-w   C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59   47,104   ----a-w   C:\WINDOWS\system32\mqdscli.dll
- 2004-08-10 19:00:00   16,896   ----a-w   C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59   16,896   ----a-w   C:\WINDOWS\system32\mqise.dll
- 2004-08-10 19:00:00   660,992   ----a-w   C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59   660,992   ----a-w   C:\WINDOWS\system32\mqqm.dll
- 2004-08-10 19:00:00   177,152   ----a-w   C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59   177,152   ----a-w   C:\WINDOWS\system32\mqrt.dll
- 2004-08-10 19:00:00   95,744   ----a-w   C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59   95,744   ----a-w   C:\WINDOWS\system32\mqsec.dll
- 2004-08-10 19:00:00   48,640   ----a-w   C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59   48,640   ----a-w   C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-10 19:00:00   471,552   ----a-w   C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59   471,552   ----a-w   C:\WINDOWS\system32\mqutil.dll
- 2007-09-28 05:19:39   18,089,592   ----a-w   C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36   17,642,616   ----a-w   C:\WINDOWS\system32\MRT.exe
- 2007-08-20 10:04:39   459,264   ----a-w   C:\WINDOWS\system32\msfeeds.dll
+ 2007-10-10 23:55:56   459,264   ----a-w   C:\WINDOWS\system32\msfeeds.dll
- 2007-08-20 10:04:39   52,224   ----a-w   C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-10-10 23:55:56   52,224   ----a-w   C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-20 10:04:41   3,584,512   ----a-w   C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 23:42:28   3,590,656   ----a-w   C:\WINDOWS\system32\mshtml.dll
- 2007-08-20 10:04:41   477,696   ----a-w   C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-10 23:55:58   478,208   ----a-w   C:\WINDOWS\system32\mshtmled.dll
- 2007-08-20 10:04:41   193,024   ----a-w   C:\WINDOWS\system32\msrating.dll
+ 2007-10-10 23:55:58   193,024   ----a-w   C:\WINDOWS\system32\msrating.dll
- 2007-08-20 10:04:42   671,232   ----a-w   C:\WINDOWS\system32\mstime.dll
+ 2007-10-10 23:55:59   671,232   ----a-w   C:\WINDOWS\system32\mstime.dll
- 2004-08-10 19:00:00   1,392,671   ----a-w   C:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-24 04:42:40   1,386,496   ----a-w   C:\WINDOWS\system32\msvbvm60.dll
- 2007-08-20 10:04:42   102,400   ----a-w   C:\WINDOWS\system32\occache.dll
+ 2007-10-10 23:55:59   102,400   ----a-w   C:\WINDOWS\system32\occache.dll
- 2007-03-12 00:59:26   53,640   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2007-12-20 22:18:28   53,640   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2007-03-12 00:59:26   382,022   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2007-12-20 22:18:28   382,022   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2001-08-18 04:36:30   5,632   ----a-w   C:\WINDOWS\system32\ptpusb.dll
+ 2004-08-04 06:56:46   159,232   ----a-w   C:\WINDOWS\system32\ptpusd.dll
- 2005-08-30 04:13:42   1,287,680   ----a-w   C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:35:13   1,287,680   ----a-w   C:\WINDOWS\system32\quartz.dll
- 2006-12-19 21:52:18   8,453,632   ----a-w   C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:34:01   8,460,288   ----a-w   C:\WINDOWS\system32\shell32.dll
- 2007-07-22 23:39:27   279,552   ----a-w   C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 14:00:00   156,160   ----a-w   C:\WINDOWS\system32\swreg.exe
- 2007-07-18 12:42:22   60,416   ------w   C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11   60,416   ----a-w   C:\WINDOWS\system32\tzchange.exe
- 2007-08-20 10:04:42   105,984   ----a-w   C:\WINDOWS\system32\url.dll
+ 2007-10-10 23:55:59   105,984   ----a-w   C:\WINDOWS\system32\url.dll
- 2007-08-20 10:04:42   1,152,000   ----a-w   C:\WINDOWS\system32\urlmon.dll
+ 2007-10-10 23:56:00   1,159,680   ----a-w   C:\WINDOWS\system32\urlmon.dll
+ 2003-01-26 23:48:58   147,456   ----a-w   C:\WINDOWS\system32\vbzip11.dll
- 2007-08-20 10:04:42   232,960   ----a-w   C:\WINDOWS\system32\webcheck.dll
+ 2007-10-10 23:56:00   232,960   ----a-w   C:\WINDOWS\system32\webcheck.dll
- 2007-08-20 10:04:43   824,832   ----a-w   C:\WINDOWS\system32\wininet.dll
+ 2007-10-10 23:56:00   824,832   ----a-w   C:\WINDOWS\system32\wininet.dll
- 2005-01-29 03:44:28   224,768   ----a-w   C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 23:40:06   227,328   ----a-w   C:\WINDOWS\system32\wmasf.dll
- 2007-06-19 07:24:36   350,720   ----a-w   C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 10:04:03   350,720   ----a-w   C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFC2F35C-CD72-4378-B983-0A90B6AE7622}]
         C:\WINDOWS\system32\ddcyx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
Logged

 
sleepypunk1111
Full Member
***

Karma: +0/-0
Offline Offline

Posts: 97


Bookmark and Share

View Profile
« Reply #10 on: January 13, 2008, 05:13:49 PM »

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 03:56 544768 C:\WINDOWS\sm56hlpr.exe]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask     .exe" [ ]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [2008-01-13 00:06 29764]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"tgcmdprovidersbc"="C:\Program Files\Support.com\bin\tgcmd.exe" [ ]
"SpyRid"="C:\Program Files\Spy-Rid\Spy-Rid.exe" [2007-12-25 10:32 312590]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 07:23:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvsrr]
xxyvsrr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, , , xlibgfl254.dll

S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 PCD5SRVC;PCD5SRVC - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-08 23:31:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 01:27:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13  1:33:03 - machine was rebooted
ComboFix-quarantined-files.txt  2008-01-13 07:32:59
ComboFix2.txt  2007-10-30 00:25:42
.
2008-01-09 09:05:13   --- E O F --- 


sorry for the mess,
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #11 on: January 13, 2008, 10:14:52 PM »

Well your computer needs a lot of cleaning.Quit a bit of malware has already been fixed already.Now to do more.




Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Code:

KillAll::

RenV::
----a-w           253,952 2008-01-11 04:04:34  C:\hp\drivers\hplsbwatcher\lsburnwatcher .exe
----a-w           313,472 2008-01-11 04:05:09  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w            50,528 2008-01-11 04:05:13  C:\Program Files\AIM6\aim6 .exe
----a-w           180,269 2008-01-11 04:04:34  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w         1,836,544 2008-01-11 04:04:43  C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
----a-w            68,856 2008-01-11 04:05:14  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w           267,048 2008-01-11 04:04:52  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2008-01-11 04:05:07  C:\Program Files\Messenger\msmsgs .exe
----a-w         5,562,368 2008-01-10 02:06:26  C:\Program Files\MySpace\IM\MySpaceIM .exe
----a-w         1,460,560 2008-01-11 04:05:38  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w         1,544,192 2008-01-11 04:04:35  C:\Program Files\Support.com\bin\tgcmd .exe
----a-w         4,670,704 2008-01-11 04:05:29  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe

File::
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\printer.exe
 C:\Install
C:\WINDOWS\system32\drvtil.dll
C:\tshl.exe

Folder::
C:\Program Files\Spy-Rid

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFC2F35C-CD72-4378-B983-0A90B6AE7622}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvsrr]

 

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply  please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Logged

An Australian Member of

EDDY
sleepypunk1111
Full Member
***

Karma: +0/-0
Offline Offline

Posts: 97


Bookmark and Share

View Profile
« Reply #12 on: January 14, 2008, 01:05:03 AM »

combo fix log file
ComboFix 08-01-14.1 - HP_Administrator 2008-01-13 18:41:15.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.247 [GMT -6:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\cfscript.txt
 * Created a new restore point

FILE
C:\Install
C:\tshl.exe
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\drvtil.dll
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\spoolvs.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install
C:\Program Files\Spy-Rid
C:\tshl.exe
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\drvtil.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\spoolvs.exe

.
(((((((((((((((((((((((((   Files Created from 2007-12-14 to 2008-01-14  )))))))))))))))))))))))))))))))
.

2008-01-13 11:00 . 2008-01-13 11:00   <DIR>   d--------   C:\Program Files\InfeStop
2008-01-13 11:00 . 2008-01-13 11:00   <DIR>   d--------   C:\Documents and Settings\HP_Administrator\Application Data\InfeStop.com
2008-01-13 01:28 . 2008-01-13 01:28   <DIR>   d--------   C:\Documents and Settings\HP_Administrator\Application Data\spy-rid.com
2008-01-10 22:44 . 2008-01-10 22:44   103,424   --a------   C:\WINDOWS\system32\drvmex.dll
2008-01-10 22:22 . 2008-01-10 22:22   <DIR>   d--------   C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2008-01-10 22:22 . 2008-01-10 22:22   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-10 22:22 . 2007-05-30 06:10   10,872   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-09 21:52 . 2008-01-09 21:52   104,448   --a------   C:\WINDOWS\system32\drvfud.dll
2008-01-09 20:09 . 2008-01-09 20:09   <DIR>   d--------   C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com
2008-01-09 20:08 . 2008-01-09 20:09   <DIR>   d--------   C:\Program Files\EasySpywareCleaner
2008-01-09 19:58 . 2008-01-09 19:54   102,664   --a------   C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-09 19:53 . 2008-01-09 19:58   <DIR>   d--------   C:\Documents and Settings\HP_Administrator\.housecall6.6
2008-01-09 19:42 . 2008-01-09 20:58   <DIR>   d--------   C:\Program Files\PFConfig
2007-12-31 17:28 . 2007-12-31 17:31   1,661,384,704   --a------   C:\DVD_VIDEO_RECORDER.ISO
2007-12-31 17:14 . 2007-12-31 17:19   <DIR>   d--------   C:\DVD_VIDEO_RECORDER
2007-12-19 20:05 . 2007-12-31 17:27   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-19 20:04 . 2007-12-19 20:04   <DIR>   d--------   C:\Program Files\DVD Shrink
2007-12-14 07:42 . 2007-12-14 16:11   <DIR>   d--------   C:\Program Files\iPod Access for Windows
2007-12-14 07:42 . 2007-12-14 07:42   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Findley Designs

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 00:41   ---------   d-----w   C:\Program Files\iTunes
2008-01-13 07:20   ---------   d-----w   C:\Program Files\QuickTime
2008-01-11 22:34   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2008-01-11 04:16   ---------   d-----w   C:\Program Files\ewido anti-malware
2008-01-10 03:52   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-10 02:48   ---------   d-----w   C:\Program Files\utorrent
2008-01-10 01:21   ---------   d-----w   C:\Program Files\Viewpoint
2008-01-10 01:20   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-10 01:19   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-02 03:15   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\dvdcss
2007-12-31 23:31   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\Vso
2007-12-06 14:44   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\CopyToDvd
2007-11-21 05:08   ---------   d-----w   C:\Program Files\MySpace
2007-11-20 03:45   ---------   d-----w   C:\Program Files\iPod
2007-11-20 03:38   ---------   d-----w   C:\Program Files\Apple Software Update
2007-11-15 09:12   ---------   d-----w   C:\Program Files\Pure Networks
2007-10-25 16:04   81   ----a-w   C:\CTX.DAT
2007-08-12 20:35   47,360   ----a-w   C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
.

(((((((((((((((((((((((((((((   snapshot_2008-01-13_ 1.32.32.72   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 06:16:52   237,568   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 00:40:46   237,568   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 06:16:52   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 00:40:46   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 06:16:52   4,780,032   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-14 00:40:46   237,568   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 06:16:52   204,800   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 00:40:46   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 06:16:52   237,568   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 00:40:46   4,780,032   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 06:16:52   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 00:40:46   204,800   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA16FE06-B462-470E-9653-79C54B1871FF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFC2F35C-CD72-4378-B983-0A90B6AE7622}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-10 22:05 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-10 22:05 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-10 22:05 68856]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-01-10 22:05 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-10 22:05 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 03:56 544768 C:\WINDOWS\sm56hlpr.exe]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask     .exe" [ ]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-10 22:04 180269]
"tgcmdprovidersbc"="C:\Program Files\Support.com\bin\tgcmd.exe" [2008-01-10 22:04 1544192]
"InfeStop"="C:\Program Files\InfeStop\InfeStopRemover.exe" [2007-12-25 10:34 229814]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-01-09 20:06 5562368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 07:23:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ,

S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 PCD5SRVC;PCD5SRVC - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-08 23:31:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 18:48:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 18:55:17 - machine was rebooted
ComboFix-quarantined-files.txt  2008-01-14 00:55:13
ComboFix2.txt  2008-01-13 07:33:04
ComboFix3.txt  2007-10-30 00:25:42
.
2008-01-09 09:05:13   --- E O F --- 
Logged

 
sleepypunk1111
Full Member
***

Karma: +0/-0
Offline Offline

Posts: 97


Bookmark and Share

View Profile
« Reply #13 on: January 14, 2008, 01:05:44 AM »

hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 7:05:39 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.844\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask    .exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [20c42d77] rundll32.exe "C:\WINDOWS\system32\adyveuml.dll",b
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win84.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvfud.dll,startup
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA4587] command /c del "C:\WINDOWS\system32\jkhfd.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3428] cmd /c del "C:\WINDOWS\system32\jkhfd.dll_old"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD5756] cmd /c del "C:\WINDOWS\system32\ddcyx.dll_old"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179489774609
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #14 on: January 14, 2008, 02:48:34 AM »


And a few more to delete



Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask    .exe" -atboottime
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [20c42d77] rundll32.exe "C:\WINDOWS\system32\adyveuml.dll",b
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win84.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvfud.dll,startup
O4 - HKLM\..\RunOnce: [SpybotDeletingA4587] command /c del "C:\WINDOWS\system32\jkhfd.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3428] cmd /c del "C:\WINDOWS\system32\jkhfd.dll_old"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD5756] cmd /c del "C:\WINDOWS\system32\ddcyx.dll_old"
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

Reboot.................

=============================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote

KillAll::

File::
C:\WINDOWS\system32\jkhfd.dll_old
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\ddcyx.dll_old
C:\Windows\xpupdate.exe
C:\WINDOWS\TEMP\win84.exe
C:\WINDOWS\system32\adyveuml.dll

Folder::
 C:\Program Files\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA16FE06-B462-470E-9653-79C54B1871FF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFC2F35C-CD72-4378-B983-0A90B6AE7622}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"ctfmona"=-
 

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply  please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Logged

An Australian Member of

EDDY
Pages: [1] 2 3 4 Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page December 26, 2019, 01:39:34 AM