Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected with several viruses. [RESOLVED]


  • This topic is locked This topic is locked

#1
Daniel Q.

Daniel Q.

    Member

  • Member
  • PipPip
  • 14 posts
Hello all,

I would like to first thank you guys for reading the post.

Anyway about a week ago my dumb brother decided to open a suspicious file, a weird application that claimed to contain a serial number for a program, I am guessing this cause the virus, since im overly cautious on anything I open. Don't worry though he is dead .... Jk.

Ok well so I was browsing through some posts, I figured out that I had vundo so I did the whole restart safe mode thing with ATF, and Aslo AVG . When the infections came up I saw that I not only had vundo but other creepers as well. I removed and cleaned everything that came up (cleaned not quarantined). Upon restarting my computer, i realized that I still have critical errors popping up and also a weird site opens scanning my system for viruses.

Here is my Hijackthis log and once again thank you for the assistance.


logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:01 PM, on 1/25/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nplbnipu.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\System32\drvpov.dll,startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [381625df] rundll32.exe "C:\WINDOWS\System32\tlptnqwa.dll",b
O4 - HKLM\..\RunOnce: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus /ro
O4 - HKLM\..\RunOnce: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\nplbnipu.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 3508 bytes
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Hi, Daniel Q. :)

Welcome.

Please run the MGA Diagnostic Tool and post back the report it creates:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

  • 0

#3
Daniel Q.

Daniel Q.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Diagnostic Report (1.7.0066.0):
-----------------------------------------
WGA Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 55277-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.1.0.hom
CSVLK Server: N/A
CSVLK PID: N/A
ID: {C2F27FB7-0017-4961-8137-762BC534F156}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1_16E0B333-147-80004005
Resolution Status: N/A

Notifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-2989-80070002_025D1FF3-171-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control:
Active scripting:
Script ActiveX controls marked as safe for scripting:

Edited by JSntgRvr, 26 January 2008 - 05:48 AM.

  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Hi, Daniel Q. :)

You must go to Windows Updates and Validate your copy of Windows. Failing to do so, no updates will be available to your computer and we will be wasting our time, as without those updates you computer will be open for infection.

Please go to Windows Updates and Validate:

http://www.windowsup...7a&mg_id=20527b

Once done, run the MGADiag.exe once again and post the report with a fresh Hijackthis log.
  • 0

#5
Daniel Q.

Daniel Q.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
allright here we go,

Diagnostic Report (1.7.0066.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 55277-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.1.0.hom
CSVLK Server: N/A
CSVLK PID: N/A
ID: {C2F27FB7-0017-4961-8137-762BC534F156}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.59.1
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A

Notifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-2989-80070002_025D1FF3-171-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control:
Active scripting:
Script ActiveX controls marked as safe for scripting:

File Scan Data-->

Edited by JSntgRvr, 26 January 2008 - 12:18 PM.

  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Hi, Daniel Q. :)

We are now in business. Please accept and install all updates that may be available for you, except for SP2. This last one should be installed only after your computer is cleaned.

Please download VundoFix.exe to your desktop.

Note: In the event you already have Vundofix, this is a new version that I need you to download.
  • Double-click VundoFix.exe to run it.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#7
Daniel Q.

Daniel Q.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
VundoFix V6.7.7

Checking Java version...

Scan started at 6:42:34 PM 1/26/2008

Listing files found while scanning....

C:\WINDOWS\system32\dqhkhdsc.dll
C:\windows\system32\drvpovr.dll
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\System32\iewcrkvu.dll
C:\windows\system32\iewcrkvu.dllbox
C:\WINDOWS\system32\jfoggjlc.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhff.exe
C:\WINDOWS\system32\keidvfqq.dll
C:\WINDOWS\system32\ldecenvx.dll
C:\WINDOWS\system32\nplbnipu.exe
C:\WINDOWS\system32\sfepwkff.exe
C:\WINDOWS\system32\ssqrsro.dll
C:\WINDOWS\system32\winjgf32.dll
C:\WINDOWS\system32\xooupmlq.exe
C:\WINDOWS\system32\xpikronn.dll
C:\WINDOWS\system32\yayxvww.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dqhkhdsc.dll
C:\WINDOWS\system32\dqhkhdsc.dll Has been deleted!

Attempting to delete C:\windows\system32\drvpovr.dll
C:\windows\system32\drvpovr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\ffhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\iewcrkvu.dll
C:\WINDOWS\System32\iewcrkvu.dll Has been deleted!

Attempting to delete C:\windows\system32\iewcrkvu.dllbox
C:\windows\system32\iewcrkvu.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\jfoggjlc.dll
C:\WINDOWS\system32\jfoggjlc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhff.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhff.exe
C:\WINDOWS\system32\jkhff.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\keidvfqq.dll
C:\WINDOWS\system32\keidvfqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ldecenvx.dll
C:\WINDOWS\system32\ldecenvx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nplbnipu.exe
C:\WINDOWS\system32\nplbnipu.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\sfepwkff.exe
C:\WINDOWS\system32\sfepwkff.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrsro.dll
C:\WINDOWS\system32\ssqrsro.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\winjgf32.dll
C:\WINDOWS\system32\winjgf32.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xooupmlq.exe
C:\WINDOWS\system32\xooupmlq.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\xpikronn.dll
C:\WINDOWS\system32\xpikronn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayxvww.dll
C:\WINDOWS\system32\yayxvww.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\nplbnipu.exe
C:\WINDOWS\system32\nplbnipu.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ssqrsro.dll
C:\WINDOWS\system32\ssqrsro.dll Could not be deleted.

Performing Repairs to the registry.
Done!






Combofix:
ComboFix 08-01-23.1C - Daniel 2008-01-26 19:24:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.357 [GMT -5:00]
Running from: C:\Documents and Settings\Daniel\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Daniel\My Documents\pos1000.tmp
C:\Documents and Settings\Daniel\My Documents\pos1001.tmp
C:\Documents and Settings\Daniel\My Documents\pos1002.tmp
C:\Documents and Settings\Daniel\My Documents\pos1003.tmp
C:\Documents and Settings\Daniel\My Documents\pos1004.tmp
C:\Documents and Settings\Daniel\My Documents\pos1005.tmp
C:\Documents and Settings\Daniel\My Documents\pos1006.tmp
C:\Documents and Settings\Daniel\My Documents\pos1007.tmp
C:\Documents and Settings\Daniel\My Documents\pos1008.tmp
C:\Documents and Settings\Daniel\My Documents\pos1009.tmp
C:\Documents and Settings\Daniel\My Documents\pos100A.tmp
C:\Documents and Settings\Daniel\My Documents\pos100B.tmp
C:\Documents and Settings\Daniel\My Documents\pos100C.tmp
C:\Documents and Settings\Daniel\My Documents\pos100D.tmp
C:\Documents and Settings\Daniel\My Documents\pos100E.tmp
C:\Documents and Settings\Daniel\My Documents\pos100F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1010.tmp
C:\Documents and Settings\Daniel\My Documents\pos1011.tmp
C:\Documents and Settings\Daniel\My Documents\pos1012.tmp
C:\Documents and Settings\Daniel\My Documents\pos1013.tmp
C:\Documents and Settings\Daniel\My Documents\pos1014.tmp
C:\Documents and Settings\Daniel\My Documents\pos1015.tmp
C:\Documents and Settings\Daniel\My Documents\pos1016.tmp
C:\Documents and Settings\Daniel\My Documents\pos1017.tmp
C:\Documents and Settings\Daniel\My Documents\pos1018.tmp
C:\Documents and Settings\Daniel\My Documents\pos1019.tmp
C:\Documents and Settings\Daniel\My Documents\pos101A.tmp
C:\Documents and Settings\Daniel\My Documents\pos101B.tmp
C:\Documents and Settings\Daniel\My Documents\pos101C.tmp
C:\Documents and Settings\Daniel\My Documents\pos101D.tmp
C:\Documents and Settings\Daniel\My Documents\pos101E.tmp
C:\Documents and Settings\Daniel\My Documents\pos101F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1020.tmp
C:\Documents and Settings\Daniel\My Documents\pos1021.tmp
C:\Documents and Settings\Daniel\My Documents\pos1022.tmp
C:\Documents and Settings\Daniel\My Documents\pos1023.tmp
C:\Documents and Settings\Daniel\My Documents\pos1024.tmp
C:\Documents and Settings\Daniel\My Documents\pos1025.tmp
C:\Documents and Settings\Daniel\My Documents\pos1026.tmp
C:\Documents and Settings\Daniel\My Documents\pos1027.tmp
C:\Documents and Settings\Daniel\My Documents\pos1028.tmp
C:\Documents and Settings\Daniel\My Documents\pos1029.tmp
C:\Documents and Settings\Daniel\My Documents\pos102A.tmp
C:\Documents and Settings\Daniel\My Documents\pos102B.tmp
C:\Documents and Settings\Daniel\My Documents\pos102C.tmp
C:\Documents and Settings\Daniel\My Documents\pos102D.tmp
C:\Documents and Settings\Daniel\My Documents\pos102E.tmp
C:\Documents and Settings\Daniel\My Documents\pos102F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1030.tmp
C:\Documents and Settings\Daniel\My Documents\pos1031.tmp
C:\Documents and Settings\Daniel\My Documents\pos1032.tmp
C:\Documents and Settings\Daniel\My Documents\pos1033.tmp
C:\Documents and Settings\Daniel\My Documents\pos1034.tmp
C:\Documents and Settings\Daniel\My Documents\pos1035.tmp
C:\Documents and Settings\Daniel\My Documents\pos1036.tmp
C:\Documents and Settings\Daniel\My Documents\pos1037.tmp
C:\Documents and Settings\Daniel\My Documents\pos1038.tmp
C:\Documents and Settings\Daniel\My Documents\pos1039.tmp
C:\Documents and Settings\Daniel\My Documents\pos103A.tmp
C:\Documents and Settings\Daniel\My Documents\pos103B.tmp
C:\Documents and Settings\Daniel\My Documents\pos103C.tmp
C:\Documents and Settings\Daniel\My Documents\pos103D.tmp
C:\Documents and Settings\Daniel\My Documents\pos103E.tmp
C:\Documents and Settings\Daniel\My Documents\pos103F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1040.tmp
C:\Documents and Settings\Daniel\My Documents\pos1041.tmp
C:\Documents and Settings\Daniel\My Documents\pos1042.tmp
C:\Documents and Settings\Daniel\My Documents\pos1043.tmp
C:\Documents and Settings\Daniel\My Documents\pos1044.tmp
C:\Documents and Settings\Daniel\My Documents\pos1045.tmp
C:\Documents and Settings\Daniel\My Documents\pos1046.tmp
C:\Documents and Settings\Daniel\My Documents\pos1047.tmp
C:\Documents and Settings\Daniel\My Documents\pos1048.tmp
C:\Documents and Settings\Daniel\My Documents\pos1049.tmp
C:\Documents and Settings\Daniel\My Documents\pos104A.tmp
C:\Documents and Settings\Daniel\My Documents\pos104B.tmp
C:\Documents and Settings\Daniel\My Documents\pos104C.tmp
C:\Documents and Settings\Daniel\My Documents\pos104D.tmp
C:\Documents and Settings\Daniel\My Documents\pos104E.tmp
C:\Documents and Settings\Daniel\My Documents\pos104F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1050.tmp
C:\Documents and Settings\Daniel\My Documents\pos1051.tmp
C:\Documents and Settings\Daniel\My Documents\pos1052.tmp
C:\Documents and Settings\Daniel\My Documents\pos1053.tmp
C:\Documents and Settings\Daniel\My Documents\pos1054.tmp
C:\Documents and Settings\Daniel\My Documents\pos1055.tmp
C:\Documents and Settings\Daniel\My Documents\pos1056.tmp
C:\Documents and Settings\Daniel\My Documents\pos1057.tmp
C:\Documents and Settings\Daniel\My Documents\pos1058.tmp
C:\Documents and Settings\Daniel\My Documents\pos1059.tmp
C:\Documents and Settings\Daniel\My Documents\pos105A.tmp
C:\Documents and Settings\Daniel\My Documents\pos105B.tmp
C:\Documents and Settings\Daniel\My Documents\pos105C.tmp
C:\Documents and Settings\Daniel\My Documents\pos105D.tmp
C:\Documents and Settings\Daniel\My Documents\pos105E.tmp
C:\Documents and Settings\Daniel\My Documents\pos105F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1060.tmp
C:\Documents and Settings\Daniel\My Documents\pos1061.tmp
C:\Documents and Settings\Daniel\My Documents\pos1062.tmp
C:\Documents and Settings\Daniel\My Documents\pos1063.tmp
C:\Documents and Settings\Daniel\My Documents\pos1064.tmp
C:\Documents and Settings\Daniel\My Documents\pos1065.tmp
C:\Documents and Settings\Daniel\My Documents\pos1066.tmp
C:\Documents and Settings\Daniel\My Documents\pos1067.tmp
C:\Documents and Settings\Daniel\My Documents\pos1068.tmp
C:\Documents and Settings\Daniel\My Documents\pos1069.tmp
C:\Documents and Settings\Daniel\My Documents\pos106A.tmp
C:\Documents and Settings\Daniel\My Documents\pos106B.tmp
C:\Documents and Settings\Daniel\My Documents\pos106C.tmp
C:\Documents and Settings\Daniel\My Documents\pos106D.tmp
C:\Documents and Settings\Daniel\My Documents\pos106E.tmp
C:\Documents and Settings\Daniel\My Documents\pos106F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1070.tmp
C:\Documents and Settings\Daniel\My Documents\pos1071.tmp
C:\Documents and Settings\Daniel\My Documents\pos1072.tmp
C:\Documents and Settings\Daniel\My Documents\pos1073.tmp
C:\Documents and Settings\Daniel\My Documents\pos1074.tmp
C:\Documents and Settings\Daniel\My Documents\pos1075.tmp
C:\Documents and Settings\Daniel\My Documents\pos1076.tmp
C:\Documents and Settings\Daniel\My Documents\pos1077.tmp
C:\Documents and Settings\Daniel\My Documents\pos1078.tmp
C:\Documents and Settings\Daniel\My Documents\pos1079.tmp
C:\Documents and Settings\Daniel\My Documents\pos107A.tmp
C:\Documents and Settings\Daniel\My Documents\pos107B.tmp
C:\Documents and Settings\Daniel\My Documents\pos107C.tmp
C:\Documents and Settings\Daniel\My Documents\pos107D.tmp
C:\Documents and Settings\Daniel\My Documents\pos107E.tmp
C:\Documents and Settings\Daniel\My Documents\pos107F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1080.tmp
C:\Documents and Settings\Daniel\My Documents\pos1081.tmp
C:\Documents and Settings\Daniel\My Documents\pos1082.tmp
C:\Documents and Settings\Daniel\My Documents\pos1083.tmp
C:\Documents and Settings\Daniel\My Documents\pos1084.tmp
C:\Documents and Settings\Daniel\My Documents\pos1085.tmp
C:\Documents and Settings\Daniel\My Documents\pos1086.tmp
C:\Documents and Settings\Daniel\My Documents\pos1087.tmp
C:\Documents and Settings\Daniel\My Documents\pos1088.tmp
C:\Documents and Settings\Daniel\My Documents\pos1089.tmp
C:\Documents and Settings\Daniel\My Documents\pos108A.tmp
C:\Documents and Settings\Daniel\My Documents\pos108B.tmp
C:\Documents and Settings\Daniel\My Documents\pos108C.tmp
C:\Documents and Settings\Daniel\My Documents\pos108D.tmp
C:\Documents and Settings\Daniel\My Documents\pos108E.tmp
C:\Documents and Settings\Daniel\My Documents\pos108F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1090.tmp
C:\Documents and Settings\Daniel\My Documents\pos1091.tmp
C:\Documents and Settings\Daniel\My Documents\pos1092.tmp
C:\Documents and Settings\Daniel\My Documents\pos1093.tmp
C:\Documents and Settings\Daniel\My Documents\pos1094.tmp
C:\Documents and Settings\Daniel\My Documents\pos1095.tmp
C:\Documents and Settings\Daniel\My Documents\pos1096.tmp
C:\Documents and Settings\Daniel\My Documents\pos1097.tmp
C:\Documents and Settings\Daniel\My Documents\pos1098.tmp
C:\Documents and Settings\Daniel\My Documents\pos1099.tmp
C:\Documents and Settings\Daniel\My Documents\pos109A.tmp
C:\Documents and Settings\Daniel\My Documents\pos109B.tmp
C:\Documents and Settings\Daniel\My Documents\pos109C.tmp
C:\Documents and Settings\Daniel\My Documents\pos109D.tmp
C:\Documents and Settings\Daniel\My Documents\pos109E.tmp
C:\Documents and Settings\Daniel\My Documents\pos109F.tmp
C:\Documents and Settings\Daniel\My Documents\pos10A0.tmp
C:\Documents and Settings\Daniel\My Documents\pos10A1.tmp
C:\Documents and Settings\Daniel\My Documents\pos10A2.tmp
C:\Documents and Settings\Daniel\My Documents\pos10A3.tmp
C:\Documents and Settings\Daniel\My Documents\pos10A4.tmp
C:\Documents and Settings\Daniel\My Documents\pos10A5.tmp
C:\Documents and Settings\Daniel\My Documents\pos10A6.tmp
C:\Documents and Settings\Daniel\My Documents\pos10A7.tmp
C:\Documents and Settings\Daniel\My Documents\pos10A8.tmp
C:\Documents and Settings\Daniel\My Documents\pos10A9.tmp
C:\Documents and Settings\Daniel\My Documents\pos10AA.tmp
C:\Documents and Settings\Daniel\My Documents\pos10AB.tmp
C:\Documents and Settings\Daniel\My Documents\pos10AC.tmp
C:\Documents and Settings\Daniel\My Documents\pos10AD.tmp
C:\Documents and Settings\Daniel\My Documents\pos10AE.tmp
C:\Documents and Settings\Daniel\My Documents\pos10AF.tmp
C:\Documents and Settings\Daniel\My Documents\pos10B0.tmp
C:\Documents and Settings\Daniel\My Documents\pos10B1.tmp
C:\Documents and Settings\Daniel\My Documents\pos10B2.tmp
C:\Documents and Settings\Daniel\My Documents\pos10B3.tmp
C:\Documents and Settings\Daniel\My Documents\pos10B4.tmp
C:\Documents and Settings\Daniel\My Documents\pos10B5.tmp
C:\Documents and Settings\Daniel\My Documents\pos10B6.tmp
C:\Documents and Settings\Daniel\My Documents\pos10B7.tmp
C:\Documents and Settings\Daniel\My Documents\pos10B8.tmp
C:\Documents and Settings\Daniel\My Documents\pos10B9.tmp
C:\Documents and Settings\Daniel\My Documents\pos10BA.tmp
C:\Documents and Settings\Daniel\My Documents\pos10BB.tmp
C:\Documents and Settings\Daniel\My Documents\pos10BC.tmp
C:\Documents and Settings\Daniel\My Documents\pos10BD.tmp
C:\Documents and Settings\Daniel\My Documents\pos10BE.tmp
C:\Documents and Settings\Daniel\My Documents\pos10BF.tmp
C:\Documents and Settings\Daniel\My Documents\pos10C0.tmp
C:\Documents and Settings\Daniel\My Documents\pos10C1.tmp
C:\Documents and Settings\Daniel\My Documents\pos10C2.tmp
C:\Documents and Settings\Daniel\My Documents\pos10C3.tmp
C:\Documents and Settings\Daniel\My Documents\pos10C4.tmp
C:\Documents and Settings\Daniel\My Documents\pos10C5.tmp
C:\Documents and Settings\Daniel\My Documents\pos10C6.tmp
C:\Documents and Settings\Daniel\My Documents\pos10C7.tmp
C:\Documents and Settings\Daniel\My Documents\pos10C8.tmp
C:\Documents and Settings\Daniel\My Documents\pos10C9.tmp
C:\Documents and Settings\Daniel\My Documents\pos10CA.tmp
C:\Documents and Settings\Daniel\My Documents\pos10CB.tmp
C:\Documents and Settings\Daniel\My Documents\pos10CC.tmp
C:\Documents and Settings\Daniel\My Documents\pos10CD.tmp
C:\Documents and Settings\Daniel\My Documents\pos10CE.tmp
C:\Documents and Settings\Daniel\My Documents\pos10CF.tmp
C:\Documents and Settings\Daniel\My Documents\pos10D0.tmp
C:\Documents and Settings\Daniel\My Documents\pos10D1.tmp
C:\Documents and Settings\Daniel\My Documents\pos10D2.tmp
C:\Documents and Settings\Daniel\My Documents\pos10D3.tmp
C:\Documents and Settings\Daniel\My Documents\pos10D4.tmp
C:\Documents and Settings\Daniel\My Documents\pos10D5.tmp
C:\Documents and Settings\Daniel\My Documents\pos10D6.tmp
C:\Documents and Settings\Daniel\My Documents\pos10D7.tmp
C:\Documents and Settings\Daniel\My Documents\pos10D8.tmp
C:\Documents and Settings\Daniel\My Documents\pos10D9.tmp
C:\Documents and Settings\Daniel\My Documents\pos10DA.tmp
C:\Documents and Settings\Daniel\My Documents\pos10DB.tmp
C:\Documents and Settings\Daniel\My Documents\pos10DC.tmp
C:\Documents and Settings\Daniel\My Documents\pos10DD.tmp
C:\Documents and Settings\Daniel\My Documents\pos10DE.tmp
C:\Documents and Settings\Daniel\My Documents\pos10DF.tmp
C:\Documents and Settings\Daniel\My Documents\pos10E0.tmp
C:\Documents and Settings\Daniel\My Documents\pos10E1.tmp
C:\Documents and Settings\Daniel\My Documents\pos10E2.tmp
C:\Documents and Settings\Daniel\My Documents\pos10E3.tmp
C:\Documents and Settings\Daniel\My Documents\pos10E4.tmp
C:\Documents and Settings\Daniel\My Documents\pos10E5.tmp
C:\Documents and Settings\Daniel\My Documents\pos10E6.tmp
C:\Documents and Settings\Daniel\My Documents\pos10E7.tmp
C:\Documents and Settings\Daniel\My Documents\pos10E8.tmp
C:\Documents and Settings\Daniel\My Documents\pos10E9.tmp
C:\Documents and Settings\Daniel\My Documents\pos10EA.tmp
C:\Documents and Settings\Daniel\My Documents\pos10EB.tmp
C:\Documents and Settings\Daniel\My Documents\pos10EC.tmp
C:\Documents and Settings\Daniel\My Documents\pos10ED.tmp
C:\Documents and Settings\Daniel\My Documents\pos10EE.tmp
C:\Documents and Settings\Daniel\My Documents\pos10EF.tmp
C:\Documents and Settings\Daniel\My Documents\pos10F0.tmp
C:\Documents and Settings\Daniel\My Documents\pos10F1.tmp
C:\Documents and Settings\Daniel\My Documents\pos10F2.tmp
C:\Documents and Settings\Daniel\My Documents\pos10F3.tmp
C:\Documents and Settings\Daniel\My Documents\pos10F4.tmp
C:\Documents and Settings\Daniel\My Documents\pos10F5.tmp
C:\Documents and Settings\Daniel\My Documents\pos10F6.tmp
C:\Documents and Settings\Daniel\My Documents\pos10F7.tmp
C:\Documents and Settings\Daniel\My Documents\pos10F8.tmp
C:\Documents and Settings\Daniel\My Documents\pos10F9.tmp
C:\Documents and Settings\Daniel\My Documents\pos10FA.tmp
C:\Documents and Settings\Daniel\My Documents\pos10FB.tmp
C:\Documents and Settings\Daniel\My Documents\pos10FC.tmp
C:\Documents and Settings\Daniel\My Documents\pos10FD.tmp
C:\Documents and Settings\Daniel\My Documents\pos10FE.tmp
C:\Documents and Settings\Daniel\My Documents\pos10FF.tmp
C:\Documents and Settings\Daniel\My Documents\pos1100.tmp
C:\Documents and Settings\Daniel\My Documents\pos1101.tmp
C:\Documents and Settings\Daniel\My Documents\pos1102.tmp
C:\Documents and Settings\Daniel\My Documents\pos1103.tmp
C:\Documents and Settings\Daniel\My Documents\pos1104.tmp
C:\Documents and Settings\Daniel\My Documents\pos1105.tmp
C:\Documents and Settings\Daniel\My Documents\pos1106.tmp
C:\Documents and Settings\Daniel\My Documents\pos1107.tmp
C:\Documents and Settings\Daniel\My Documents\pos1108.tmp
C:\Documents and Settings\Daniel\My Documents\pos1109.tmp
C:\Documents and Settings\Daniel\My Documents\pos110A.tmp
C:\Documents and Settings\Daniel\My Documents\pos110B.tmp
C:\Documents and Settings\Daniel\My Documents\pos110C.tmp
C:\Documents and Settings\Daniel\My Documents\pos110D.tmp
C:\Documents and Settings\Daniel\My Documents\pos110E.tmp
C:\Documents and Settings\Daniel\My Documents\pos110F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1110.tmp
C:\Documents and Settings\Daniel\My Documents\pos1111.tmp
C:\Documents and Settings\Daniel\My Documents\pos1112.tmp
C:\Documents and Settings\Daniel\My Documents\pos1113.tmp
C:\Documents and Settings\Daniel\My Documents\pos1114.tmp
C:\Documents and Settings\Daniel\My Documents\pos1115.tmp
C:\Documents and Settings\Daniel\My Documents\pos1116.tmp
C:\Documents and Settings\Daniel\My Documents\pos1117.tmp
C:\Documents and Settings\Daniel\My Documents\pos1118.tmp
C:\Documents and Settings\Daniel\My Documents\pos1119.tmp
C:\Documents and Settings\Daniel\My Documents\pos111A.tmp
C:\Documents and Settings\Daniel\My Documents\pos111B.tmp
C:\Documents and Settings\Daniel\My Documents\pos111C.tmp
C:\Documents and Settings\Daniel\My Documents\pos111D.tmp
C:\Documents and Settings\Daniel\My Documents\pos111E.tmp
C:\Documents and Settings\Daniel\My Documents\pos111F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1120.tmp
C:\Documents and Settings\Daniel\My Documents\pos1121.tmp
C:\Documents and Settings\Daniel\My Documents\pos1122.tmp
C:\Documents and Settings\Daniel\My Documents\pos1123.tmp
C:\Documents and Settings\Daniel\My Documents\pos1124.tmp
C:\Documents and Settings\Daniel\My Documents\pos1125.tmp
C:\Documents and Settings\Daniel\My Documents\pos1126.tmp
C:\Documents and Settings\Daniel\My Documents\pos1127.tmp
C:\Documents and Settings\Daniel\My Documents\pos1128.tmp
C:\Documents and Settings\Daniel\My Documents\pos1129.tmp
C:\Documents and Settings\Daniel\My Documents\pos112A.tmp
C:\Documents and Settings\Daniel\My Documents\pos112B.tmp
C:\Documents and Settings\Daniel\My Documents\pos112C.tmp
C:\Documents and Settings\Daniel\My Documents\pos112D.tmp
C:\Documents and Settings\Daniel\My Documents\pos112E.tmp
C:\Documents and Settings\Daniel\My Documents\pos112F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1130.tmp
C:\Documents and Settings\Daniel\My Documents\pos1131.tmp
C:\Documents and Settings\Daniel\My Documents\pos1132.tmp
C:\Documents and Settings\Daniel\My Documents\pos1133.tmp
C:\Documents and Settings\Daniel\My Documents\pos1134.tmp
C:\Documents and Settings\Daniel\My Documents\pos1135.tmp
C:\Documents and Settings\Daniel\My Documents\pos1136.tmp
C:\Documents and Settings\Daniel\My Documents\pos1137.tmp
C:\Documents and Settings\Daniel\My Documents\pos1196.tmp
C:\Documents and Settings\Daniel\My Documents\pos1197.tmp
C:\Documents and Settings\Daniel\My Documents\pos1198.tmp
C:\Documents and Settings\Daniel\My Documents\pos1199.tmp
C:\Documents and Settings\Daniel\My Documents\pos119A.tmp
C:\Documents and Settings\Daniel\My Documents\pos119B.tmp
C:\Documents and Settings\Daniel\My Documents\pos119C.tmp
C:\Documents and Settings\Daniel\My Documents\pos119D.tmp
C:\Documents and Settings\Daniel\My Documents\pos119E.tmp
C:\Documents and Settings\Daniel\My Documents\pos119F.tmp
C:\Documents and Settings\Daniel\My Documents\pos11A0.tmp
C:\Documents and Settings\Daniel\My Documents\pos11A1.tmp
C:\Documents and Settings\Daniel\My Documents\pos11A2.tmp
C:\Documents and Settings\Daniel\My Documents\pos11A3.tmp
C:\Documents and Settings\Daniel\My Documents\pos11A4.tmp
C:\Documents and Settings\Daniel\My Documents\pos11A5.tmp
C:\Documents and Settings\Daniel\My Documents\pos11A6.tmp
C:\Documents and Settings\Daniel\My Documents\pos11A7.tmp
C:\Documents and Settings\Daniel\My Documents\pos11A8.tmp
C:\Documents and Settings\Daniel\My Documents\pos11A9.tmp
C:\Documents and Settings\Daniel\My Documents\pos11AA.tmp
C:\Documents and Settings\Daniel\My Documents\pos11AB.tmp
C:\Documents and Settings\Daniel\My Documents\pos11AC.tmp
C:\Documents and Settings\Daniel\My Documents\pos11AD.tmp
C:\Documents and Settings\Daniel\My Documents\pos11AE.tmp
C:\Documents and Settings\Daniel\My Documents\pos11AF.tmp
C:\Documents and Settings\Daniel\My Documents\pos11B0.tmp
C:\Documents and Settings\Daniel\My Documents\pos11B1.tmp
C:\Documents and Settings\Daniel\My Documents\pos11B2.tmp
C:\Documents and Settings\Daniel\My Documents\pos11B3.tmp
C:\Documents and Settings\Daniel\My Documents\pos11B4.tmp
C:\Documents and Settings\Daniel\My Documents\pos11B5.tmp
C:\Documents and Settings\Daniel\My Documents\pos11B6.tmp
C:\Documents and Settings\Daniel\My Documents\pos11B7.tmp
C:\Documents and Settings\Daniel\My Documents\pos11B8.tmp
C:\Documents and Settings\Daniel\My Documents\pos11B9.tmp
C:\Documents and Settings\Daniel\My Documents\pos11BA.tmp
C:\Documents and Settings\Daniel\My Documents\pos11BB.tmp
C:\Documents and Settings\Daniel\My Documents\pos11BC.tmp
C:\Documents and Settings\Daniel\My Documents\pos11BD.tmp
C:\Documents and Settings\Daniel\My Documents\pos11BE.tmp
C:\Documents and Settings\Daniel\My Documents\pos11BF.tmp
C:\Documents and Settings\Daniel\My Documents\pos11C0.tmp
C:\Documents and Settings\Daniel\My Documents\pos11C1.tmp
C:\Documents and Settings\Daniel\My Documents\pos11C2.tmp
C:\Documents and Settings\Daniel\My Documents\pos11C3.tmp
C:\Documents and Settings\Daniel\My Documents\pos11C4.tmp
C:\Documents and Settings\Daniel\My Documents\pos11C5.tmp
C:\Documents and Settings\Daniel\My Documents\pos11C6.tmp
C:\Documents and Settings\Daniel\My Documents\pos11C7.tmp
C:\Documents and Settings\Daniel\My Documents\pos11C8.tmp
C:\Documents and Settings\Daniel\My Documents\pos11C9.tmp
C:\Documents and Settings\Daniel\My Documents\pos11CA.tmp
C:\Documents and Settings\Daniel\My Documents\pos11CB.tmp
C:\Documents and Settings\Daniel\My Documents\pos11CC.tmp
C:\Documents and Settings\Daniel\My Documents\pos11CD.tmp
C:\Documents and Settings\Daniel\My Documents\pos11CE.tmp
C:\Documents and Settings\Daniel\My Documents\pos11CF.tmp
C:\Documents and Settings\Daniel\My Documents\pos11D0.tmp
C:\Documents and Settings\Daniel\My Documents\pos11D1.tmp
C:\Documents and Settings\Daniel\My Documents\pos11D2.tmp
C:\Documents and Settings\Daniel\My Documents\pos11D3.tmp
C:\Documents and Settings\Daniel\My Documents\pos11D4.tmp
C:\Documents and Settings\Daniel\My Documents\pos11D5.tmp
C:\Documents and Settings\Daniel\My Documents\pos11D6.tmp
C:\Documents and Settings\Daniel\My Documents\pos11D7.tmp
C:\Documents and Settings\Daniel\My Documents\pos11D8.tmp
C:\Documents and Settings\Daniel\My Documents\pos11D9.tmp
C:\Documents and Settings\Daniel\My Documents\pos11DA.tmp
C:\Documents and Settings\Daniel\My Documents\pos11DB.tmp
C:\Documents and Settings\Daniel\My Documents\pos11DC.tmp
C:\Documents and Settings\Daniel\My Documents\pos11DD.tmp
C:\Documents and Settings\Daniel\My Documents\pos11DE.tmp
C:\Documents and Settings\Daniel\My Documents\pos11DF.tmp
C:\Documents and Settings\Daniel\My Documents\pos11E0.tmp
C:\Documents and Settings\Daniel\My Documents\pos11E1.tmp
C:\Documents and Settings\Daniel\My Documents\pos11E2.tmp
C:\Documents and Settings\Daniel\My Documents\pos11E3.tmp
C:\Documents and Settings\Daniel\My Documents\pos11E4.tmp
C:\Documents and Settings\Daniel\My Documents\pos11E5.tmp
C:\Documents and Settings\Daniel\My Documents\pos11E6.tmp
C:\Documents and Settings\Daniel\My Documents\pos11E7.tmp
C:\Documents and Settings\Daniel\My Documents\pos11E8.tmp
C:\Documents and Settings\Daniel\My Documents\pos11E9.tmp
C:\Documents and Settings\Daniel\My Documents\pos11EA.tmp
C:\Documents and Settings\Daniel\My Documents\pos11EB.tmp
C:\Documents and Settings\Daniel\My Documents\pos11EC.tmp
C:\Documents and Settings\Daniel\My Documents\pos11ED.tmp
C:\Documents and Settings\Daniel\My Documents\pos11EE.tmp
C:\Documents and Settings\Daniel\My Documents\pos11EF.tmp
C:\Documents and Settings\Daniel\My Documents\pos11F0.tmp
C:\Documents and Settings\Daniel\My Documents\pos11F1.tmp
C:\Documents and Settings\Daniel\My Documents\pos11F2.tmp
C:\Documents and Settings\Daniel\My Documents\pos11F3.tmp
C:\Documents and Settings\Daniel\My Documents\pos11F4.tmp
C:\Documents and Settings\Daniel\My Documents\pos11F5.tmp
C:\Documents and Settings\Daniel\My Documents\pos11F6.tmp
C:\Documents and Settings\Daniel\My Documents\pos11F7.tmp
C:\Documents and Settings\Daniel\My Documents\pos11F8.tmp
C:\Documents and Settings\Daniel\My Documents\pos11F9.tmp
C:\Documents and Settings\Daniel\My Documents\pos11FA.tmp
C:\Documents and Settings\Daniel\My Documents\pos11FB.tmp
C:\Documents and Settings\Daniel\My Documents\pos11FC.tmp
C:\Documents and Settings\Daniel\My Documents\pos11FD.tmp
C:\Documents and Settings\Daniel\My Documents\pos11FE.tmp
C:\Documents and Settings\Daniel\My Documents\pos11FF.tmp
C:\Documents and Settings\Daniel\My Documents\pos1200.tmp
C:\Documents and Settings\Daniel\My Documents\pos1201.tmp
C:\Documents and Settings\Daniel\My Documents\pos1202.tmp
C:\Documents and Settings\Daniel\My Documents\pos1203.tmp
C:\Documents and Settings\Daniel\My Documents\pos1204.tmp
C:\Documents and Settings\Daniel\My Documents\pos1205.tmp
C:\Documents and Settings\Daniel\My Documents\pos1206.tmp
C:\Documents and Settings\Daniel\My Documents\pos1207.tmp
C:\Documents and Settings\Daniel\My Documents\pos1208.tmp
C:\Documents and Settings\Daniel\My Documents\pos1209.tmp
C:\Documents and Settings\Daniel\My Documents\pos120A.tmp
C:\Documents and Settings\Daniel\My Documents\pos120B.tmp
C:\Documents and Settings\Daniel\My Documents\pos120C.tmp
C:\Documents and Settings\Daniel\My Documents\pos120D.tmp
C:\Documents and Settings\Daniel\My Documents\pos120E.tmp
C:\Documents and Settings\Daniel\My Documents\pos120F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1210.tmp
C:\Documents and Settings\Daniel\My Documents\pos1211.tmp
C:\Documents and Settings\Daniel\My Documents\pos1212.tmp
C:\Documents and Settings\Daniel\My Documents\pos1213.tmp
C:\Documents and Settings\Daniel\My Documents\pos1214.tmp
C:\Documents and Settings\Daniel\My Documents\pos1215.tmp
C:\Documents and Settings\Daniel\My Documents\pos1216.tmp
C:\Documents and Settings\Daniel\My Documents\pos1217.tmp
C:\Documents and Settings\Daniel\My Documents\pos1218.tmp
C:\Documents and Settings\Daniel\My Documents\pos1219.tmp
C:\Documents and Settings\Daniel\My Documents\pos121A.tmp
C:\Documents and Settings\Daniel\My Documents\pos121B.tmp
C:\Documents and Settings\Daniel\My Documents\pos121C.tmp
C:\Documents and Settings\Daniel\My Documents\pos121D.tmp
C:\Documents and Settings\Daniel\My Documents\pos121E.tmp
C:\Documents and Settings\Daniel\My Documents\pos121F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1220.tmp
C:\Documents and Settings\Daniel\My Documents\pos1221.tmp
C:\Documents and Settings\Daniel\My Documents\pos1222.tmp
C:\Documents and Settings\Daniel\My Documents\pos1223.tmp
C:\Documents and Settings\Daniel\My Documents\pos1224.tmp
C:\Documents and Settings\Daniel\My Documents\pos1225.tmp
C:\Documents and Settings\Daniel\My Documents\pos1226.tmp
C:\Documents and Settings\Daniel\My Documents\pos1227.tmp
C:\Documents and Settings\Daniel\My Documents\pos1228.tmp
C:\Documents and Settings\Daniel\My Documents\pos1229.tmp
C:\Documents and Settings\Daniel\My Documents\pos122A.tmp
C:\Documents and Settings\Daniel\My Documents\pos122B.tmp
C:\Documents and Settings\Daniel\My Documents\pos122C.tmp
C:\Documents and Settings\Daniel\My Documents\pos122D.tmp
C:\Documents and Settings\Daniel\My Documents\pos122E.tmp
C:\Documents and Settings\Daniel\My Documents\pos122F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1230.tmp
C:\Documents and Settings\Daniel\My Documents\pos1231.tmp
C:\Documents and Settings\Daniel\My Documents\pos1232.tmp
C:\Documents and Settings\Daniel\My Documents\pos1233.tmp
C:\Documents and Settings\Daniel\My Documents\pos1234.tmp
C:\Documents and Settings\Daniel\My Documents\pos1235.tmp
C:\Documents and Settings\Daniel\My Documents\pos1236.tmp
C:\Documents and Settings\Daniel\My Documents\pos1237.tmp
C:\Documents and Settings\Daniel\My Documents\pos1238.tmp
C:\Documents and Settings\Daniel\My Documents\pos1239.tmp
C:\Documents and Settings\Daniel\My Documents\pos123A.tmp
C:\Documents and Settings\Daniel\My Documents\pos123B.tmp
C:\Documents and Settings\Daniel\My Documents\pos123C.tmp
C:\Documents and Settings\Daniel\My Documents\pos123D.tmp
C:\Documents and Settings\Daniel\My Documents\pos123E.tmp
C:\Documents and Settings\Daniel\My Documents\pos123F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1240.tmp
C:\Documents and Settings\Daniel\My Documents\pos1241.tmp
C:\Documents and Settings\Daniel\My Documents\pos1242.tmp
C:\Documents and Settings\Daniel\My Documents\pos1243.tmp
C:\Documents and Settings\Daniel\My Documents\pos1244.tmp
C:\Documents and Settings\Daniel\My Documents\pos1245.tmp
C:\Documents and Settings\Daniel\My Documents\pos1246.tmp
C:\Documents and Settings\Daniel\My Documents\pos1247.tmp
C:\Documents and Settings\Daniel\My Documents\pos1248.tmp
C:\Documents and Settings\Daniel\My Documents\pos1249.tmp
C:\Documents and Settings\Daniel\My Documents\pos124A.tmp
C:\Documents and Settings\Daniel\My Documents\pos124B.tmp
C:\Documents and Settings\Daniel\My Documents\pos124C.tmp
C:\Documents and Settings\Daniel\My Documents\pos124D.tmp
C:\Documents and Settings\Daniel\My Documents\pos124E.tmp
C:\Documents and Settings\Daniel\My Documents\pos124F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1250.tmp
C:\Documents and Settings\Daniel\My Documents\pos1251.tmp
C:\Documents and Settings\Daniel\My Documents\pos1252.tmp
C:\Documents and Settings\Daniel\My Documents\pos1253.tmp
C:\Documents and Settings\Daniel\My Documents\pos1254.tmp
C:\Documents and Settings\Daniel\My Documents\pos1255.tmp
C:\Documents and Settings\Daniel\My Documents\pos1256.tmp
C:\Documents and Settings\Daniel\My Documents\pos1257.tmp
C:\Documents and Settings\Daniel\My Documents\pos1258.tmp
C:\Documents and Settings\Daniel\My Documents\pos1259.tmp
C:\Documents and Settings\Daniel\My Documents\pos125A.tmp
C:\Documents and Settings\Daniel\My Documents\pos125B.tmp
C:\Documents and Settings\Daniel\My Documents\pos125C.tmp
C:\Documents and Settings\Daniel\My Documents\pos125D.tmp
C:\Documents and Settings\Daniel\My Documents\pos125E.tmp
C:\Documents and Settings\Daniel\My Documents\pos125F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1260.tmp
C:\Documents and Settings\Daniel\My Documents\pos1261.tmp
C:\Documents and Settings\Daniel\My Documents\pos1262.tmp
C:\Documents and Settings\Daniel\My Documents\pos1263.tmp
C:\Documents and Settings\Daniel\My Documents\pos1264.tmp
C:\Documents and Settings\Daniel\My Documents\pos1265.tmp
C:\Documents and Settings\Daniel\My Documents\pos1266.tmp
C:\Documents and Settings\Daniel\My Documents\pos1267.tmp
C:\Documents and Settings\Daniel\My Documents\pos1268.tmp
C:\Documents and Settings\Daniel\My Documents\pos1269.tmp
C:\Documents and Settings\Daniel\My Documents\pos126A.tmp
C:\Documents and Settings\Daniel\My Documents\pos126B.tmp
C:\Documents and Settings\Daniel\My Documents\pos126C.tmp
C:\Documents and Settings\Daniel\My Documents\pos126D.tmp
C:\Documents and Settings\Daniel\My Documents\pos126E.tmp
C:\Documents and Settings\Daniel\My Documents\pos126F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1270.tmp
C:\Documents and Settings\Daniel\My Documents\pos1271.tmp
C:\Documents and Settings\Daniel\My Documents\pos1272.tmp
C:\Documents and Settings\Daniel\My Documents\pos1273.tmp
C:\Documents and Settings\Daniel\My Documents\pos1274.tmp
C:\Documents and Settings\Daniel\My Documents\pos1275.tmp
C:\Documents and Settings\Daniel\My Documents\pos1276.tmp
C:\Documents and Settings\Daniel\My Documents\pos1277.tmp
C:\Documents and Settings\Daniel\My Documents\pos1278.tmp
C:\Documents and Settings\Daniel\My Documents\pos1279.tmp
C:\Documents and Settings\Daniel\My Documents\pos127A.tmp
C:\Documents and Settings\Daniel\My Documents\pos127B.tmp
C:\Documents and Settings\Daniel\My Documents\pos127C.tmp
C:\Documents and Settings\Daniel\My Documents\pos127D.tmp
C:\Documents and Settings\Daniel\My Documents\pos127E.tmp
C:\Documents and Settings\Daniel\My Documents\pos127F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1280.tmp
C:\Documents and Settings\Daniel\My Documents\pos1281.tmp
C:\Documents and Settings\Daniel\My Documents\pos1282.tmp
C:\Documents and Settings\Daniel\My Documents\pos1283.tmp
C:\Documents and Settings\Daniel\My Documents\pos1284.tmp
C:\Documents and Settings\Daniel\My Documents\pos1285.tmp
C:\Documents and Settings\Daniel\My Documents\pos1286.tmp
C:\Documents and Settings\Daniel\My Documents\pos1287.tmp
C:\Documents and Settings\Daniel\My Documents\pos1288.tmp
C:\Documents and Settings\Daniel\My Documents\pos1289.tmp
C:\Documents and Settings\Daniel\My Documents\pos128A.tmp
C:\Documents and Settings\Daniel\My Documents\pos128B.tmp
C:\Documents and Settings\Daniel\My Documents\pos128C.tmp
C:\Documents and Settings\Daniel\My Documents\pos128D.tmp
C:\Documents and Settings\Daniel\My Documents\pos128E.tmp
C:\Documents and Settings\Daniel\My Documents\pos128F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1290.tmp
C:\Documents and Settings\Daniel\My Documents\pos1291.tmp
C:\Documents and Settings\Daniel\My Documents\pos1292.tmp
C:\Documents and Settings\Daniel\My Documents\pos1293.tmp
C:\Documents and Settings\Daniel\My Documents\pos1294.tmp
C:\Documents and Settings\Daniel\My Documents\pos1295.tmp
C:\Documents and Settings\Daniel\My Documents\pos1296.tmp
C:\Documents and Settings\Daniel\My Documents\pos1297.tmp
C:\Documents and Settings\Daniel\My Documents\pos1298.tmp
C:\Documents and Settings\Daniel\My Documents\pos1299.tmp
C:\Documents and Settings\Daniel\My Documents\pos129A.tmp
C:\Documents and Settings\Daniel\My Documents\pos129B.tmp
C:\Documents and Settings\Daniel\My Documents\pos129C.tmp
C:\Documents and Settings\Daniel\My Documents\pos129D.tmp
C:\Documents and Settings\Daniel\My Documents\pos129E.tmp
C:\Documents and Settings\Daniel\My Documents\pos129F.tmp
C:\Documents and Settings\Daniel\My Documents\pos12A0.tmp
C:\Documents and Settings\Daniel\My Documents\pos12A1.tmp
C:\Documents and Settings\Daniel\My Documents\pos12A2.tmp
C:\Documents and Settings\Daniel\My Documents\pos12A3.tmp
C:\Documents and Settings\Daniel\My Documents\pos12A4.tmp
C:\Documents and Settings\Daniel\My Documents\pos12A5.tmp
C:\Documents and Settings\Daniel\My Documents\pos12A6.tmp
C:\Documents and Settings\Daniel\My Documents\pos12A7.tmp
C:\Documents and Settings\Daniel\My Documents\pos12A8.tmp
C:\Documents and Settings\Daniel\My Documents\pos12A9.tmp
C:\Documents and Settings\Daniel\My Documents\pos12AA.tmp
C:\Documents and Settings\Daniel\My Documents\pos12AB.tmp
C:\Documents and Settings\Daniel\My Documents\pos12AC.tmp
C:\Documents and Settings\Daniel\My Documents\pos12AD.tmp
C:\Documents and Settings\Daniel\My Documents\pos12AE.tmp
C:\Documents and Settings\Daniel\My Documents\pos12AF.tmp
C:\Documents and Settings\Daniel\My Documents\pos12B0.tmp
C:\Documents and Settings\Daniel\My Documents\pos12B1.tmp
C:\Documents and Settings\Daniel\My Documents\pos12B2.tmp
C:\Documents and Settings\Daniel\My Documents\pos12B3.tmp
C:\Documents and Settings\Daniel\My Documents\pos12B4.tmp
C:\Documents and Settings\Daniel\My Documents\pos12B5.tmp
C:\Documents and Settings\Daniel\My Documents\pos12B6.tmp
C:\Documents and Settings\Daniel\My Documents\pos12B7.tmp
C:\Documents and Settings\Daniel\My Documents\pos12B8.tmp
C:\Documents and Settings\Daniel\My Documents\pos12B9.tmp
C:\Documents and Settings\Daniel\My Documents\pos12BA.tmp
C:\Documents and Settings\Daniel\My Documents\pos12BB.tmp
C:\Documents and Settings\Daniel\My Documents\pos12BC.tmp
C:\Documents and Settings\Daniel\My Documents\pos12BD.tmp
C:\Documents and Settings\Daniel\My Documents\pos12BE.tmp
C:\Documents and Settings\Daniel\My Documents\pos12BF.tmp
C:\Documents and Settings\Daniel\My Documents\pos12C0.tmp
C:\Documents and Settings\Daniel\My Documents\pos12C1.tmp
C:\Documents and Settings\Daniel\My Documents\pos12C2.tmp
C:\Documents and Settings\Daniel\My Documents\pos12C3.tmp
C:\Documents and Settings\Daniel\My Documents\pos12C4.tmp
C:\Documents and Settings\Daniel\My Documents\pos12C5.tmp
C:\Documents and Settings\Daniel\My Documents\pos12C6.tmp
C:\Documents and Settings\Daniel\My Documents\pos12C7.tmp
C:\Documents and Settings\Daniel\My Documents\pos12C8.tmp
C:\Documents and Settings\Daniel\My Documents\pos12C9.tmp
C:\Documents and Settings\Daniel\My Documents\pos12CA.tmp
C:\Documents and Settings\Daniel\My Documents\pos12CB.tmp
C:\Documents and Settings\Daniel\My Documents\pos12CC.tmp
C:\Documents and Settings\Daniel\My Documents\pos12CD.tmp
C:\Documents and Settings\Daniel\My Documents\pos12CE.tmp
C:\Documents and Settings\Daniel\My Documents\pos12CF.tmp
C:\Documents and Settings\Daniel\My Documents\pos12D0.tmp
C:\Documents and Settings\Daniel\My Documents\pos12D1.tmp
C:\Documents and Settings\Daniel\My Documents\pos12D2.tmp
C:\Documents and Settings\Daniel\My Documents\pos12D3.tmp
C:\Documents and Settings\Daniel\My Documents\pos12D4.tmp
C:\Documents and Settings\Daniel\My Documents\pos12D5.tmp
C:\Documents and Settings\Daniel\My Documents\pos12D6.tmp
C:\Documents and Settings\Daniel\My Documents\pos12D7.tmp
C:\Documents and Settings\Daniel\My Documents\pos12D8.tmp
C:\Documents and Settings\Daniel\My Documents\pos12D9.tmp
C:\Documents and Settings\Daniel\My Documents\pos12DA.tmp
C:\Documents and Settings\Daniel\My Documents\pos12DB.tmp
C:\Documents and Settings\Daniel\My Documents\pos12DC.tmp
C:\Documents and Settings\Daniel\My Documents\pos12DD.tmp
C:\Documents and Settings\Daniel\My Documents\pos12DE.tmp
C:\Documents and Settings\Daniel\My Documents\pos12DF.tmp
C:\Documents and Settings\Daniel\My Documents\pos12E0.tmp
C:\Documents and Settings\Daniel\My Documents\pos12E1.tmp
C:\Documents and Settings\Daniel\My Documents\pos12E2.tmp
C:\Documents and Settings\Daniel\My Documents\pos12E3.tmp
C:\Documents and Settings\Daniel\My Documents\pos12E4.tmp
C:\Documents and Settings\Daniel\My Documents\pos12E5.tmp
C:\Documents and Settings\Daniel\My Documents\pos12E6.tmp
C:\Documents and Settings\Daniel\My Documents\pos12E7.tmp
C:\Documents and Settings\Daniel\My Documents\pos12E8.tmp
C:\Documents and Settings\Daniel\My Documents\pos12E9.tmp
C:\Documents and Settings\Daniel\My Documents\pos12EA.tmp
C:\Documents and Settings\Daniel\My Documents\pos12EB.tmp
C:\Documents and Settings\Daniel\My Documents\pos12EC.tmp
C:\Documents and Settings\Daniel\My Documents\pos12ED.tmp
C:\Documents and Settings\Daniel\My Documents\pos12EE.tmp
C:\Documents and Settings\Daniel\My Documents\pos12EF.tmp
C:\Documents and Settings\Daniel\My Documents\pos12F0.tmp
C:\Documents and Settings\Daniel\My Documents\pos12F1.tmp
C:\Documents and Settings\Daniel\My Documents\pos12F2.tmp
C:\Documents and Settings\Daniel\My Documents\pos12F3.tmp
C:\Documents and Settings\Daniel\My Documents\pos12F4.tmp
C:\Documents and Settings\Daniel\My Documents\pos12F5.tmp
C:\Documents and Settings\Daniel\My Documents\pos12F6.tmp
C:\Documents and Settings\Daniel\My Documents\pos12F7.tmp
C:\Documents and Settings\Daniel\My Documents\pos12F8.tmp
C:\Documents and Settings\Daniel\My Documents\pos12F9.tmp
C:\Documents and Settings\Daniel\My Documents\pos12FA.tmp
C:\Documents and Settings\Daniel\My Documents\pos12FB.tmp
C:\Documents and Settings\Daniel\My Documents\pos12FC.tmp
C:\Documents and Settings\Daniel\My Documents\pos12FD.tmp
C:\Documents and Settings\Daniel\My Documents\pos12FE.tmp
C:\Documents and Settings\Daniel\My Documents\pos12FF.tmp
C:\Documents and Settings\Daniel\My Documents\pos1300.tmp
C:\Documents and Settings\Daniel\My Documents\pos1301.tmp
C:\Documents and Settings\Daniel\My Documents\pos1302.tmp
C:\Documents and Settings\Daniel\My Documents\pos1303.tmp
C:\Documents and Settings\Daniel\My Documents\pos1304.tmp
C:\Documents and Settings\Daniel\My Documents\pos1305.tmp
C:\Documents and Settings\Daniel\My Documents\pos1306.tmp
C:\Documents and Settings\Daniel\My Documents\pos1307.tmp
C:\Documents and Settings\Daniel\My Documents\pos1308.tmp
C:\Documents and Settings\Daniel\My Documents\pos1309.tmp
C:\Documents and Settings\Daniel\My Documents\pos130A.tmp
C:\Documents and Settings\Daniel\My Documents\pos130B.tmp
C:\Documents and Settings\Daniel\My Documents\pos130C.tmp
C:\Documents and Settings\Daniel\My Documents\pos130D.tmp
C:\Documents and Settings\Daniel\My Documents\pos130E.tmp
C:\Documents and Settings\Daniel\My Documents\pos130F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1310.tmp
C:\Documents and Settings\Daniel\My Documents\pos1311.tmp
C:\Documents and Settings\Daniel\My Documents\pos1312.tmp
C:\Documents and Settings\Daniel\My Documents\pos1313.tmp
C:\Documents and Settings\Daniel\My Documents\pos1314.tmp
C:\Documents and Settings\Daniel\My Documents\pos1315.tmp
C:\Documents and Settings\Daniel\My Documents\pos1316.tmp
C:\Documents and Settings\Daniel\My Documents\pos1317.tmp
C:\Documents and Settings\Daniel\My Documents\pos1318.tmp
C:\Documents and Settings\Daniel\My Documents\pos1319.tmp
C:\Documents and Settings\Daniel\My Documents\pos131A.tmp
C:\Documents and Settings\Daniel\My Documents\pos131B.tmp
C:\Documents and Settings\Daniel\My Documents\pos131C.tmp
C:\Documents and Settings\Daniel\My Documents\pos131D.tmp
C:\Documents and Settings\Daniel\My Documents\pos131E.tmp
C:\Documents and Settings\Daniel\My Documents\pos131F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1320.tmp
C:\Documents and Settings\Daniel\My Documents\pos1321.tmp
C:\Documents and Settings\Daniel\My Documents\pos1322.tmp
C:\Documents and Settings\Daniel\My Documents\pos1323.tmp
C:\Documents and Settings\Daniel\My Documents\pos1324.tmp
C:\Documents and Settings\Daniel\My Documents\pos1325.tmp
C:\Documents and Settings\Daniel\My Documents\pos1326.tmp
C:\Documents and Settings\Daniel\My Documents\pos1327.tmp
C:\Documents and Settings\Daniel\My Documents\pos1328.tmp
C:\Documents and Settings\Daniel\My Documents\pos1329.tmp
C:\Documents and Settings\Daniel\My Documents\pos132A.tmp
C:\Documents and Settings\Daniel\My Documents\pos132B.tmp
C:\Documents and Settings\Daniel\My Documents\pos132C.tmp
C:\Documents and Settings\Daniel\My Documents\pos132D.tmp
C:\Documents and Settings\Daniel\My Documents\pos132E.tmp
C:\Documents and Settings\Daniel\My Documents\pos132F.tmp
C:\Documents and Settings\Daniel\My Documents\pos1330.tmp
C:\Documents and Settings\Daniel\My Documents\pos1331.tmp
C:\Documents and Settings\Daniel\My Documents\pos1332.tmp
C:\Documents and Settings\Daniel\My Documents\pos1333.tmp
C:\Documents and Settings\Daniel\My Documents\pos1334.tmp
C:\Documents and Settings\Daniel\My Documents\pos1335.tmp
C:\Documents and Settings\Daniel\My Documents&#
  • 0

#8
Daniel Q.

Daniel Q.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Reposting combofix the file is huge
  • 0

#9
Daniel Q.

Daniel Q.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Allright the text limit does not allow to put a complete combofixlog.

However after looking at it the majority is whole bunch of .tmp files very similiar to the ones in post before this. However here is the other part of the combofix not counting the .tmp files



C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Helper
C:\Program Files\Helper\Helper9.dll
C:\Program Files\lsass.exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OinFP.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhff.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nplbnipu.exe
C:\WINDOWS\system32\ssqrsro.dll
C:\WINDOWS\system32\windows

<pre>
C:\Program Files\MSN Messenger\msnmsgr .exe ---> QooBox
</pre>
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-26 19:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 18:54 . 2008-01-26 18:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-26 18:54 . 2008-01-26 18:54 <DIR> d-------- C:\WINDOWS\ehome
2008-01-26 18:51 . 2002-06-14 18:46 19,274 --a------ C:\WINDOWS\000001_.tmp
2008-01-26 18:42 . 2008-01-26 19:16 <DIR> d-------- C:\VundoFix Backups
2008-01-26 09:32 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-01-26 09:32 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-01-26 09:32 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-01-26 09:32 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-01-26 09:32 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-26 09:32 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-01-26 09:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-26 09:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-26 09:32 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-26 09:28 . 2008-01-26 09:29 <DIR> d-------- C:\WINDOWS\Windows Update Setup Files
2008-01-26 09:28 . 2008-01-26 09:29 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-25 22:47 . 2008-01-26 18:36 1,143,052 ---hs---- C:\WINDOWS\system32\xvnecedl.ini
2008-01-24 22:43 . 2008-01-25 22:47 1,142,872 ---hs---- C:\WINDOWS\system32\awqntplt.ini
2008-01-24 21:37 . 2008-01-24 22:38 1,130,158 ---hs---- C:\WINDOWS\system32\nvciskss.ini
2008-01-22 10:14 . 2008-01-22 10:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-22 09:19 . 2008-01-22 09:19 <DIR> d-------- C:\Program Files\Acceleration Software
2008-01-22 09:18 . 2008-01-22 09:18 <DIR> d-------- C:\Program Files\eAcceleration
2008-01-22 09:18 . 2008-01-22 09:19 <DIR> d-------- C:\Program Files\Common Files\eAcceleration
2008-01-22 09:12 . 2008-01-22 09:12 268 --ah----- C:\sqmdata12.sqm
2008-01-22 09:12 . 2008-01-22 09:12 244 --ah----- C:\sqmnoopt12.sqm
2008-01-21 18:52 . 2008-01-22 08:48 90,112 --a------ C:\WINDOWS\UpdReg .EXE
2008-01-21 18:51 . 2008-01-21 18:51 268 --ah----- C:\sqmdata11.sqm
2008-01-21 18:51 . 2008-01-21 18:51 244 --ah----- C:\sqmnoopt11.sqm
2008-01-21 09:07 . 2008-01-21 09:07 103,936 --a------ C:\WINDOWS\system32\drvpov.dll
2008-01-20 02:13 . 2008-01-20 02:13 268 --ah----- C:\sqmdata10.sqm
2008-01-20 02:13 . 2008-01-20 02:13 244 --ah----- C:\sqmnoopt10.sqm
2008-01-19 12:37 . 2008-01-19 12:37 268 --ah----- C:\sqmdata09.sqm
2008-01-19 12:37 . 2008-01-19 12:37 244 --ah----- C:\sqmnoopt09.sqm
2008-01-17 14:32 . 2008-01-17 14:32 268 --ah----- C:\sqmdata08.sqm
2008-01-17 14:32 . 2008-01-17 14:32 244 --ah----- C:\sqmnoopt08.sqm
2008-01-16 15:45 . 2008-01-16 15:45 268 --ah----- C:\sqmdata07.sqm
2008-01-16 15:45 . 2008-01-16 15:45 244 --ah----- C:\sqmnoopt07.sqm
2008-01-16 14:31 . 2008-01-18 17:30 <DIR> d-------- C:\Program Files\Opera
2008-01-16 14:21 . 2008-01-16 14:21 268 --ah----- C:\sqmdata06.sqm
2008-01-16 14:21 . 2008-01-16 14:21 244 --ah----- C:\sqmnoopt06.sqm
2008-01-16 13:37 . 2008-01-16 13:37 268 --ah----- C:\sqmdata05.sqm
2008-01-16 13:37 . 2008-01-16 13:37 244 --ah----- C:\sqmnoopt05.sqm
2008-01-16 06:46 . 2008-01-16 06:46 268 --ah----- C:\sqmdata04.sqm
2008-01-16 06:46 . 2008-01-16 06:46 244 --ah----- C:\sqmnoopt04.sqm
2008-01-15 09:11 . 2008-01-15 09:11 268 --ah----- C:\sqmdata03.sqm
2008-01-15 09:11 . 2008-01-15 09:11 244 --ah----- C:\sqmnoopt03.sqm
2008-01-14 22:18 . 2008-01-14 22:18 244 --ah----- C:\sqmnoopt02.sqm
2008-01-14 22:18 . 2008-01-14 22:18 232 --ah----- C:\sqmdata02.sqm
2008-01-10 18:24 . 2003-07-17 09:23 1,129,472 --a------ C:\WINDOWS\system32\msxml3.dll
2008-01-10 18:23 . 2008-01-10 18:23 126,976 --a------ C:\WINDOWS\system32\odbcconf.dll
2008-01-10 18:23 . 2008-01-10 18:23 126,976 --a--c--- C:\WINDOWS\system32\dllcache\odbcconf.dll
2008-01-10 18:23 . 2008-01-10 18:23 69,632 --a------ C:\WINDOWS\system32\odbcconf.exe
2008-01-10 18:23 . 2008-01-10 18:23 69,632 --a--c--- C:\WINDOWS\system32\dllcache\odbcconf.exe
2008-01-10 18:23 . 2008-01-10 18:23 253 --a------ C:\WINDOWS\system32\mdaccore.rsp
2008-01-10 18:23 . 2008-01-10 18:23 181 --a------ C:\WINDOWS\system32\sqlclnt.rsp
2008-01-10 18:23 . 2008-01-10 18:23 28 --a------ C:\WINDOWS\system32\redist.rsp
2008-01-10 16:52 . 2008-01-22 14:14 <DIR> d-------- C:\Program Files\Steam
2008-01-10 16:29 . 2008-01-10 16:29 <DIR> d-------- C:\Program Files\Ideazon
2008-01-10 16:29 . 2005-05-02 15:41 49,152 --a------ C:\WINDOWS\system32\ZboardConfig.cpl
2008-01-10 16:29 . 2003-09-03 07:14 49,152 --a------ C:\WINDOWS\system32\Winlognotif.dll
2008-01-10 16:28 . 2002-08-29 02:06 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-01-10 16:28 . 2002-08-29 02:06 51,072 --a--c--- C:\WINDOWS\system32\dllcache\i8042prt.sys
2008-01-10 16:28 . 2005-09-22 01:22 30,976 -ra------ C:\WINDOWS\system32\drivers\OmniDrv.sys
2008-01-10 16:28 . 2005-09-22 01:22 28,800 -ra------ C:\WINDOWS\system32\drivers\OmniUsb.sys
2008-01-10 16:28 . 2002-08-29 01:27 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-01-10 16:28 . 2002-08-29 01:27 23,424 --a--c--- C:\WINDOWS\system32\dllcache\kbdclass.sys
2008-01-10 16:28 . 2001-08-17 13:48 13,952 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-10 16:28 . 2001-08-17 13:48 13,952 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-10 16:28 . 2005-09-22 01:22 9,696 -ra------ C:\WINDOWS\system32\drivers\OmniUsbl.sys
2008-01-10 16:02 . 2002-08-29 03:40 20,480 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-10 16:02 . 2002-08-29 03:40 20,480 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-10 16:01 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-10 16:01 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-07 19:16 . 2008-01-07 19:16 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-07 19:16 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-01-07 19:16 . 2008-01-10 18:25 453 --a------ C:\WINDOWS\ODBC.INI
2008-01-07 19:15 . 2008-01-07 19:15 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-07 19:12 . 2008-01-07 19:12 <DIR> dr-h----- C:\MSOCache
2008-01-07 19:08 . 2008-01-07 19:08 <DIR> d-------- C:\Program Files\MagicISO
2008-01-07 19:06 . 2008-01-22 14:14 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-07 19:03 . 2008-01-07 19:03 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-06 10:08 . 2008-01-06 10:08 <DIR> d-------- C:\WINDOWS\Sun
2008-01-01 10:51 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-01 10:50 . 2008-01-01 10:51 <DIR> d-------- C:\Program Files\Java
2008-01-01 10:50 . 2008-01-01 10:50 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-31 00:20 . 2007-12-31 00:20 268 --ah----- C:\sqmdata01.sqm
2007-12-31 00:20 . 2007-12-31 00:20 244 --ah----- C:\sqmnoopt01.sqm
2007-12-30 11:33 . 2007-12-30 11:33 268 --ah----- C:\sqmdata00.sqm
2007-12-30 11:33 . 2007-12-30 11:33 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 00:30 --------- d-----w C:\Program Files\MSN Messenger
2008-01-26 01:08 --------- d-----w C:\Program Files\World of Warcraft
2008-01-21 14:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-10 23:25 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-10 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 14:58 --------- d-----w C:\Program Files\DivX
2007-12-24 05:28 --------- d-----w C:\Program Files\Galactic Magnate
2007-12-19 06:37 --------- d-----w C:\Program Files\AutoIt3
2007-12-19 06:23 --------- d-----w C:\Program Files\AIM6
2007-12-19 06:22 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-18 21:21 --------- d-----w C:\Program Files\QuickTime
2007-12-18 21:21 --------- d-----w C:\Program Files\iTunes
2007-12-18 21:21 --------- d-----w C:\Program Files\iPod
2007-12-18 21:20 --------- d-----w C:\Program Files\Apple Software Update
2007-12-18 15:13 --------- d-----w C:\Program Files\WowEquip
2007-12-06 19:35 --------- d-----w C:\Program Files\BitLord
2007-12-04 02:50 --------- d-----w C:\Program Files\Ventrilo
2007-12-04 02:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-04 01:43 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-12-04 01:26 --------- d-----w C:\Program Files\Creative
2007-12-04 01:22 --------- d-----w C:\Program Files\ATI Technologies
2007-12-04 01:21 --------- d-----w C:\Program Files\Intel
2007-12-04 01:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-04 01:12 --------- d-----w C:\Program Files\microsoft frontpage
.
<pre>
----a-w		   290,816 2008-01-22 13:48:49  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w		   135,264 2008-01-22 13:48:48  C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
----a-w		   486,856 2008-01-22 13:49:03  C:\Program Files\DAEMON Tools Lite\daemon .exe
----a-w		   132,496 2008-01-22 13:48:48  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		 1,266,936 2008-01-22 13:49:07  C:\Program Files\Steam\Steam .exe
----a-w			90,112 2008-01-22 13:48:46  C:\WINDOWS\UpdReg .EXE
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e2117bf-4319-4e30-995d-b940bea86d46}]
C:\WINDOWS\System32\xpikronn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [ ]
"Steam"="C:\Program Files\Steam\Steam.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"MSDrive"="C:\WINDOWS\System32\drvpov.dll" [2008-01-21 09:07 103936]
"StopSignSsTsMon"="C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll" [2007-11-26 12:40 149152]
"StopSignSsSsMon"="C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [2007-11-26 12:40 132768]
"381625df"="C:\WINDOWS\System32\ldecenvx.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"StopSignSsTsMon"="C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll" [2007-11-26 12:40 149152]
"StopSignSsSsMon"="C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [2007-11-26 12:40 132768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ZboardTray"= "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard]
Winlognotif.dll 2003-09-03 07:14 49152 C:\WINDOWS\system32\Winlognotif.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 10:20 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2002-08-29 03:41 1511453 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe


*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 19:31:43
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106]
-> C:\WINDOWS\System32\drvpov.dll
.
Completion time: 2008-01-26 19:33:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 00:33:46

Edited by Daniel Q., 26 January 2008 - 06:55 PM.

  • 0

#10
Daniel Q.

Daniel Q.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:24 PM, on 1/26/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {64d68aeb-049b-d599-03e4-9134fb7112e2} - {2e2117bf-4319-4e30-995d-b940bea86d46} - C:\WINDOWS\System32\xpikronn.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\System32\drvpov.dll,startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus
O4 - HKLM\..\Run: [381625df] rundll32.exe "C:\WINDOWS\System32\ldecenvx.dll",b
O4 - HKLM\..\RunOnce: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus /ro
O4 - HKLM\..\RunOnce: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201357860359
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4232 bytes
  • 0

Advertisements


#11
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Hi, Daniel Q. :)
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
File::C:\WINDOWS\000001_.tmpC:\WINDOWS\system32\xvnecedl.iniC:\WINDOWS\system32\awqntplt.iniC:\WINDOWS\system32\nvciskss.iniC:\sqmdata12.sqmC:\sqmnoopt12.sqmC:\sqmdata11.sqmC:\sqmnoopt11.sqmC:\sqmdata10.sqmC:\sqmnoopt10.sqmC:\sqmdata09.sqmC:\sqmnoopt09.sqmC:\sqmdata08.sqmC:\sqmnoopt08.sqmC:\sqmdata07.sqmC:\sqmnoopt07.sqmC:\sqmdata06.sqmC:\sqmnoopt06.sqmC:\sqmdata05.sqmC:\sqmnoopt05.sqmC:\sqmdata04.sqmC:\sqmnoopt04.sqmC:\sqmdata03.sqmC:\sqmnoopt03.sqmC:\sqmnoopt02.sqmC:\sqmdata02.sqmC:\sqmdata01.sqmC:\sqmnoopt01.sqmC:\sqmdata00.sqmC:\sqmnoopt00.sqmC:\WINDOWS\System32\xpikronn.dllC:\WINDOWS\System32\drvpov.dllC:\WINDOWS\System32\ldecenvx.dllRenV::C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exeC:\Program Files\Creative\SBLive\Diagnostics\diagent .exeC:\Program Files\DAEMON Tools Lite\daemon .exeC:\Program Files\Java\jre1.6.0_03\bin\jusched .exeC:\Program Files\Steam\Steam .exeC:\WINDOWS\UpdReg .EXERegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e2117bf-4319-4e30-995d-b940bea86d46}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSDrive"=-"381625df"=-

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Lets check for remnants:

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information along with a Hijackthis log in your next post.

  • 0

#12
Daniel Q.

Daniel Q.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 08-01-23.1C - Daniel 2008-01-26 22:40:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.356 [GMT -5:00]
Running from: C:\Documents and Settings\Daniel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Daniel\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\WINDOWS\000001_.tmp
C:\WINDOWS\system32\awqntplt.ini
C:\WINDOWS\System32\drvpov.dll
C:\WINDOWS\System32\ldecenvx.dll
C:\WINDOWS\system32\nvciskss.ini
C:\WINDOWS\System32\xpikronn.dll
C:\WINDOWS\system32\xvnecedl.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\WINDOWS\000001_.tmp
C:\WINDOWS\system32\awqntplt.ini
C:\WINDOWS\System32\drvpov.dll
C:\WINDOWS\system32\nvciskss.ini
C:\WINDOWS\system32\xvnecedl.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-26 19:50 . 2008-01-26 19:50 <DIR> d--h-c--- C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$
2008-01-26 19:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 18:54 . 2008-01-26 18:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-26 18:54 . 2008-01-26 18:54 <DIR> d-------- C:\WINDOWS\ehome
2008-01-26 18:49 . 2005-10-20 17:33 991,232 --a------ C:\WINDOWS\system32\esent.dll
2008-01-26 18:42 . 2008-01-26 19:16 <DIR> d-------- C:\VundoFix Backups
2008-01-26 09:32 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-01-26 09:32 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-01-26 09:32 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-01-26 09:32 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-01-26 09:32 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-26 09:32 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-01-26 09:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-26 09:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-26 09:32 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-26 09:28 . 2008-01-26 09:29 <DIR> d-------- C:\WINDOWS\Windows Update Setup Files
2008-01-26 09:28 . 2008-01-26 09:29 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-22 10:14 . 2008-01-22 10:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-22 09:19 . 2008-01-22 09:19 <DIR> d-------- C:\Program Files\Acceleration Software
2008-01-22 09:18 . 2008-01-22 09:18 <DIR> d-------- C:\Program Files\eAcceleration
2008-01-22 09:18 . 2008-01-22 09:19 <DIR> d-------- C:\Program Files\Common Files\eAcceleration
2008-01-21 18:52 . 2008-01-22 08:48 90,112 --a------ C:\WINDOWS\UpdReg.EXE
2008-01-16 14:31 . 2008-01-18 17:30 <DIR> d-------- C:\Program Files\Opera
2008-01-10 18:24 . 2006-03-07 13:27 507,904 --a--c--- C:\WINDOWS\system32\dllcache\msado15.dll
2008-01-10 18:23 . 2008-01-10 18:23 126,976 --a------ C:\WINDOWS\system32\odbcconf.dll
2008-01-10 18:23 . 2008-01-10 18:23 126,976 --a--c--- C:\WINDOWS\system32\dllcache\odbcconf.dll
2008-01-10 18:23 . 2008-01-10 18:23 69,632 --a------ C:\WINDOWS\system32\odbcconf.exe
2008-01-10 18:23 . 2008-01-10 18:23 69,632 --a--c--- C:\WINDOWS\system32\dllcache\odbcconf.exe
2008-01-10 18:23 . 2008-01-10 18:23 253 --a------ C:\WINDOWS\system32\mdaccore.rsp
2008-01-10 18:23 . 2008-01-10 18:23 181 --a------ C:\WINDOWS\system32\sqlclnt.rsp
2008-01-10 18:23 . 2008-01-10 18:23 28 --a------ C:\WINDOWS\system32\redist.rsp
2008-01-10 16:52 . 2008-01-26 22:40 <DIR> d-------- C:\Program Files\Steam
2008-01-10 16:29 . 2008-01-10 16:29 <DIR> d-------- C:\Program Files\Ideazon
2008-01-10 16:29 . 2005-05-02 15:41 49,152 --a------ C:\WINDOWS\system32\ZboardConfig.cpl
2008-01-10 16:29 . 2003-09-03 07:14 49,152 --a------ C:\WINDOWS\system32\Winlognotif.dll
2008-01-10 16:28 . 2002-08-29 02:06 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-01-10 16:28 . 2002-08-29 02:06 51,072 --a--c--- C:\WINDOWS\system32\dllcache\i8042prt.sys
2008-01-10 16:28 . 2005-09-22 01:22 30,976 -ra------ C:\WINDOWS\system32\drivers\OmniDrv.sys
2008-01-10 16:28 . 2005-09-22 01:22 28,800 -ra------ C:\WINDOWS\system32\drivers\OmniUsb.sys
2008-01-10 16:28 . 2002-08-29 01:27 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-01-10 16:28 . 2002-08-29 01:27 23,424 --a--c--- C:\WINDOWS\system32\dllcache\kbdclass.sys
2008-01-10 16:28 . 2001-08-17 13:48 13,952 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-10 16:28 . 2001-08-17 13:48 13,952 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-10 16:28 . 2005-09-22 01:22 9,696 -ra------ C:\WINDOWS\system32\drivers\OmniUsbl.sys
2008-01-10 16:02 . 2002-08-29 03:40 20,480 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-10 16:02 . 2002-08-29 03:40 20,480 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-10 16:01 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-10 16:01 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-07 19:16 . 2008-01-07 19:16 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-07 19:16 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-01-07 19:16 . 2008-01-10 18:25 453 --a------ C:\WINDOWS\ODBC.INI
2008-01-07 19:15 . 2008-01-07 19:15 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-07 19:12 . 2008-01-07 19:12 <DIR> dr-h----- C:\MSOCache
2008-01-07 19:08 . 2008-01-07 19:08 <DIR> d-------- C:\Program Files\MagicISO
2008-01-07 19:06 . 2008-01-26 22:40 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-07 19:03 . 2008-01-07 19:03 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-06 10:08 . 2008-01-06 10:08 <DIR> d-------- C:\WINDOWS\Sun
2008-01-01 10:51 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-01 10:50 . 2008-01-01 10:51 <DIR> d-------- C:\Program Files\Java
2008-01-01 10:50 . 2008-01-01 10:50 <DIR> d-------- C:\Program Files\Common Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 00:30 --------- d-----w C:\Program Files\MSN Messenger
2008-01-26 01:08 --------- d-----w C:\Program Files\World of Warcraft
2008-01-21 14:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-10 23:25 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-10 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 14:58 --------- d-----w C:\Program Files\DivX
2007-12-24 05:28 --------- d-----w C:\Program Files\Galactic Magnate
2007-12-19 06:37 --------- d-----w C:\Program Files\AutoIt3
2007-12-19 06:23 --------- d-----w C:\Program Files\AIM6
2007-12-19 06:22 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-18 21:21 --------- d-----w C:\Program Files\QuickTime
2007-12-18 21:21 --------- d-----w C:\Program Files\iTunes
2007-12-18 21:21 --------- d-----w C:\Program Files\iPod
2007-12-18 21:20 --------- d-----w C:\Program Files\Apple Software Update
2007-12-18 15:13 --------- d-----w C:\Program Files\WowEquip
2007-12-06 19:35 --------- d-----w C:\Program Files\BitLord
2007-12-04 02:50 --------- d-----w C:\Program Files\Ventrilo
2007-12-04 02:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-04 01:43 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-12-04 01:26 --------- d-----w C:\Program Files\Creative
2007-12-04 01:22 --------- d-----w C:\Program Files\ATI Technologies
2007-12-04 01:21 --------- d-----w C:\Program Files\Intel
2007-12-04 01:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-04 01:12 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-04 01:11 558,142 ----a-w C:\WINDOWS\java\Packages\O1ZJRHB1.ZIP
2007-12-04 01:11 155,995 ----a-w C:\WINDOWS\java\Packages\1R7FLF3F.ZIP
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
.

((((((((((((((((((((((((((((( [email protected]_19.33.26.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-02-20 22:39:04 73,728 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\dbnetlib.dll
+ 2003-02-20 22:39:44 28,672 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\dbnmpntw.dll
+ 2003-02-20 22:38:58 315,392 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msadce.dll
+ 2003-02-20 22:39:08 135,168 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msadco.dll
+ 2003-02-20 22:39:10 49,152 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msadcs.dll
+ 2003-02-20 22:39:00 147,456 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msadds.dll
+ 2003-02-20 22:39:00 512,000 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msado15.dll
+ 2003-02-20 22:39:16 163,840 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msadomd.dll
+ 2003-02-20 22:39:16 184,320 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msadox.dll
+ 2003-02-20 22:39:00 53,248 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msadrh15.dll
+ 2003-02-20 22:39:20 225,280 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msdaora.dll
+ 2003-02-20 22:39:00 192,512 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msdaprst.dll
+ 2003-02-20 22:39:00 143,360 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msdart.dll
+ 2003-02-20 22:39:00 303,104 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msdasql.dll
+ 2003-02-20 22:39:30 139,264 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msorcl32.dll
+ 2003-02-20 22:39:02 221,184 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\odbc32.dll
+ 2003-02-20 22:39:42 24,576 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\odbcbcp.dll
+ 2003-02-20 22:39:02 442,368 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\oledb32.dll
+ 2006-02-17 19:04:44 213,216 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\spuninst\spuninst.exe
+ 2006-03-07 18:27:42 1,843,712 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\spuninst\SQLSTPCustomDLL.dll
+ 2006-02-17 19:04:48 371,424 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\spuninst\updspapi.dll
+ 2003-02-20 22:39:06 503,808 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\sqloledb.dll
+ 2003-02-20 22:39:04 401,408 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\sqlsrv32.dll
+ 2003-02-20 21:28:06 204,800 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\sqlxmlx.dll
- 2008-01-10 23:28:40 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-01-27 00:54:37 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-01-10 23:28:44 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-01-27 00:54:47 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-01-10 23:28:45 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-01-27 00:54:48 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2008-01-10 23:28:45 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-01-27 00:54:49 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-01-10 23:28:43 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-01-27 00:54:44 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-01-10 23:28:38 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-01-27 00:54:34 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-01-10 23:28:38 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-01-27 00:54:34 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-01-10 23:28:47 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-01-27 00:54:55 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-01-10 23:28:41 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-01-27 00:54:40 5,029,888 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-01-10 23:28:40 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-01-27 00:54:37 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-01-10 23:28:38 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-01-27 00:54:34 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-01-10 23:28:39 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-01-27 00:54:35 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-01-10 23:28:44 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-01-27 00:54:46 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-01-10 23:28:44 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-01-27 00:54:46 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-01-10 23:28:44 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-01-27 00:54:47 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-01-10 23:28:39 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-01-27 00:54:36 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-01-10 23:28:40 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-01-27 00:54:36 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-01-10 23:28:40 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-01-27 00:54:36 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-01-10 23:28:40 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-01-27 00:54:36 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-01-10 23:28:39 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-01-27 00:54:35 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-01-10 23:28:49 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-01-27 00:54:57 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-01-10 23:28:48 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-01-27 00:54:56 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-01-10 23:28:38 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-01-27 00:54:33 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-01-10 23:28:48 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-01-27 00:54:56 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-01-10 23:28:49 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-01-27 00:54:57 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-01-10 23:28:38 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-01-27 00:54:34 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-01-10 23:28:38 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-01-27 00:54:34 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-01-10 23:28:38 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-01-27 00:54:34 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-01-10 23:28:46 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-01-27 00:54:52 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2008-01-10 23:28:40 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-01-27 00:54:37 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-01-10 23:28:46 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-01-27 00:54:52 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-01-10 23:28:45 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-01-27 00:54:50 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-01-10 23:28:39 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-01-27 00:54:35 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-01-10 23:28:43 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-01-27 00:54:45 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-01-10 23:28:41 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-01-27 00:54:38 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-01-10 23:28:41 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-01-27 00:54:37 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-01-10 23:28:41 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-01-27 00:54:38 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-01-10 23:28:47 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-01-27 00:54:54 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-01-10 23:28:46 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-01-27 00:54:50 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-01-10 23:28:47 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-01-27 00:54:54 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-01-10 23:28:46 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-01-27 00:54:51 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-01-10 23:28:46 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-01-27 00:54:52 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-01-10 23:28:40 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-01-27 00:54:37 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-01-10 23:28:41 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-01-27 00:54:38 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-01-10 23:28:48 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-01-27 00:54:55 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-01-10 23:28:42 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-01-27 00:54:40 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-01-10 23:28:42 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-01-27 00:54:41 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-01-10 23:28:42 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-01-27 00:54:42 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-01-10 23:28:43 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-01-27 00:54:43 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-01-10 23:28:46 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-01-27 00:54:53 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-01-27 00:50:38 10,723,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\7be9643857038046b56d405f6af6a3a2\System.Design.ni.dll
+ 2006-05-05 09:31:04 433,152 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2005-03-02 00:36:43 1,900,032 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 00:36:42 1,955,840 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:36:43 1,928,704 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 01:33:36 2,040,832 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-08-16 09:27:12 11,776 ----a-w C:\WINDOWS\Driver Cache\i386\tunmp.sys
- 2008-01-27 00:24:21 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-27 03:40:26 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-27 00:24:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-27 03:40:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-27 00:24:21 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-27 03:40:26 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-27 00:24:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-27 03:40:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-27 00:24:21 1,216,512 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-27 03:40:27 1,490,944 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-27 00:24:22 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-27 03:40:27 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2002-09-03 16:34:05 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-25 22:44:31 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2003-02-28 21:35:26 6,550 ----a-w C:\WINDOWS\jautoexp.dat
- 2005-09-23 12:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2006-04-14 11:08:30 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 12:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2006-09-12 22:10:46 23,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2005-09-23 12:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2006-09-12 22:11:12 5,029,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 12:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2006-09-12 22:10:46 300,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2002-09-03 16:27:02 50,688 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2005-04-22 05:20:24 51,712 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2002-09-03 16:34:02 742,400 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
+ 2004-03-30 01:34:15 741,376 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
+ 2003-02-28 23:26:30 46,352 ----a-w C:\WINDOWS\setdebug.exe
- 2002-09-03 16:26:42 59,392 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 12:14:23 95,232 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2002-09-03 16:27:43 51,200 ----a-w C:\WINDOWS\system32\authz.dll
+ 2005-03-02 18:20:03 53,760 ----a-w C:\WINDOWS\system32\authz.dll
- 2002-09-03 16:28:09 1,021,952 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2006-09-04 06:23:53 1,027,072 ----a-w C:\WINDOWS\system32\BROWSEUI.DLL
- 2002-09-03 16:28:22 215,040 ----a-w C:\WINDOWS\system32\catsrv.dll
+ 2005-07-26 04:30:34 220,672 ----a-w C:\WINDOWS\system32\catsrv.dll
- 2002-09-03 16:28:22 582,656 ----a-w C:\WINDOWS\system32\catsrvut.dll
+ 2005-07-26 04:30:38 581,632 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2002-09-03 16:28:24 142,336 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2004-12-07 23:43:02 143,360 ----a-w C:\WINDOWS\system32\CDFVIEW.DLL
- 2002-09-03 16:28:26 2,028,032 ----a-w C:\WINDOWS\system32\cdosys.dll
+ 2005-09-10 02:04:32 2,025,984 ----a-w C:\WINDOWS\system32\cdosys.dll
- 2002-09-03 16:28:49 64,512 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2006-06-22 05:19:48 64,512 ----a-w C:\WINDOWS\system32\ciodm.dll
- 2002-09-03 16:28:54 100,864 ----a-w C:\WINDOWS\system32\clbcatex.dll
+ 2005-07-26 04:30:38 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
- 2002-09-03 16:28:54 468,480 ----a-w C:\WINDOWS\system32\clbcatq.dll
+ 2005-07-26 04:30:41 497,152 ----a-w C:\WINDOWS\system32\clbcatq.dll
- 2002-09-03 16:28:59 49,182 ----a-w C:\WINDOWS\system32\clspack.exe
+ 2003-02-28 23:26:26 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
- 2002-09-03 16:29:07 56,832 ----a-w C:\WINDOWS\system32\colbact.dll
+ 2005-07-26 04:30:41 62,464 ----a-w C:\WINDOWS\system32\colbact.dll
- 2002-09-03 16:29:08 186,880 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
+ 2005-07-26 04:30:42 187,392 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
- 2002-09-03 16:29:09 557,056 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2006-08-25 15:53:55 561,664 ----a-w C:\WINDOWS\system32\comctl32.dll
- 2002-09-03 16:29:16 82,432 ----a-w C:\WINDOWS\system32\comrepl.dll
+ 2005-07-26 04:30:42 89,600 ----a-w C:\WINDOWS\system32\comrepl.dll
- 2002-09-03 16:29:19 1,172,992 ----a-w C:\WINDOWS\system32\comsvcs.dll
+ 2005-07-26 04:30:49 1,179,136 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2002-09-03 16:29:19 495,616 ----a-w C:\WINDOWS\system32\comuid.dll
+ 2005-07-26 04:31:11 499,200 ----a-w C:\WINDOWS\system32\comuid.dll
- 2008-01-27 00:31:18 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-27 02:23:09 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-27 00:31:18 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-27 02:23:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-27 00:31:18 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-27 02:23:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5

Edited by JSntgRvr, 27 January 2008 - 05:40 AM.

  • 0

#13
Daniel Q.

Daniel Q.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:04 AM, on 1/27/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus
O4 - HKLM\..\RunOnce: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro
O4 - HKLM\..\RunOnce: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201357860359
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4065 bytes
  • 0

#14
Daniel Q.

Daniel Q.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 27, 2008 12:18:27 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/01/2008
Kaspersky Anti-Virus database records: 533802
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 55035
Number of viruses found: 15
Number of infected objects: 26
Number of suspicious objects: 0
Duration of the scan process: 01:16:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\cdguezpd.default\cert8.db Object is locked skipped
C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\cdguezpd.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\cdguezpd.default\history.dat Object is locked skipped
C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\cdguezpd.default\key3.db Object is locked skipped
C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\cdguezpd.default\parent.lock Object is locked skipped
C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\cdguezpd.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\cdguezpd.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Daniel\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Daniel\Desktop\Adobe Photoshop CS2\crack.exe Infected: Trojan-Downloader.Win32.Murlo.ji skipped
C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\cdguezpd.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\cdguezpd.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\cdguezpd.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\cdguezpd.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Temp\fla16.tmp Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\DYTMJXAR\AntiVirusInstallFreeNM_en[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.an skipped
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\DYTMJXAR\tr[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\K9MB0DQF\apst377[1] Infected: not-a-virus:AdWare.Win32.SuperJuan.ez skipped
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\K9MB0DQF\gamadril20071203[1] Infected: Backdoor.Win32.Agent.dbm skipped
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\K9MB0DQF\hctp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.ede skipped
C:\Documents and Settings\Daniel\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Daniel\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Helper\Helper9.dll.vir Infected: Trojan-Downloader.Win32.BHO.cf skipped
C:\QooBox\Quarantine\C\Program Files\MSN Messenger\msnmsgr.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OinFP.exe.vir Infected: Trojan-Downloader.Win32.Agent.hjs skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drvpov.dll.vir Infected: Trojan.Win32.Dialer.yz skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkhff.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkhff.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nplbnipu.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir Infected: Trojan.Win32.Zapchast.dt skipped
C:\VundoFix Backups\iewcrkvu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\VundoFix Backups\jkhff.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\VundoFix Backups\jkhff.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\VundoFix Backups\keidvfqq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\VundoFix Backups\nplbnipu.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\sfepwkff.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\winjgf32.dll.bad Infected: Trojan.Win32.Dialer.yz skipped
C:\VundoFix Backups\xooupmlq.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\yayxvww.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9ACBE4A4-9FEF-4509-8B76-5B2EC8BDCE1B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
  • 0

#15
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Hi, Daniel Q. :)
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
File::C:\Documents and Settings\Daniel\Desktop\Adobe Photoshop CS2\crack.exeC:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\DYTMJXAR\AntiVirusInstallFreeNM_en[1].exeC:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\DYTMJXAR\tr[1]C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\K9MB0DQF\apst377[1]C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\K9MB0DQF\gamadril20071203[1]C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\K9MB0DQF\hctp[1]Folder::C:\VundoFix Backups

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log.

How is the computer doing?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP