Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help me [RESOLVED]

Started by ken65 , Jan 25 2008 11:03 PM

  • This topic is locked This topic is locked

#1
ken65
Posted 25 January 2008 - 11:03 PM

ken65

    Member

  • Member
  • PipPip
  • 32 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09, on 2008-01-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Photolightning\autodetect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\showme.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.canoe.ca/home.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL
O2 - BHO: (no name) - {FFF29BE4-24AC-4E31-B99B-45238B764111} - C:\WINDOWS\SYSTEM32\xxyabyy.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunServices: [system] HostLogin.exe
O4 - HKLM\..\RunServices: [Windows Updater] winExplore.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - http://eserv.sympati...adaPortalAX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: winwim32 - C:\WINDOWS\
O20 - Winlogon Notify: xxyabyy - C:\WINDOWS\
O20 - Winlogon Notify: zlwzqgad - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Ken\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11541 bytes

Edited by ken65, 25 January 2008 - 11:30 PM.

  • 0

Advertisements

#2
kahdah
Posted 26 January 2008 - 06:22 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello ken65


Welcome to G2Go. :)
===============
Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

  • 0

#3
ken65
Posted 26 January 2008 - 12:25 PM

ken65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi Thanks for your interest in helping me with this issue here are the logs you ask for
Thanks

Ken

SDFix: Version 1.131

Run by Ken on Sat 01/26/2008 at 09:00 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Ken\Desktop\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:



Could Not Remove C:\WINDOWS\system32\drivers\core.cache.dsk

Folder C:\Temp\tn3 - Removed


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\explorer.exe
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 09:09:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:24ff2151
"s2"=dword:4bf8f859
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:b3,7f,a8,60,f8,83,af,c5,68,e0,6a,ab,e4,23,29,19,1c,2a,5a,37,f2,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,49,0e,b1,01,d7,7d,e3,88,40,95,f9,c4,97,83,bb,46,..
"khjeh"=hex:eb,5d,2c,67,94,f2,8a,00,fa,3f,be,2c,80,09,b4,36,47,e2,30,9c,83,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f6,90,02,5c,36,b8,20,e3,f6,88,72,07,d1,8c,f8,02,58,de,9a,99,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:93,31,a6,27,03,e3,b1,5d,34,e0,44,a0,7e,ce,9d,8a,53,76,55,24,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:b3,7f,a8,60,f8,83,af,c5,68,e0,6a,ab,e4,23,29,19,1c,2a,5a,37,f2,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,49,0e,b1,01,d7,7d,e3,88,40,95,f9,c4,97,83,bb,46,..
"khjeh"=hex:eb,5d,2c,67,94,f2,8a,00,fa,3f,be,2c,80,09,b4,36,47,e2,30,9c,83,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f6,90,02,5c,36,b8,20,e3,f6,88,72,07,d1,8c,f8,02,58,de,9a,99,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:93,31,a6,27,03,e3,b1,5d,34,e0,44,a0,7e,ce,9d,8a,53,76,55,24,cd,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp .exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp .exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------
C:\WINDOWS\system32\drivers\core.cache.dsk Found

File Backups: - C:\DOCUME~1\Ken\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 2 Dec 2007 48 ..SH. --- "C:\WINDOWS\SAA2E47F7.tmp"
Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 13 Jun 2007 843,776 A.SHR --- "C:\WINDOWS\system32\slccma.exe"
Tue 18 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT4.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"
Wed 28 Feb 2007 1,977 ...HR --- "C:\Documents and Settings\Ken\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sat 29 Sep 2007 4,159 A.SH. --- "C:\Documents and Settings\Ken\Application Data\Roxio\Dragon\3.x\DiscInfoCache\PHILIPS_DVD+-RW_SDVD8820_AD18_000_DICV018_DRGV9010034.TMP"

Finished!





here the hjt file




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:18 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Photolightning\autodetect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\showme.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.canoe.ca/home.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {FFF29BE4-24AC-4E31-B99B-45238B764111} - C:\WINDOWS\SYSTEM32\xxyabyy.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - http://eserv.sympati...adaPortalAX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: winwim32 - C:\WINDOWS\
O20 - Winlogon Notify: xxyabyy - C:\WINDOWS\
O20 - Winlogon Notify: zlwzqgad - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Ken\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11332 bytes

Edited by ken65, 26 January 2008 - 12:27 PM.

  • 0

#4
kahdah
Posted 26 January 2008 - 12:53 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
ken65
Posted 26 January 2008 - 02:34 PM

ken65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi heres the combi fix log Below will be the hjt log
thanks
Ken

ComboFix 08-01-23.1C - Ken 2008-01-26 15:12:13.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.536 [GMT -5:00]
Running from: C:\Documents and Settings\Ken\Desktop\ComboFix(2).exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ken\My Documents\pos242.tmp
C:\Documents and Settings\Ken\My Documents\pos243.tmp
C:\Documents and Settings\Ken\My Documents\pos244.tmp
C:\Documents and Settings\Ken\My Documents\pos245.tmp
C:\Documents and Settings\Ken\My Documents\pos246.tmp
C:\Documents and Settings\Ken\My Documents\pos247.tmp
C:\Documents and Settings\Ken\My Documents\pos248.tmp
C:\Documents and Settings\Ken\My Documents\pos249.tmp
C:\Documents and Settings\Ken\My Documents\pos24A.tmp
C:\Documents and Settings\Ken\My Documents\pos24B.tmp
C:\Documents and Settings\Ken\My Documents\pos24C.tmp
C:\Documents and Settings\Ken\My Documents\pos24D.tmp
C:\Documents and Settings\Ken\My Documents\pos24E.tmp
C:\Documents and Settings\Ken\My Documents\pos24F.tmp
C:\Documents and Settings\Ken\My Documents\pos250.tmp
C:\Documents and Settings\Ken\My Documents\pos251.tmp
C:\Documents and Settings\Ken\My Documents\pos252.tmp
C:\Documents and Settings\Ken\My Documents\pos253.tmp
C:\Documents and Settings\Ken\My Documents\pos254.tmp
C:\Documents and Settings\Ken\My Documents\pos255.tmp
C:\Documents and Settings\Ken\My Documents\pos256.tmp
C:\Documents and Settings\Ken\My Documents\pos257.tmp
C:\Documents and Settings\Ken\My Documents\pos258.tmp
C:\Documents and Settings\Ken\My Documents\pos259.tmp
C:\Documents and Settings\Ken\My Documents\pos25A.tmp
C:\Documents and Settings\Ken\My Documents\pos25B.tmp
C:\Documents and Settings\Ken\My Documents\pos25C.tmp
C:\Documents and Settings\Ken\My Documents\pos25D.tmp
C:\Documents and Settings\Ken\My Documents\pos25E.tmp
C:\Documents and Settings\Ken\My Documents\pos25F.tmp
C:\Documents and Settings\Ken\My Documents\pos260.tmp
C:\Documents and Settings\Ken\My Documents\pos261.tmp
C:\Documents and Settings\Ken\My Documents\pos262.tmp
C:\Documents and Settings\Ken\My Documents\pos263.tmp
C:\Documents and Settings\Ken\My Documents\pos264.tmp
C:\Documents and Settings\Ken\My Documents\pos265.tmp
C:\Documents and Settings\Ken\My Documents\pos266.tmp
C:\Documents and Settings\Ken\My Documents\pos267.tmp
C:\Documents and Settings\Ken\My Documents\pos268.tmp
C:\Documents and Settings\Ken\My Documents\pos269.tmp
C:\Documents and Settings\Ken\My Documents\pos26A.tmp
C:\Documents and Settings\Ken\My Documents\pos26B.tmp
C:\Documents and Settings\Ken\My Documents\pos26C.tmp
C:\Documents and Settings\Ken\My Documents\pos26D.tmp
C:\Documents and Settings\Ken\My Documents\pos26E.tmp
C:\Documents and Settings\Ken\My Documents\pos26F.tmp
C:\Documents and Settings\Ken\My Documents\pos270.tmp
C:\Documents and Settings\Ken\My Documents\pos271.tmp
C:\Documents and Settings\Ken\My Documents\pos272.tmp
C:\Documents and Settings\Ken\My Documents\pos273.tmp
C:\Documents and Settings\Ken\My Documents\pos274.tmp
C:\Documents and Settings\Ken\My Documents\pos275.tmp
C:\Documents and Settings\Ken\My Documents\pos276.tmp
C:\Documents and Settings\Ken\My Documents\pos277.tmp
C:\Documents and Settings\Ken\My Documents\pos278.tmp
C:\Documents and Settings\Ken\My Documents\pos279.tmp
C:\Documents and Settings\Ken\My Documents\pos27A.tmp
C:\Documents and Settings\Ken\My Documents\pos27B.tmp
C:\Documents and Settings\Ken\My Documents\pos27C.tmp
C:\Documents and Settings\Ken\My Documents\pos27D.tmp
C:\Documents and Settings\Ken\My Documents\pos27E.tmp
C:\Documents and Settings\Ken\My Documents\pos27F.tmp
C:\Documents and Settings\Ken\My Documents\pos280.tmp
C:\Documents and Settings\Ken\My Documents\pos281.tmp
C:\Documents and Settings\Ken\My Documents\pos282.tmp
C:\Documents and Settings\Ken\My Documents\pos283.tmp
C:\Documents and Settings\Ken\My Documents\pos284.tmp
C:\Documents and Settings\Ken\My Documents\pos285.tmp
C:\Documents and Settings\Ken\My Documents\pos286.tmp
C:\Documents and Settings\Ken\My Documents\pos287.tmp
C:\Documents and Settings\Ken\My Documents\pos288.tmp
C:\Documents and Settings\Ken\My Documents\pos289.tmp
C:\Documents and Settings\Ken\My Documents\pos28A.tmp
C:\Documents and Settings\Ken\My Documents\pos28B.tmp
C:\Documents and Settings\Ken\My Documents\pos28C.tmp
C:\Documents and Settings\Ken\My Documents\pos28D.tmp
C:\Documents and Settings\Ken\My Documents\pos28E.tmp
C:\Documents and Settings\Ken\My Documents\pos28F.tmp
C:\Documents and Settings\Ken\My Documents\pos290.tmp
C:\Documents and Settings\Ken\My Documents\pos291.tmp
C:\Documents and Settings\Ken\My Documents\pos292.tmp
C:\Documents and Settings\Ken\My Documents\pos293.tmp
C:\Documents and Settings\Ken\My Documents\pos294.tmp
C:\Documents and Settings\Ken\My Documents\pos295.tmp
C:\Documents and Settings\Ken\My Documents\pos296.tmp
C:\Documents and Settings\Ken\My Documents\pos297.tmp
C:\Documents and Settings\Ken\My Documents\pos298.tmp
C:\Documents and Settings\Ken\My Documents\pos299.tmp
C:\Documents and Settings\Ken\My Documents\pos29A.tmp
C:\Documents and Settings\Ken\My Documents\pos29B.tmp
C:\Documents and Settings\Ken\My Documents\pos29C.tmp
C:\Documents and Settings\Ken\My Documents\pos29D.tmp
C:\Documents and Settings\Ken\My Documents\pos29E.tmp
C:\Documents and Settings\Ken\My Documents\pos29F.tmp
C:\Documents and Settings\Ken\My Documents\pos2A0.tmp
C:\Documents and Settings\Ken\My Documents\pos2A1.tmp
C:\Documents and Settings\Ken\My Documents\pos2A2.tmp
C:\Documents and Settings\Ken\My Documents\pos2A3.tmp
C:\Documents and Settings\Ken\My Documents\pos2A4.tmp
C:\Documents and Settings\Ken\My Documents\pos2A5.tmp
C:\Documents and Settings\Ken\My Documents\pos2A6.tmp
C:\Documents and Settings\Ken\My Documents\pos2A7.tmp
C:\Documents and Settings\Ken\My Documents\pos2A8.tmp
C:\Documents and Settings\Ken\My Documents\pos2A9.tmp
C:\Documents and Settings\Ken\My Documents\pos2AA.tmp
C:\Documents and Settings\Ken\My Documents\pos2AB.tmp
C:\Documents and Settings\Ken\My Documents\pos2AC.tmp
C:\Documents and Settings\Ken\My Documents\pos2AD.tmp
C:\Documents and Settings\Ken\My Documents\pos2AE.tmp
C:\Documents and Settings\Ken\My Documents\pos2AF.tmp
C:\Documents and Settings\Ken\My Documents\pos2B0.tmp
C:\Documents and Settings\Ken\My Documents\pos2B1.tmp
C:\Documents and Settings\Ken\My Documents\pos2B2.tmp
C:\Documents and Settings\Ken\My Documents\pos2B3.tmp
C:\Documents and Settings\Ken\My Documents\pos2B4.tmp
C:\Documents and Settings\Ken\My Documents\pos2B5.tmp
C:\Documents and Settings\Ken\My Documents\pos2B6.tmp
C:\Documents and Settings\Ken\My Documents\pos2B7.tmp
C:\Documents and Settings\Ken\My Documents\pos2B8.tmp
C:\Documents and Settings\Ken\My Documents\pos2B9.tmp
C:\Documents and Settings\Ken\My Documents\pos2BA.tmp
C:\Documents and Settings\Ken\My Documents\pos2BB.tmp
C:\Documents and Settings\Ken\My Documents\pos2BC.tmp
C:\Documents and Settings\Ken\My Documents\pos2BD.tmp
C:\Documents and Settings\Ken\My Documents\pos2BE.tmp
C:\Documents and Settings\Ken\My Documents\pos2BF.tmp
C:\Documents and Settings\Ken\My Documents\pos2C0.tmp
C:\Documents and Settings\Ken\My Documents\pos2C1.tmp
C:\Documents and Settings\Ken\My Documents\pos2C2.tmp
C:\Documents and Settings\Ken\My Documents\pos2C3.tmp
C:\Documents and Settings\Ken\My Documents\pos2C4.tmp
C:\Documents and Settings\Ken\My Documents\pos2C5.tmp
C:\Documents and Settings\Ken\My Documents\pos2C6.tmp
C:\Documents and Settings\Ken\My Documents\pos2C7.tmp
C:\Documents and Settings\Ken\My Documents\pos2C8.tmp
C:\Documents and Settings\Ken\My Documents\pos2C9.tmp
C:\Documents and Settings\Ken\My Documents\pos2CA.tmp
C:\Documents and Settings\Ken\My Documents\pos2CB.tmp
C:\Documents and Settings\Ken\My Documents\pos2CC.tmp
C:\Documents and Settings\Ken\My Documents\pos2CD.tmp
C:\Documents and Settings\Ken\My Documents\pos2CE.tmp
C:\Documents and Settings\Ken\My Documents\pos2CF.tmp
C:\Documents and Settings\Ken\My Documents\pos2D0.tmp
C:\Documents and Settings\Ken\My Documents\pos2D1.tmp
C:\Documents and Settings\Ken\My Documents\pos2D2.tmp
C:\Documents and Settings\Ken\My Documents\pos2D3.tmp
C:\Documents and Settings\Ken\My Documents\pos2D4.tmp
C:\Documents and Settings\Ken\My Documents\pos2D5.tmp
C:\Documents and Settings\Ken\My Documents\pos2D6.tmp
C:\Documents and Settings\Ken\My Documents\pos2D7.tmp
C:\Documents and Settings\Ken\My Documents\pos2D8.tmp
C:\Documents and Settings\Ken\My Documents\pos2D9.tmp
C:\Documents and Settings\Ken\My Documents\pos2DA.tmp
C:\Documents and Settings\Ken\My Documents\pos2DB.tmp
C:\Documents and Settings\Ken\My Documents\pos2DC.tmp
C:\Documents and Settings\Ken\My Documents\pos2DD.tmp
C:\Documents and Settings\Ken\My Documents\pos2DE.tmp
C:\Documents and Settings\Ken\My Documents\pos2DF.tmp
C:\Documents and Settings\Ken\My Documents\pos2E0.tmp
C:\Documents and Settings\Ken\My Documents\pos2E1.tmp
C:\Documents and Settings\Ken\My Documents\pos2E2.tmp
C:\Documents and Settings\Ken\My Documents\pos2E3.tmp
C:\Documents and Settings\Ken\My Documents\pos2E4.tmp
C:\Documents and Settings\Ken\My Documents\pos2E5.tmp
C:\Documents and Settings\Ken\My Documents\pos2E6.tmp
C:\Documents and Settings\Ken\My Documents\pos2E7.tmp
C:\Documents and Settings\Ken\My Documents\pos2E8.tmp
C:\Documents and Settings\Ken\My Documents\pos2E9.tmp
C:\Documents and Settings\Ken\My Documents\pos2EA.tmp
C:\Documents and Settings\Ken\My Documents\pos2EB.tmp
C:\Documents and Settings\Ken\My Documents\pos2EC.tmp
C:\Documents and Settings\Ken\My Documents\pos2ED.tmp
C:\Documents and Settings\Ken\My Documents\pos2EE.tmp
C:\Documents and Settings\Ken\My Documents\pos2EF.tmp
C:\Documents and Settings\Ken\My Documents\pos2F0.tmp
C:\Documents and Settings\Ken\My Documents\pos2F1.tmp
C:\Documents and Settings\Ken\My Documents\pos2F2.tmp
C:\Documents and Settings\Ken\My Documents\pos2F3.tmp
C:\Documents and Settings\Ken\My Documents\pos2F4.tmp
C:\Documents and Settings\Ken\My Documents\pos2F5.tmp
C:\Documents and Settings\Ken\My Documents\pos2F6.tmp
C:\Documents and Settings\Ken\My Documents\pos2F7.tmp
C:\Documents and Settings\Ken\My Documents\pos2F8.tmp
C:\Documents and Settings\Ken\My Documents\pos2F9.tmp
C:\Documents and Settings\Ken\My Documents\pos2FA.tmp
C:\Documents and Settings\Ken\My Documents\pos2FB.tmp
C:\Documents and Settings\Ken\My Documents\pos2FC.tmp
C:\Documents and Settings\Ken\My Documents\pos2FD.tmp
C:\Documents and Settings\Ken\My Documents\pos2FE.tmp
C:\Documents and Settings\Ken\My Documents\pos2FF.tmp
C:\Documents and Settings\Ken\My Documents\pos300.tmp
C:\Documents and Settings\Ken\My Documents\pos301.tmp
C:\Documents and Settings\Ken\My Documents\pos302.tmp
C:\Documents and Settings\Ken\My Documents\pos303.tmp
C:\Documents and Settings\Ken\My Documents\pos304.tmp
C:\Documents and Settings\Ken\My Documents\pos305.tmp
C:\Documents and Settings\Ken\My Documents\pos306.tmp
C:\Documents and Settings\Ken\My Documents\pos307.tmp
C:\Documents and Settings\Ken\My Documents\pos308.tmp
C:\Documents and Settings\Ken\My Documents\pos309.tmp
C:\Documents and Settings\Ken\My Documents\pos30A.tmp
C:\Documents and Settings\Ken\My Documents\pos30B.tmp
C:\Documents and Settings\Ken\My Documents\pos30C.tmp
C:\Documents and Settings\Ken\My Documents\pos30D.tmp
C:\Documents and Settings\Ken\My Documents\pos30E.tmp
C:\Documents and Settings\Ken\My Documents\pos30F.tmp
C:\Documents and Settings\Ken\My Documents\pos310.tmp
C:\Documents and Settings\Ken\My Documents\pos311.tmp
C:\Documents and Settings\Ken\My Documents\pos312.tmp
C:\Documents and Settings\Ken\My Documents\pos313.tmp
C:\Documents and Settings\Ken\My Documents\pos314.tmp
C:\Documents and Settings\Ken\My Documents\pos315.tmp
C:\Documents and Settings\Ken\My Documents\pos316.tmp
C:\Documents and Settings\Ken\My Documents\pos317.tmp
C:\Documents and Settings\Ken\My Documents\pos318.tmp
C:\Documents and Settings\Ken\My Documents\pos319.tmp
C:\Documents and Settings\Ken\My Documents\pos31A.tmp
C:\Documents and Settings\Ken\My Documents\pos31B.tmp
C:\Documents and Settings\Ken\My Documents\pos31C.tmp
C:\Documents and Settings\Ken\My Documents\pos31D.tmp
C:\Documents and Settings\Ken\My Documents\pos31E.tmp
C:\Documents and Settings\Ken\My Documents\pos31F.tmp
C:\Documents and Settings\Ken\My Documents\pos320.tmp
C:\Documents and Settings\Ken\My Documents\pos321.tmp
C:\Documents and Settings\Ken\My Documents\pos322.tmp
C:\Documents and Settings\Ken\My Documents\pos323.tmp
C:\Documents and Settings\Ken\My Documents\pos324.tmp
C:\Documents and Settings\Ken\My Documents\pos325.tmp
C:\Documents and Settings\Ken\My Documents\pos326.tmp
C:\Documents and Settings\Ken\My Documents\pos327.tmp
C:\Documents and Settings\Ken\My Documents\pos328.tmp
C:\Documents and Settings\Ken\My Documents\pos329.tmp
C:\Documents and Settings\Ken\My Documents\pos32A.tmp
C:\Documents and Settings\Ken\My Documents\pos32B.tmp
C:\Documents and Settings\Ken\My Documents\pos32C.tmp
C:\Documents and Settings\Ken\My Documents\pos32D.tmp
C:\Documents and Settings\Ken\My Documents\pos32E.tmp
C:\Documents and Settings\Ken\My Documents\pos32F.tmp
C:\Documents and Settings\Ken\My Documents\pos330.tmp
C:\Documents and Settings\Ken\My Documents\pos331.tmp
C:\Documents and Settings\Ken\My Documents\pos332.tmp
C:\Documents and Settings\Ken\My Documents\pos333.tmp
C:\Documents and Settings\Ken\My Documents\pos334.tmp
C:\Documents and Settings\Ken\My Documents\pos335.tmp
C:\Documents and Settings\Ken\My Documents\pos336.tmp
C:\Documents and Settings\Ken\My Documents\pos337.tmp
C:\Documents and Settings\Ken\My Documents\pos338.tmp
C:\Documents and Settings\Ken\My Documents\pos339.tmp
C:\Documents and Settings\Ken\My Documents\pos33A.tmp
C:\Documents and Settings\Ken\My Documents\pos33B.tmp
C:\Documents and Settings\Ken\My Documents\pos33C.tmp
C:\Documents and Settings\Ken\My Documents\pos33D.tmp
C:\Documents and Settings\Ken\My Documents\pos33E.tmp
C:\Documents and Settings\Ken\My Documents\pos33F.tmp
C:\Documents and Settings\Ken\My Documents\pos340.tmp
C:\Documents and Settings\Ken\My Documents\pos341.tmp
C:\Documents and Settings\Ken\My Documents\pos342.tmp
C:\Documents and Settings\Ken\My Documents\pos343.tmp
C:\Documents and Settings\Ken\My Documents\pos344.tmp
C:\Documents and Settings\Ken\My Documents\pos345.tmp
C:\Documents and Settings\Ken\My Documents\pos346.tmp
C:\Documents and Settings\Ken\My Documents\pos347.tmp
C:\Documents and Settings\Ken\My Documents\pos348.tmp
C:\Documents and Settings\Ken\My Documents\pos349.tmp
C:\Documents and Settings\Ken\My Documents\pos34A.tmp
C:\Documents and Settings\Ken\My Documents\pos34B.tmp
C:\Documents and Settings\Ken\My Documents\pos34C.tmp
C:\Documents and Settings\Ken\My Documents\pos34D.tmp
C:\Documents and Settings\Ken\My Documents\pos34E.tmp
C:\Documents and Settings\Ken\My Documents\pos34F.tmp
C:\Documents and Settings\Ken\My Documents\pos350.tmp
C:\Documents and Settings\Ken\My Documents\pos351.tmp
C:\Documents and Settings\Ken\My Documents\pos352.tmp
C:\Documents and Settings\Ken\My Documents\pos353.tmp
C:\Documents and Settings\Ken\My Documents\pos354.tmp
C:\Documents and Settings\Ken\My Documents\pos355.tmp
C:\Documents and Settings\Ken\My Documents\pos356.tmp
C:\Documents and Settings\Ken\My Documents\pos357.tmp
C:\Documents and Settings\Ken\My Documents\pos358.tmp
C:\Documents and Settings\Ken\My Documents\pos359.tmp
C:\Documents and Settings\Ken\My Documents\pos35A.tmp
C:\Documents and Settings\Ken\My Documents\pos35B.tmp
C:\Documents and Settings\Ken\My Documents\pos35C.tmp
C:\Documents and Settings\Ken\My Documents\pos35D.tmp
C:\Documents and Settings\Ken\My Documents\pos35E.tmp
C:\Documents and Settings\Ken\My Documents\pos35F.tmp
C:\Documents and Settings\Ken\My Documents\pos360.tmp
C:\Documents and Settings\Ken\My Documents\pos361.tmp
C:\Documents and Settings\Ken\My Documents\pos362.tmp
C:\Documents and Settings\Ken\My Documents\pos363.tmp
C:\Documents and Settings\Ken\My Documents\pos364.tmp
C:\Documents and Settings\Ken\My Documents\pos365.tmp
C:\Documents and Settings\Ken\My Documents\pos366.tmp
C:\Documents and Settings\Ken\My Documents\pos367.tmp
C:\Documents and Settings\Ken\My Documents\pos368.tmp
C:\Documents and Settings\Ken\My Documents\pos369.tmp
C:\Documents and Settings\Ken\My Documents\pos36A.tmp
C:\Documents and Settings\Ken\My Documents\pos36B.tmp
C:\Documents and Settings\Ken\My Documents\pos36C.tmp
C:\Documents and Settings\Ken\My Documents\pos36D.tmp
C:\Documents and Settings\Ken\My Documents\pos36E.tmp
C:\Documents and Settings\Ken\My Documents\pos36F.tmp
C:\Documents and Settings\Ken\My Documents\pos370.tmp
C:\Documents and Settings\Ken\My Documents\pos371.tmp
C:\Documents and Settings\Ken\My Documents\pos372.tmp
C:\Documents and Settings\Ken\My Documents\pos373.tmp
C:\Documents and Settings\Ken\My Documents\pos374.tmp
C:\Documents and Settings\Ken\My Documents\pos375.tmp
C:\Documents and Settings\Ken\My Documents\pos376.tmp
C:\Documents and Settings\Ken\My Documents\pos377.tmp
C:\Documents and Settings\Ken\My Documents\pos378.tmp
C:\Documents and Settings\Ken\My Documents\pos379.tmp
C:\Documents and Settings\Ken\My Documents\pos37A.tmp
C:\Documents and Settings\Ken\My Documents\pos37B.tmp
C:\Documents and Settings\Ken\My Documents\pos37C.tmp
C:\Documents and Settings\Ken\My Documents\pos37D.tmp
C:\Documents and Settings\Ken\My Documents\pos37E.tmp
C:\Documents and Settings\Ken\My Documents\pos37F.tmp
C:\Documents and Settings\Ken\My Documents\pos380.tmp
C:\Documents and Settings\Ken\My Documents\pos381.tmp
C:\Documents and Settings\Ken\My Documents\pos382.tmp
C:\Documents and Settings\Ken\My Documents\pos383.tmp
C:\Documents and Settings\Ken\My Documents\pos384.tmp
C:\Documents and Settings\Ken\My Documents\pos385.tmp
C:\Documents and Settings\Ken\My Documents\pos386.tmp
C:\Documents and Settings\Ken\My Documents\pos387.tmp
C:\Documents and Settings\Ken\My Documents\pos388.tmp
C:\Documents and Settings\Ken\My Documents\pos389.tmp
C:\Documents and Settings\Ken\My Documents\pos38A.tmp
C:\Documents and Settings\Ken\My Documents\pos38B.tmp
C:\Documents and Settings\Ken\My Documents\pos38C.tmp
C:\Documents and Settings\Ken\My Documents\pos38D.tmp
C:\Documents and Settings\Ken\My Documents\pos38E.tmp
C:\Documents and Settings\Ken\My Documents\pos38F.tmp
C:\Documents and Settings\Ken\My Documents\pos390.tmp
C:\Documents and Settings\Ken\My Documents\pos391.tmp
C:\Documents and Settings\Ken\My Documents\pos392.tmp
C:\Documents and Settings\Ken\My Documents\pos393.tmp
C:\Documents and Settings\Ken\My Documents\pos394.tmp
C:\Documents and Settings\Ken\My Documents\pos395.tmp
C:\Documents and Settings\Ken\My Documents\pos396.tmp
C:\Documents and Settings\Ken\My Documents\pos397.tmp
C:\Documents and Settings\Ken\My Documents\pos398.tmp
C:\Documents and Settings\Ken\My Documents\pos399.tmp
C:\Documents and Settings\Ken\My Documents\pos39A.tmp
C:\Documents and Settings\Ken\My Documents\pos39B.tmp
C:\Documents and Settings\Ken\My Documents\pos39C.tmp
C:\Documents and Settings\Ken\My Documents\pos39D.tmp
C:\Documents and Settings\Ken\My Documents\pos39E.tmp
C:\Documents and Settings\Ken\My Documents\pos39F.tmp
C:\Documents and Settings\Ken\My Documents\pos3A0.tmp
C:\Documents and Settings\Ken\My Documents\pos3A1.tmp
C:\Documents and Settings\Ken\My Documents\pos3A2.tmp
C:\Documents and Settings\Ken\My Documents\pos3A3.tmp
C:\Documents and Settings\Ken\My Documents\pos3A4.tmp
C:\Documents and Settings\Ken\My Documents\pos3A5.tmp
C:\Documents and Settings\Ken\My Documents\pos3A6.tmp
C:\Documents and Settings\Ken\My Documents\pos3A7.tmp
C:\Documents and Settings\Ken\My Documents\pos3A8.tmp
C:\Documents and Settings\Ken\My Documents\pos3A9.tmp
C:\Documents and Settings\Ken\My Documents\pos3AA.tmp
C:\Documents and Settings\Ken\My Documents\pos3AB.tmp
C:\Documents and Settings\Ken\My Documents\pos3AC.tmp
C:\Documents and Settings\Ken\My Documents\pos3AD.tmp
C:\Documents and Settings\Ken\My Documents\pos3AE.tmp
C:\Documents and Settings\Ken\My Documents\pos3AF.tmp
C:\Documents and Settings\Ken\My Documents\pos3B0.tmp
C:\Documents and Settings\Ken\My Documents\pos3B1.tmp
C:\Documents and Settings\Ken\My Documents\pos3B2.tmp
C:\Documents and Settings\Ken\My Documents\pos3B3.tmp
C:\Documents and Settings\Ken\My Documents\pos3B4.tmp
C:\Documents and Settings\Ken\My Documents\pos3B5.tmp
C:\Documents and Settings\Ken\My Documents\pos3B6.tmp
C:\Documents and Settings\Ken\My Documents\pos3B7.tmp
C:\Documents and Settings\Ken\My Documents\pos3B8.tmp
C:\Documents and Settings\Ken\My Documents\pos3B9.tmp
C:\Documents and Settings\Ken\My Documents\pos3BA.tmp
C:\Documents and Settings\Ken\My Documents\pos3BB.tmp
C:\Documents and Settings\Ken\My Documents\pos3BC.tmp
C:\Documents and Settings\Ken\My Documents\pos3BD.tmp
C:\Documents and Settings\Ken\My Documents\pos3BE.tmp
C:\Documents and Settings\Ken\My Documents\pos3BF.tmp
C:\Documents and Settings\Ken\My Documents\pos3C0.tmp
C:\Documents and Settings\Ken\My Documents\pos3C1.tmp
C:\Documents and Settings\Ken\My Documents\pos3C2.tmp
C:\Documents and Settings\Ken\My Documents\pos3C3.tmp
C:\Documents and Settings\Ken\My Documents\pos3C4.tmp
C:\Documents and Settings\Ken\My Documents\pos3C5.tmp
C:\Documents and Settings\Ken\My Documents\pos3C6.tmp
C:\Documents and Settings\Ken\My Documents\pos3C7.tmp
C:\Documents and Settings\Ken\My Documents\pos3C8.tmp
C:\Documents and Settings\Ken\My Documents\pos3C9.tmp
C:\Documents and Settings\Ken\My Documents\pos3CA.tmp
C:\Documents and Settings\Ken\My Documents\pos3CB.tmp
C:\Documents and Settings\Ken\My Documents\pos3CC.tmp
C:\Documents and Settings\Ken\My Documents\pos3CD.tmp
C:\Documents and Settings\Ken\My Documents\pos3CE.tmp
C:\Documents and Settings\Ken\My Documents\pos3CF.tmp
C:\Documents and Settings\Ken\My Documents\pos3D0.tmp
C:\Documents and Settings\Ken\My Documents\pos3D1.tmp
C:\Documents and Settings\Ken\My Documents\pos3D2.tmp
C:\Documents and Settings\Ken\My Documents\pos3D3.tmp
C:\Documents and Settings\Ken\My Documents\pos3D4.tmp
C:\Documents and Settings\Ken\My Documents\pos3D5.tmp
C:\Documents and Settings\Ken\My Documents\pos3D6.tmp
C:\Documents and Settings\Ken\My Documents\pos3D7.tmp
C:\Documents and Settings\Ken\My Documents\pos3D8.tmp
C:\Documents and Settings\Ken\My Documents\pos3D9.tmp
C:\Documents and Settings\Ken\My Documents\pos3DA.tmp
C:\Documents and Settings\Ken\My Documents\pos3DB.tmp
C:\Documents and Settings\Ken\My Documents\pos3DC.tmp
C:\Documents and Settings\Ken\My Documents\pos3DD.tmp
C:\Documents and Settings\Ken\My Documents\pos3DE.tmp
C:\Documents and Settings\Ken\My Documents\pos3DF.tmp
C:\Documents and Settings\Ken\My Documents\pos3E0.tmp
C:\Documents and Settings\Ken\My Documents\pos3E1.tmp
C:\Documents and Settings\Ken\My Documents\pos3E2.tmp
C:\Documents and Settings\Ken\My Documents\pos3E3.tmp
C:\Documents and Settings\Ken\My Documents\pos3E4.tmp
C:\Documents and Settings\Ken\My Documents\pos3E5.tmp
C:\Documents and Settings\Ken\My Documents\pos3E6.tmp
C:\Documents and Settings\Ken\My Documents\pos3E7.tmp
C:\Documents and Settings\Ken\My Documents\pos3E8.tmp
C:\Documents and Settings\Ken\My Documents\pos3E9.tmp
C:\Documents and Settings\Ken\My Documents\pos3EA.tmp
C:\Documents and Settings\Ken\My Documents\pos3EB.tmp
C:\Documents and Settings\Ken\My Documents\pos3EC.tmp
C:\Documents and Settings\Ken\My Documents\pos3ED.tmp
C:\Documents and Settings\Ken\My Documents\pos3EE.tmp
C:\Documents and Settings\Ken\My Documents\pos3EF.tmp
C:\Documents and Settings\Ken\My Documents\pos3F0.tmp
C:\Documents and Settings\Ken\My Documents\pos3F1.tmp
C:\Documents and Settings\Ken\My Documents\pos3F2.tmp
C:\Documents and Settings\Ken\My Documents\pos3F3.tmp
C:\Documents and Settings\Ken\My Documents\pos3F4.tmp
C:\Documents and Settings\Ken\My Documents\pos3F5.tmp
C:\Documents and Settings\Ken\My Documents\pos3F6.tmp
C:\Documents and Settings\Ken\My Documents\pos3F7.tmp
C:\Documents and Settings\Ken\My Documents\pos3F8.tmp
C:\Documents and Settings\Ken\My Documents\pos3F9.tmp
C:\Documents and Settings\Ken\My Documents\pos3FA.tmp
C:\Documents and Settings\Ken\My Documents\pos3FB.tmp
C:\Documents and Settings\Ken\My Documents\pos3FC.tmp
C:\Documents and Settings\Ken\My Documents\pos3FD.tmp
C:\Documents and Settings\Ken\My Documents\pos3FE.tmp
C:\Documents and Settings\Ken\My Documents\pos3FF.tmp
C:\Documents and Settings\Ken\My Documents\pos400.tmp
C:\Documents and Settings\Ken\My Documents\pos401.tmp
C:\Documents and Settings\Ken\My Documents\pos402.tmp
C:\Documents and Settings\Ken\My Documents\pos403.tmp
C:\Documents and Settings\Ken\My Documents\pos404.tmp
C:\Documents and Settings\Ken\My Documents\pos405.tmp
C:\Documents and Settings\Ken\My Documents\pos406.tmp
C:\Documents and Settings\Ken\My Documents\pos407.tmp
C:\Documents and Settings\Ken\My Documents\pos408.tmp
C:\Documents and Settings\Ken\My Documents\pos409.tmp
C:\Documents and Settings\Ken\My Documents\pos40A.tmp
C:\Documents and Settings\Ken\My Documents\pos40B.tmp
C:\Documents and Settings\Ken\My Documents\pos40C.tmp
C:\Documents and Settings\Ken\My Documents\pos40D.tmp
C:\Documents and Settings\Ken\My Documents\pos40E.tmp
C:\Documents and Settings\Ken\My Documents\pos40F.tmp
C:\Documents and Settings\Ken\My Documents\pos410.tmp
C:\Documents and Settings\Ken\My Documents\pos411.tmp
C:\Documents and Settings\Ken\My Documents\pos412.tmp
C:\Documents and Settings\Ken\My Documents\pos413.tmp
C:\Documents and Settings\Ken\My Documents\pos414.tmp
C:\Documents and Settings\Ken\My Documents\pos415.tmp
C:\Documents and Settings\Ken\My Documents\pos416.tmp
C:\Documents and Settings\Ken\My Documents\pos417.tmp
C:\Documents and Settings\Ken\My Documents\pos418.tmp
C:\Documents and Settings\Ken\My Documents\pos419.tmp
C:\Documents and Settings\Ken\My Documents\pos41A.tmp
C:\Documents and Settings\Ken\My Documents\pos41B.tmp
C:\Documents and Settings\Ken\My Documents\pos41C.tmp
C:\Documents and Settings\Ken\My Documents\pos41D.tmp
C:\Documents and Settings\Ken\My Documents\pos41E.tmp
C:\Documents and Settings\Ken\My Documents\pos41F.tmp
C:\Documents and Settings\Ken\My Documents\pos420.tmp
C:\Documents and Settings\Ken\My Documents\pos421.tmp
C:\Documents and Settings\Ken\My Documents\pos422.tmp
C:\Documents and Settings\Ken\My Documents\pos423.tmp
C:\Documents and Settings\Ken\My Documents\pos424.tmp
C:\Documents and Settings\Ken\My Documents\pos425.tmp
C:\Documents and Settings\Ken\My Documents\pos426.tmp
C:\Documents and Settings\Ken\My Documents\pos427.tmp
C:\Documents and Settings\Ken\My Documents\pos428.tmp
C:\Documents and Settings\Ken\My Documents\pos429.tmp
C:\Documents and Settings\Ken\My Documents\pos42A.tmp
C:\Documents and Settings\Ken\My Documents\pos42B.tmp
C:\Documents and Settings\Ken\My Documents\pos42C.tmp
C:\Documents and Settings\Ken\My Documents\pos42D.tmp
C:\Documents and Settings\Ken\My Documents\pos42E.tmp
C:\Documents and Settings\Ken\My Documents\pos42F.tmp
C:\Documents and Settings\Ken\My Documents\pos430.tmp
C:\Documents and Settings\Ken\My Documents\pos431.tmp
C:\Documents and Settings\Ken\My Documents\pos432.tmp
C:\Documents and Settings\Ken\My Documents\pos433.tmp
C:\Documents and Settings\Ken\My Documents\pos434.tmp
C:\Documents and Settings\Ken\My Documents\pos435.tmp
C:\Documents and Settings\Ken\My Documents\pos436.tmp
C:\Documents and Settings\Ken\My Documents\pos437.tmp
C:\Documents and Settings\Ken\My Documents\pos438.tmp
C:\Documents and Settings\Ken\My Documents\pos439.tmp
C:\Documents and Settings\Ken\My Documents\pos43A.tmp
C:\Documents and Settings\Ken\My Documents\pos43B.tmp
C:\Documents and Settings\Ken\My Documents\pos43C.tmp
C:\Documents and Settings\Ken\My Documents\pos43D.tmp
C:\Documents and Settings\Ken\My Documents\pos43E.tmp
C:\Documents and Settings\Ken\My Documents\pos43F.tmp
C:\Documents and Settings\Ken\My Documents\pos440.tmp
C:\Documents and Settings\Ken\My Documents\pos441.tmp
C:\Documents and Settings\Ken\My Documents\pos442.tmp
C:\Documents and Settings\Ken\My Documents\pos443.tmp
C:\Documents and Settings\Ken\My Documents\pos444.tmp
C:\Documents and Settings\Ken\My Documents\pos445.tmp
C:\Documents and Settings\Ken\My Documents\pos446.tmp
C:\Documents and Settings\Ken\My Documents\pos447.tmp
C:\Documents and Settings\Ken\My Documents\pos448.tmp
C:\Documents and Settings\Ken\My Documents\pos449.tmp
C:\Documents and Settings\Ken\My Documents\pos44A.tmp
C:\Documents and Settings\Ken\My Documents\pos44B.tmp
C:\Documents and Settings\Ken\My Documents\pos44C.tmp
C:\Documents and Settings\Ken\My Documents\pos44D.tmp
C:\Documents and Settings\Ken\My Documents\pos44E.tmp
C:\Documents and Settings\Ken\My Documents\pos44F.tmp
C:\Documents and Settings\Ken\My Documents\pos450.tmp
C:\Documents and Settings\Ken\My Documents\pos451.tmp
C:\Documents and Settings\Ken\My Documents\pos452.tmp
C:\Documents and Settings\Ken\My Documents\pos453.tmp
C:\Documents and Settings\Ken\My Documents\pos454.tmp
C:\Documents and Settings\Ken\My Documents\pos455.tmp
C:\Documents and Settings\Ken\My Documents\pos456.tmp
C:\Documents and Settings\Ken\My Documents\pos457.tmp
C:\Documents and Settings\Ken\My Documents\pos458.tmp
C:\Documents and Settings\Ken\My Documents\pos459.tmp
C:\Documents and Settings\Ken\My Documents\pos45A.tmp
C:\Documents and Settings\Ken\My Documents\pos45B.tmp
C:\Documents and Settings\Ken\My Documents\pos45C.tmp
C:\Documents and Settings\Ken\My Documents\pos45D.tmp
C:\Documents and Settings\Ken\My Documents\pos45E.tmp
C:\Documents and Settings\Ken\My Documents\pos45F.tmp
C:\Documents and Settings\Ken\My Documents\pos460.tmp
C:\Documents and Settings\Ken\My Documents\pos461.tmp
C:\Documents and Settings\Ken\My Documents\pos462.tmp
C:\Documents and Settings\Ken\My Documents\pos463.tmp
C:\Documents and Settings\Ken\My Documents\pos464.tmp
C:\Documents and Settings\Ken\My Documents\pos465.tmp
C:\Documents and Settings\Ken\My Documents\pos466.tmp
C:\Documents and Settings\Ken\My Documents\pos467.tmp
C:\Documents and Settings\Ken\My Documents\pos468.tmp
C:\Documents and Settings\Ken\My Documents\pos469.tmp
C:\Documents and Settings\Ken\My Documents\pos46A.tmp
C:\Documents and Settings\Ken\My Documents\pos46B.tmp
C:\Documents and Settings\Ken\My Documents\pos46C.tmp
C:\Documents and Settings\Ken\My Documents\pos46D.tmp
C:\Documents and Settings\Ken\My Documents\pos46E.tmp
C:\Documents and Settings\Ken\My Documents\pos46F.tmp
C:\Documents and Settings\Ken\My Documents\pos470.tmp
C:\Documents and Settings\Ken\My Documents\pos471.tmp
C:\Documents and Settings\Ken\My Documents\pos472.tmp
C:\Documents and Settings\Ken\My Documents\pos473.tmp
C:\Documents and Settings\Ken\My Documents\pos474.tmp
C:\Documents and Settings\Ken\My Documents\pos475.tmp
C:\Documents and Settings\Ken\My Documents\pos476.tmp
C:\Documents and Settings\Ken\My Documents\pos477.tmp
C:\Documents and Settings\Ken\My Documents\pos478.tmp
C:\Documents and Settings\Ken\My Documents\pos479.tmp
C:\Documents and Settings\Ken\My Documents\pos47A.tmp
C:\Documents and Settings\Ken\My Documents\pos47B.tmp
C:\Documents and Settings\Ken\My Documents\pos47C.tmp
C:\Documents and Settings\Ken\My Documents\pos47D.tmp
C:\Documents and Settings\Ken\My Documents\pos47E.tmp
C:\Documents and Settings\Ken\My Documents\pos47F.tmp
C:\Documents and Settings\Ken\My Documents\pos480.tmp
C:\Documents and Settings\Ken\My Documents\pos481.tmp
C:\Documents and Settings\Ken\My Documents\pos482.tmp
C:\Documents and Settings\Ken\My Documents\pos483.tmp
C:\Documents and Settings\Ken\My Documents\pos484.tmp
C:\Documents and Settings\Ken\My Documents\pos485.tmp
C:\Documents and Settings\Ken\My Documents\pos486.tmp
C:\Documents and Settings\Ken\My Documents\pos487.tmp
C:\Documents and Settings\Ken\My Documents\pos488.tmp
C:\Documents and Settings\Ken\My Documents\pos489.tmp
C:\Documents and Settings\Ken\My Documents\pos48A.tmp
C:\Documents and Settings\Ken\My Documents\pos48B.tmp
C:\Documents and Settings\Ken\My Documents\pos48C.tmp
C:\Documents and Settings\Ken\My Documents\pos48D.tmp
C:\Documents and Settings\Ken\My Documents\pos48E.tmp
C:\Documents and Settings\Ken\My Documents\pos48F.tmp
C:\Documents and Settings\Ken\My Documents\pos490.tmp
C:\Documents and Settings\Ken\My Documents\pos491.tmp
C:\Documents and Settings\Ken\My Documents\pos492.tmp
C:\Documents and Settings\Ken\My Documents\pos493.tmp
C:\Documents and Settings\Ken\My Documents\pos494.tmp
C:\Documents and Settings\Ken\My Documents\pos495.tmp
C:\Documents and Settings\Ken\My Documents\pos496.tmp
C:\Documents and Settings\Ken\My Documents\pos497.tmp
C:\Documents and Settings\Ken\My Documents\pos498.tmp
C:\Documents and Settings\Ken\My Documents\pos499.tmp
C:\Documents and Settings\Ken\My Documents\pos49A.tmp
C:\Documents and Settings\Ken\My Documents\pos49B.tmp
C:\Documents and Settings\Ken\My Documents\pos49C.tmp
C:\Documents and Settings\Ken\My Documents\pos49D.tmp
C:\Documents and Settings\Ken\My Documents\pos49E.tmp
C:\Documents and Settings\Ken\My Documents\pos49F.tmp
C:\Documents and Settings\Ken\My Documents\pos4A0.tmp
C:\Documents and Settings\Ken\My Documents\pos4A1.tmp
C:\Documents and Settings\Ken\My Documents\pos4A2.tmp
C:\Documents and Settings\Ken\My Documents\pos4A3.tmp
C:\Documents and Settings\Ken\My Documents\pos4A4.tmp
C:\Documents and Settings\Ken\My Documents\pos4A5.tmp
C:\Documents and Settings\Ken\My Documents\pos4A6.tmp
C:\Documents and Settings\Ken\My Documents\pos4A7.tmp
C:\Documents and Settings\Ken\My Documents\pos4A8.tmp
C:\Documents and Settings\Ken\My Documents\pos4A9.tmp
C:\Documents and Settings\Ken\My Documents\pos4AA.tmp
C:\Documents and Settings\Ken\My Documents\pos4AB.tmp
C:\Documents and Settings\Ken\My Documents\pos4AC.tmp
C:\Documents and Settings\Ken\My Documents\pos4AD.tmp
C:\Documents and Settings\Ken\My Documents\pos4AE.tmp
C:\Documents and Settings\Ken\My Documents\pos4AF.tmp
C:\Documents and Settings\Ken\My Documents\pos4B0.tmp
C:\Documents and Settings\Ken\My Documents\pos4B1.tmp
C:\Documents and Settings\Ken\My Documents\pos4B2.tmp
C:\Documents and Settings\Ken\My Documents\pos4B3.tmp
C:\Documents and Settings\Ken\My Documents\pos4B4.tmp
C:\Documents and Settings\Ken\My Documents\pos4B5.tmp
C:\Documents and Settings\Ken\My Documents\pos4B6.tmp
C:\Documents and Settings\Ken\My Documents\pos4B7.tmp
C:\Documents and Settings\Ken\My Documents\pos4B8.tmp
C:\Documents and Settings\Ken\My Documents\pos4B9.tmp
C:\Documents and Settings\Ken\My Documents\pos4BA.tmp
C:\Documents and Settings\Ken\My Documents\pos4BB.tmp
C:\Documents and Settings\Ken\My Documents\pos4BC.tmp
C:\Documents and Settings\Ken\My Documents\pos4BD.tmp
C:\Documents and Settings\Ken\My Documents\pos4BE.tmp
C:\Documents and Settings\Ken\My Documents\pos4BF.tmp
C:\Documents and Settings\Ken\My Documents\pos4C0.tmp
C:\Documents and Settings\Ken\My Documents\pos4C1.tmp
C:\Documents and Settings\Ken\My Documents\pos4C2.tmp
C:\Documents and Settings\Ken\My Documents\pos4C3.tmp
C:\Documents and Settings\Ken\My Documents\pos4C4.tmp
C:\Documents and Settings\Ken\My Documents\pos4C5.tmp
C:\Documents and Settings\Ken\My Documents\pos4C6.tmp
C:\Documents and Settings\Ken\My Documents\pos4C7.tmp
C:\Documents and Settings\Ken\My Documents\pos4C8.tmp
C:\Documents and Settings\Ken\My Documents\pos4C9.tmp
C:\Documents and Settings\Ken\My Documents\pos4CA.tmp
C:\Documents and Settings\Ken\My Documents\pos4CB.tmp
C:\Documents and Settings\Ken\My Documents\pos4CC.tmp
C:\Documents and Settings\Ken\My Documents\pos4CD.tmp
C:\Documents and Settings\Ken\My Documents\pos4CE.tmp
C:\Documents and Settings\Ken\My Documents\pos4CF.tmp
C:\Documents and Settings\Ken\My Documents\pos4D0.tmp
C:\Documents and Settings\Ken\My Documents\pos4D1.tmp
C:\Documents and Settings\Ken\My Documents\pos4D2.tmp
C:\Documents and Settings\Ken\My Documents\pos4D3.tmp
C:\Documents and Settings\Ken\My Documents\pos4D4.tmp
C:\Documents and Settings\Ken\My Documents\pos4D5.tmp
C:\Documents and Settings\Ken\My Documents\pos4D6.tmp
C:\Documents and Settings\Ken\My Documents\pos4D7.tmp
C:\Documents and Settings\Ken\My Documents\pos4D8.tmp
C:\Documents and Settings\Ken\My Documents\pos4D9.tmp
C:\Documents and Settings\Ken\My Documents\pos4DA.tmp
C:\Documents and Settings\Ken\My Documents\pos4DB.tmp
C:\Documents and Settings\Ken\My Documents\pos4DC.tmp
C:\Documents and Settings\Ken\My Documents\pos4DD.tmp
C:\Documents and Settings\Ken\My Documents\pos4DE.tmp
C:\Documents and Settings\Ken\My Documents\pos4DF.tmp
C:\Documents and Settings\Ken\My Documents\pos4E0.tmp
C:\Documents and Settings\Ken\My Documents\pos4E1.tmp
C:\Documents and Settings\Ken\My Documents\pos4E2.tmp
C:\Documents and Settings\Ken\My Documents\pos4E3.tmp
C:\Documents and Settings\Ken\My Documents\pos4E4.tmp
C:\Documents and Settings\Ken\My Documents\pos4E5.tmp
C:\Documents and Settings\Ken\My Documents\pos4E6.tmp
C:\Documents and Settings\Ken\My Documents\pos4E7.tmp
C:\Documents and Settings\Ken\My Documents\pos4E8.tmp
C:\Documents and Settings\Ken\My Documents\pos4E9.tmp
C:\Documents and Settings\Ken\My Documents\pos4EA.tmp
C:\Documents and Settings\Ken\My Documents\pos4EB.tmp
C:\Documents and Settings\Ken\My Documents\pos4EC.tmp
C:\Documents and Settings\Ken\My Documents\pos4ED.tmp
C:\Documents and Settings\Ken\My Documents\pos4EE.tmp
C:\Documents and Settings\Ken\My Documents\pos4EF.tmp
C:\Documents and Settings\Ken\My Documents\pos4F0.tmp
C:\Documents and Settings\Ken\My Documents\pos4F1.tmp
C:\Documents and Settings\Ken\My Documents\pos4F2.tmp
C:\Documents and Settings\Ken\My Documents\pos4F3.tmp
C:\Documents and Settings\Ken\My Documents\pos4F4.tmp
C:\Documents and Settings\Ken\My Documents\pos4F5.tmp
C:\Documents and Settings\Ken\My Documents\pos4F6.tmp
C:\Documents and Settings\Ken\My Documents\pos4F7.tmp
C:\Documents and Settings\Ken\My Documents\pos4F8.tmp
C:\Documents and Settings\Ken\My Documents\pos4F9.tmp
C:\Documents and Settings\Ken\My Documents\pos4FA.tmp
C:\Documents and Settings\Ken\My Documents\pos4FB.tmp
C:\Documents and Settings\Ken\My Documents\pos4FC.tmp
C:\Documents and Settings\Ken\My Documents\pos4FD.tmp
C:\Documents and Settings\Ken\My Documents\pos4FE.tmp
C:\Documents and Settings\Ken\My Documents\pos4FF.tmp
C:\Documents and Settings\Ken\My Documents\pos500.tmp
C:\Documents and Settings\Ken\My Documents\pos501.tmp
C:\Documents and Settings\Ken\My Documents\pos502.tmp
C:\Documents and Settings\Ken\My Documents\pos503.tmp
C:\Documents and Settings\Ken\My Documents\pos504.tmp
C:\Documents and Settings\Ken\My Documents\pos505.tmp
C:\Documents and Settings\Ken\My Documents\pos506.tmp
C:\Documents and Settings\Ken\My Documents\pos507.tmp
C:\Documents and Settings\Ken\My Documents\pos508.tmp
C:\Documents and Settings\Ken\My Documents\pos509.tmp
C:\Documents and Settings\Ken\My Documents\pos50A.tmp
C:\Documents and Settings\Ken\My Documents\pos50B.tmp
C:\Documents and Settings\Ken\My Documents\pos50C.tmp
C:\Documents and Settings\Ken\My Documents\pos50D.tmp
C:\Documents and Settings\Ken\My Documents\pos50E.tmp
C:\Documents and Settings\Ken\My Documents\pos50F.tmp
C:\Documents and Settings\Ken\My Documents\pos510.tmp
C:\Documents and Settings\Ken\My Documents\pos511.tmp
C:\Documents and Settings\Ken\My Documents\pos512.tmp
C:\Documents and Settings\Ken\My Documents\pos513.tmp
C:\Documents and Settings\Ken\My Documents\pos514.tmp
C:\Documents and Settings\Ken\My Documents\pos515.tmp
C:\Documents and Settings\Ken\My Documents\pos516.tmp
C:\Documents and Settings\Ken\My Documents\pos517.tmp
C:\Documents and Settings\Ken\My Documents\pos518.tmp
C:\Documents and Settings\Ken\My Documents\pos519.tmp
C:\Documents and Settings\Ken\My Documents\pos51A.tmp
C:\Documents and Settings\Ken\My Documents\pos51B.tmp
C:\Documents and Settings\Ken\My Documents\pos51C.tmp
C:\Documents and Settings\Ken\My Documents\pos51D.tmp
C:\Documents and Settings\Ken\My Documents\pos51E.tmp
C:\Documents and Settings\Ken\My Documents\pos51F.tmp
C:\Documents and Settings\Ken\My Documents\pos520.tmp
C:\Documents and Settings\Ken\My Documents\pos521.tmp
C:\Documents and Settings\Ken\My Documents\pos522.tmp
C:\Documents and Settings\Ken\My Documents\pos523.tmp
C:\Documents and Settings\Ken\My Documents\pos524.tmp
C:\Documents and Settings\Ken\My Documents\pos525.tmp
C:\Documents and Settings\Ken\My Documents\pos526.tmp
C:\Documents and Settings\Ken\My Documents\pos527.tmp
C:\Documents and Settings\Ken\My Documents\pos528.tmp
C:\Documents and Settings\Ken\My Documents\pos529.tmp
C:\Documents and Settings\Ken\My Documents\pos52A.tmp
C:\Documents and Settings\Ken\My Documents\pos52B.tmp
C:\Documents and Settings\Ken\My Documents\pos52C.tmp
C:\Documents and Settings\Ken\My Documents\pos52D.tmp
C:\Documents and Settings\Ken\My Documents\pos52E.tmp
C:\Documents and Settings\Ken\My Documents\pos52F.tmp
C:\Documents and Settings\Ken\My Documents\pos530.tmp
C:\Documents and Settings\Ken\My Documents\pos531.tmp
C:\Documents and Settings\Ken\My Documents\pos532.tmp
C:\Documents and Settings\Ken\My Documents\pos533.tmp
C:\Documents and Settings\Ken\My Documents\pos534.tmp
C:\Documents and Settings\Ken\My Documents\pos535.tmp
C:\Documents and Settings\Ken\My Documents\pos536.tmp
C:\Documents and Settings\Ken\My Documents\pos537.tmp
C:\Documents and Settings\Ken\My Documents\pos538.tmp
C:\Documents and Settings\Ken\My Documents\pos539.tmp
C:\Documents and Settings\Ken\My Documents\pos53A.tmp
C:\Documents and Settings\Ken\My Documents\pos53B.tmp
C:\Documents and Settings\Ken\My Documents\pos53C.tmp
C:\Documents and Settings\Ken\My Documents\pos53D.tmp
C:\Documents and Settings\Ken\My Documents\pos53E.tmp
C:\Documents and Settings\Ken\My Documents\pos53F.tmp
C:\Documents and Settings\Ken\My Documents\pos540.tmp
C:\Documents and Settings\Ken\My Documents\pos541.tmp
C:\Documents and Settings\Ken\My Documents\pos542.tmp
C:\Documents and Settings\Ken\My Documents\pos543.tmp
C:\Documents and Settings\Ken\My Documents\pos544.tmp
C:\Documents and Settings\Ken\My Documents\pos545.tmp
C:\Documents and Settings\Ken\My Documents\pos546.tmp
C:\Documents and Settings\Ken\My Documents\pos547.tmp
C:\Documents and Settings\Ken\My Documents\pos548.tmp
C:\Documents and Settings\Ken\My Documents\pos549.tmp
C:\Documents and Settings\Ken\My Documents\pos54A.tmp
C:\Documents and Settings\Ken\My Documents\pos54B.tmp
C:\Documents and Settings\Ken\My Documents\pos54C.tmp
C:\Documents and Settings\Ken\My Documents\pos54D.tmp
C:\Documents and Settings\Ken\My Documents\pos54E.tmp
C:\Documents and Settings\Ken\My Documents\pos54F.tmp
C:\Documents and Settings\Ken\My Documents\pos550.tmp
C:\Documents and Settings\Ken\My Documents\pos551.tmp
C:\Documents and Settings\Ken\My Documents\pos552.tmp
C:\Documents and Settings\Ken\My Documents\pos553.tmp
C:\Documents and Settings\Ken\My Documents\pos554.tmp
C:\Documents and Settings\Ken\My Documents\pos555.tmp
C:\Documents and Settings\Ken\My Documents\pos556.tmp
C:\Documents and Settings\Ken\My Documents\pos557.tmp
C:\Documents and Settings\Ken\My Documents\pos558.tmp
C:\Documents and Settings\Ken\My Documents\pos559.tmp
C:\Documents and Settings\Ken\My Documents\pos55A.tmp
C:\Documents and Settings\Ken\My Documents\pos55B.tmp
C:\Documents and Settings\Ken\My Documents\pos55C.tmp
C:\Documents and Settings\Ken\My Documents\pos55D.tmp
C:\Documents and Settings\Ken\My Documents\pos55E.tmp
C:\Documents and Settings\Ken\My Documents\pos55F.tmp
C:\Documents and Settings\Ken\My Documents\pos560.tmp
C:\Documents and Settings\Ken\My Documents\pos561.tmp
C:\Documents and Settings\Ken\My Documents\pos562.tmp
C:\Documents and Settings\Ken\My Documents\pos563.tmp
C:\Documents and Settings\Ken\My Documents\pos564.tmp
C:\Documents and Settings\Ken\My Documents\pos565.tmp
C:\Documents and Settings\Ken\My Documents\pos566.tmp
C:\Documents and Settings\Ken\My Documents\pos567.tmp
C:\Documents and Settings\Ken\My Documents\pos568.tmp
C:\Documents and Settings\Ken\My Documents\pos569.tmp
C:\Documents and Settings\Ken\My Documents\pos56A.tmp
C:\Documents and Settings\Ken\My Documents\pos56B.tmp
C:\Documents and Settings\Ken\My Documents\pos56C.tmp
C:\Documents and Settings\Ken\My Documents\pos56D.tmp
C:\Documents and Settings\Ken\My Documents\pos56E.tmp
C:\Documents and Settings\Ken\My Documents\pos56F.tmp
C:\Documents and Settings\Ken\My Documents\pos570.tmp
C:\Documents and Settings\Ken\My Documents\pos571.tmp
C:\Documents and Settings\Ken\My Documents\pos572.tmp
C:\Documents and Settings\Ken\My Documents\pos573.tmp
C:\Documents and Settings\Ken\My Documents\pos574.tmp
C:\Documents and Settings\Ken\My Documents\pos575.tmp
C:\Documents and Settings\Ken\My Documents\pos576

Edited by ken65, 26 January 2008 - 02:38 PM.

  • 0

#6
kahdah
Posted 26 January 2008 - 02:46 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I will need you to repost that Combofix log as it was cut off.

If it is easier you can send it to me via e-mail >kahdah at aol.com
replace the at with @ thank you.
  • 0

#7
ken65
Posted 26 January 2008 - 03:11 PM

ken65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ok it is again


ComboFix 08-01-23.1C - Ken 2008-01-26 15:54:14.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.597 [GMT -5:00]
Running from: C:\Documents and Settings\Ken\Desktop\ComboFix(2).exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-26 15:57 . 2008-01-26 15:57 <DIR> d-------- C:\Temp\tn3
2008-01-26 09:07 . 2008-01-26 15:08 4,096 --a------ C:\WINDOWS\system32\drivers\BA199D1B-3EE2-4387-829E-936C67210EB1.cxv
2008-01-26 09:06 . 2008-01-26 15:56 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-26 08:57 . 2008-01-26 08:58 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-25 17:17 . 2008-01-25 17:17 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-23 03:42 . 2008-01-23 03:42 1,024 --a------ C:\WINDOWS\system32\drivers\348FC9BA-9808-4635-A705-39FD51578C04.cxv
2008-01-23 03:35 . 2008-01-23 03:35 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-22 22:42 . 2008-01-22 22:42 9,216 --a------ C:\WINDOWS\system32\drivers\C64B3A2F-B4C6-4F68-96D3-0746C39ED9EB.cxv
2008-01-22 22:37 . 2008-01-26 15:09 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-17 18:21 . 2008-01-17 18:27 388,608 --a------ C:\WINDOWS\system32\cmd .exe
2008-01-17 13:18 . 2008-01-17 13:18 <DIR> d-------- C:\Program Files\Panda Security
2008-01-17 13:15 . 2008-01-17 13:15 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-01-17 13:15 . 2007-07-12 07:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-01-17 13:15 . 2007-05-23 09:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-01-17 11:59 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-17 11:59 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-17 11:59 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-17 11:59 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-17 09:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 09:14 . 2008-01-17 09:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-17 07:57 . 2008-01-17 07:57 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-17 07:57 . 2008-01-17 07:57 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-17 07:54 . 2008-01-26 15:57 4,347,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-17 07:54 . 2008-01-26 15:57 74,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-17 07:54 . 2008-01-26 15:56 59,252 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-17 07:54 . 2008-01-26 15:56 8,012 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-17 07:36 . 2008-01-17 08:30 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-17 07:11 . 2008-01-17 07:11 86,144 --a------ C:\WINDOWS\system32\drivers\tdii.sys
2008-01-13 17:39 . 2008-01-16 18:09 <DIR> d-------- C:\WINDOWS\.mpr_file_store_32
2008-01-12 19:56 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-12 19:56 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-12 08:52 . 2008-01-12 08:52 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-12 08:52 . 2008-01-12 08:52 <DIR> d-------- C:\kav
2007-12-31 08:49 . 2007-12-31 08:49 <DIR> d-------- C:\Program Files\PIXresizer
2007-12-31 08:49 . 2007-04-15 00:05 991,232 --a------ C:\WINDOWS\system32\imageviewer2.ocx
2007-12-31 08:49 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\system32\threed32.ocx
2007-12-31 08:49 . 1999-09-16 09:04 151,552 --a------ C:\WINDOWS\system32\ccrpfd6.ocx
2007-12-31 08:49 . 2000-05-01 23:02 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
2007-12-31 08:49 . 2000-07-09 18:15 106,496 --a------ C:\WINDOWS\system32\mbprgbar.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 21:55 --------- d-----w C:\Program Files\QuickTime
2008-01-17 21:54 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-17 18:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 20:53 --------- d-----w C:\Program Files\DivX
2007-12-23 06:34 --------- d-----w C:\Program Files\Azureus
2007-12-19 20:05 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-12-19 03:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-18 05:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-17 17:39 --------- d-----w C:\Program Files\DVD Flick
2007-12-16 15:30 --------- d-----w C:\Program Files\InterActual
2007-12-16 15:21 --------- d-----w C:\Program Files\Roxio
2007-12-16 15:20 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-12-16 15:18 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-12-16 15:13 --------- d-----w C:\Program Files\SmartSound Software
2007-12-15 14:28 --------- d-----w C:\Program Files\Sony
2007-12-15 14:16 --------- d-----w C:\Program Files\eMailTrackerPro
2007-12-15 14:15 --------- d-----w C:\Program Files\Visualware Security Suite
2007-12-15 14:15 --------- d-----w C:\Program Files\Batch Watermark Creator
2007-12-15 14:13 --------- d-----w C:\Program Files\Hasbro Interactive
2007-12-15 14:02 --------- d-----w C:\Program Files\Visual IP Trace 2007
2007-12-15 14:01 --------- d-----r C:\Program Files\TypingMaster
2007-12-15 13:50 --------- d-----w C:\Program Files\AudioStreamer
2007-12-15 13:49 --------- d-----w C:\Program Files\Amazon
2007-12-13 18:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-12-09 19:25 --------- d-----w C:\Program Files\dvdSanta
2007-12-08 06:59 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-08 06:59 --------- d-----w C:\Program Files\VSO
2007-12-03 18:52 --------- d-----w C:\Program Files\Super DVD Creator 8.0
2007-12-02 20:21 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-02 19:47 --------- d-----w C:\Program Files\SlySoft
2007-12-02 19:47 --------- d-----w C:\Program Files\Blaze Media Pro
2007-11-29 07:07 --------- d-----w C:\Program Files\McAfee
2007-11-28 01:33 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-22 21:06 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-06-13 10:23 843,776 --sha-r C:\WINDOWS\system32\slccma.exe
.
<pre>
----a-w		   483,328 2008-01-17 23:43:13  C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
----a-w			86,960 2008-01-17 13:04:37  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w		   240,112 2008-01-17 13:02:46  C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10 .exe
----a-w		   219,136 2008-01-17 12:28:07  C:\Program Files\Grisoft\AVG7\avgw .exe
----a-w		   227,856 2008-01-17 23:42:48  C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp  .exe
----a-w		   113,136 2008-01-17 13:02:47  C:\Program Files\Roxio\CinePlayer\DMXLauncher .exe
----a-w		 1,649,600 2008-01-17 13:04:14  C:\Program Files\SlySoft\AnyDVD\AnyDVD .exe
----a-w		   388,608 2008-01-17 23:27:26  C:\WINDOWS\system32\cmd .exe
----a-w			15,360 2008-01-17 13:30:41  C:\WINDOWS\system32\ctfmon .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 03:38 7118848]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe" [2008-01-17 18:42 227856]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-07 01:16 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyabyy]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zlwzqgad]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
DNSQueryTimeouts REG_MULTI_SZ 1 2 2 4 8 0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ken^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Ken\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auction Auto Bidder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 05:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet]
C:\Program Files\FlashGet\FlashGet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-05-01 08:28 602182 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 03:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-15 03:38 7118848 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-12-15 03:38 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P3000x_S2P]
C:\PROGRAM FILES\DELL\DELL LASER MFP 1600N\PSU\ScanToPc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-02-15 04:39 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-11-16 22:35 397312 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamBully 4]
C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4oe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 09:40]
R1 tdii;tdii;C:\WINDOWS\system32\drivers\tdii.sys [2008-01-17 07:11]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 07:49]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe" [2008-01-17 18:42]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 15:53]
S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\Ken\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 15:53]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{29FCEE19-7D85-1F31-71F8-D7CC9111458D}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 14:00:00 C:\WINDOWS\Tasks\Vista_Ultimate_International_x86_by_PiterPen.job"
- C:\Documents and Settings\Ken\My Documents\Azureus Downloads\Vista_Ultimate_International_x86_by_PiterPen.iso
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 15:57:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 16:02:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-26 21:02:25
ComboFix2.txt 2008-01-26 20:27:45
ComboFix3.txt 2008-01-18 01:56:29
.
2008-01-23 09:03:48 --- E O F ---




and heres hjt



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:11 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Photolightning\autodetect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\showme.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.canoe.ca/home.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - http://eserv.sympati...adaPortalAX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: winwim32 - C:\WINDOWS\
O20 - Winlogon Notify: xxyabyy - C:\WINDOWS\
O20 - Winlogon Notify: zlwzqgad - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Ken\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10495 bytes
  • 0

#8
kahdah
Posted 26 January 2008 - 03:26 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
  • 0

#9
ken65
Posted 27 January 2008 - 12:31 AM

ken65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  • 0

#10
kahdah
Posted 27 January 2008 - 12:58 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\drivers\BA199D1B-3EE2-4387-829E-936C67210EB1.cxv
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\348FC9BA-9808-4635-A705-39FD51578C04.cxv
C:\WINDOWS\system32\drivers\C64B3A2F-B4C6-4F68-96D3-0746C39ED9EB.cxv
C:\WINDOWS\system32\drivers\tdii.sys 

Folder::
C:\Temp\tn3

RenV::
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Grisoft\AVG7\avgw .exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp  .exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher .exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD .exe
C:\WINDOWS\system32\cmd .exe
C:\WINDOWS\system32\ctfmon .exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyabyy]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zlwzqgad]

Driver::
tdii


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

Advertisements

#11
ken65
Posted 27 January 2008 - 01:32 AM

ken65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ComboFix 08-01-23.1C - Ken 2008-01-27 2:20:09.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.578 [GMT -5:00]
Running from: C:\Documents and Settings\Ken\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Ken\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\drivers\348FC9BA-9808-4635-A705-39FD51578C04.cxv
C:\WINDOWS\system32\drivers\BA199D1B-3EE2-4387-829E-936C67210EB1.cxv
C:\WINDOWS\system32\drivers\C64B3A2F-B4C6-4F68-96D3-0746C39ED9EB.cxv
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\tdii.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\WINDOWS\system32\drivers\348FC9BA-9808-4635-A705-39FD51578C04.cxv
C:\WINDOWS\system32\drivers\BA199D1B-3EE2-4387-829E-936C67210EB1.cxv
C:\WINDOWS\system32\drivers\C64B3A2F-B4C6-4F68-96D3-0746C39ED9EB.cxv
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\tdii.sys

.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-27 01:29 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-27 01:29 . 2007-11-24 13:09 211 --a------ C:\Boot.bak
2008-01-26 08:57 . 2008-01-26 08:58 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-25 17:17 . 2008-01-25 17:17 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-23 03:35 . 2008-01-23 03:35 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-22 22:37 . 2008-01-26 15:09 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-17 13:18 . 2008-01-17 13:18 <DIR> d-------- C:\Program Files\Panda Security
2008-01-17 13:15 . 2008-01-17 13:15 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-01-17 13:15 . 2007-07-12 07:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-01-17 13:15 . 2007-05-23 09:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-01-17 11:59 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-17 11:59 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-17 11:59 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-17 11:59 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-17 09:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 09:14 . 2008-01-17 09:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-17 07:57 . 2008-01-17 07:57 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-17 07:57 . 2008-01-17 07:57 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-17 07:54 . 2008-01-27 02:24 4,456,736 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-17 07:54 . 2008-01-27 02:24 79,648 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-17 07:54 . 2008-01-27 02:23 60,716 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-17 07:54 . 2008-01-27 02:23 8,492 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-17 07:36 . 2008-01-17 08:30 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-17 07:36 . 2008-01-17 08:30 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-13 17:39 . 2008-01-16 18:09 <DIR> d-------- C:\WINDOWS\.mpr_file_store_32
2008-01-12 19:56 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-12 19:56 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-12 08:52 . 2008-01-12 08:52 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-12 08:52 . 2008-01-12 08:52 <DIR> d-------- C:\kav
2007-12-31 08:49 . 2007-12-31 08:49 <DIR> d-------- C:\Program Files\PIXresizer
2007-12-31 08:49 . 2007-04-15 00:05 991,232 --a------ C:\WINDOWS\system32\imageviewer2.ocx
2007-12-31 08:49 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\system32\threed32.ocx
2007-12-31 08:49 . 1999-09-16 09:04 151,552 --a------ C:\WINDOWS\system32\ccrpfd6.ocx
2007-12-31 08:49 . 2000-05-01 23:02 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
2007-12-31 08:49 . 2000-07-09 18:15 106,496 --a------ C:\WINDOWS\system32\mbprgbar.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 21:55 --------- d-----w C:\Program Files\QuickTime
2008-01-17 21:54 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-17 18:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 20:53 --------- d-----w C:\Program Files\DivX
2007-12-23 06:34 --------- d-----w C:\Program Files\Azureus
2007-12-19 20:05 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-12-19 03:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-18 05:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-17 17:39 --------- d-----w C:\Program Files\DVD Flick
2007-12-16 15:30 --------- d-----w C:\Program Files\InterActual
2007-12-16 15:21 --------- d-----w C:\Program Files\Roxio
2007-12-16 15:20 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-12-16 15:18 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-12-16 15:13 --------- d-----w C:\Program Files\SmartSound Software
2007-12-15 14:28 --------- d-----w C:\Program Files\Sony
2007-12-15 14:16 --------- d-----w C:\Program Files\eMailTrackerPro
2007-12-15 14:15 --------- d-----w C:\Program Files\Visualware Security Suite
2007-12-15 14:15 --------- d-----w C:\Program Files\Batch Watermark Creator
2007-12-15 14:13 --------- d-----w C:\Program Files\Hasbro Interactive
2007-12-15 14:02 --------- d-----w C:\Program Files\Visual IP Trace 2007
2007-12-15 14:01 --------- d-----r C:\Program Files\TypingMaster
2007-12-15 13:50 --------- d-----w C:\Program Files\AudioStreamer
2007-12-15 13:49 --------- d-----w C:\Program Files\Amazon
2007-12-13 18:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-12-09 19:25 --------- d-----w C:\Program Files\dvdSanta
2007-12-08 06:59 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-08 06:59 --------- d-----w C:\Program Files\VSO
2007-12-03 18:52 --------- d-----w C:\Program Files\Super DVD Creator 8.0
2007-12-02 20:21 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-02 19:47 --------- d-----w C:\Program Files\SlySoft
2007-12-02 19:47 --------- d-----w C:\Program Files\Blaze Media Pro
2007-11-29 07:07 --------- d-----w C:\Program Files\McAfee
2007-11-28 01:33 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-22 21:06 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-06-13 10:23 843,776 --sha-r C:\WINDOWS\system32\slccma.exe
.
<pre>
----a-w		   240,112 2008-01-17 13:02:46  C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10 .exe
----a-w		   227,856 2008-01-17 23:42:48  C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp  .exe
</pre>


((((((((((((((((((((((((((((( snapshot_2008-01-26_15.26.32.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 20:11:47 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-27 07:19:55 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-26 20:11:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-27 07:19:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-26 20:11:48 11,091,968 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-27 07:19:55 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-26 20:11:48 122,880 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-27 07:19:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-26 20:11:48 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-27 07:19:56 11,091,968 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-26 20:11:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-27 07:19:56 122,880 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 03:38 7118848]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe" [2008-01-17 18:42 227856]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-01-17 18:43 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-07 01:16 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
DNSQueryTimeouts REG_MULTI_SZ 1 2 2 4 8 0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ken^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Ken\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-01-17 08:04 1649600 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auction Auto Bidder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-01-17 08:30 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 05:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet]
C:\Program Files\FlashGet\FlashGet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-05-01 08:28 602182 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 03:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2008-01-17 08:04 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-15 03:38 7118848 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-12-15 03:38 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P3000x_S2P]
C:\PROGRAM FILES\DELL\DELL LASER MFP 1600N\PSU\ScanToPc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-02-15 04:39 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-11-16 22:35 397312 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamBully 4]
C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4oe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 09:40]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 07:49]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S1 tdii;tdii;C:\WINDOWS\system32\drivers\tdii.sys []
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe" [2008-01-17 18:42]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 15:53]
S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\Ken\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 15:53]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{29FCEE19-7D85-1F31-71F8-D7CC9111458D}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 14:00:00 C:\WINDOWS\Tasks\Vista_Ultimate_International_x86_by_PiterPen.job"
- C:\Documents and Settings\Ken\My Documents\Azureus Downloads\Vista_Ultimate_International_x86_by_PiterPen.iso
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 02:24:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-27 2:29:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 07:29:16
ComboFix2.txt 2008-01-26 21:02:29
ComboFix3.txt 2008-01-26 20:27:45
ComboFix4.txt 2008-01-18 01:56:29
.
2008-01-23 09:03:48 --- E O F ---

hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:54 AM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Photolightning\autodetect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\showme.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.canoe.ca/home.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - http://eserv.sympati...adaPortalAX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Ken\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10372 bytes
  • 0

#12
kahdah
Posted 27 January 2008 - 08:26 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\drivers\tdii.sys 

RenV::
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10 .exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp  .exe

Driver::
"tdii"


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following report/logs into your next reply:
  • Combofix.txt
================================================================================
========
After doing the above Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with the Combofix log.

  • 0

#13
ken65
Posted 27 January 2008 - 09:05 AM

ken65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ComboFix 08-01-23.1C - Ken 2008-01-27 9:55:51.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.593 [GMT -5:00]
Running from: C:\Documents and Settings\Ken\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Ken\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\drivers\tdii.sys
.

((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-27 01:29 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-27 01:29 . 2007-11-24 13:09 211 --a------ C:\Boot.bak
2008-01-26 08:57 . 2008-01-26 08:58 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-25 17:17 . 2008-01-25 17:17 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-23 03:35 . 2008-01-23 03:35 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-22 22:37 . 2008-01-26 15:09 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-17 13:18 . 2008-01-17 13:18 <DIR> d-------- C:\Program Files\Panda Security
2008-01-17 13:15 . 2008-01-17 13:15 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-01-17 13:15 . 2007-07-12 07:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-01-17 13:15 . 2007-05-23 09:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-01-17 11:59 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-17 11:59 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-17 11:59 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-17 11:59 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-17 09:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 09:14 . 2008-01-17 09:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-17 07:57 . 2008-01-17 07:57 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-17 07:57 . 2008-01-17 07:57 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-17 07:54 . 2008-01-27 09:59 4,517,664 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-17 07:54 . 2008-01-27 09:59 81,952 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-17 07:54 . 2008-01-27 09:58 61,532 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-17 07:54 . 2008-01-27 09:58 8,708 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-17 07:36 . 2008-01-17 08:30 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-17 07:36 . 2008-01-17 08:30 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-13 17:39 . 2008-01-16 18:09 <DIR> d-------- C:\WINDOWS\.mpr_file_store_32
2008-01-12 19:56 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-12 19:56 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-12 08:52 . 2008-01-12 08:52 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-12 08:52 . 2008-01-12 08:52 <DIR> d-------- C:\kav
2007-12-31 08:49 . 2007-12-31 08:49 <DIR> d-------- C:\Program Files\PIXresizer
2007-12-31 08:49 . 2007-04-15 00:05 991,232 --a------ C:\WINDOWS\system32\imageviewer2.ocx
2007-12-31 08:49 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\system32\threed32.ocx
2007-12-31 08:49 . 1999-09-16 09:04 151,552 --a------ C:\WINDOWS\system32\ccrpfd6.ocx
2007-12-31 08:49 . 2000-05-01 23:02 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
2007-12-31 08:49 . 2000-07-09 18:15 106,496 --a------ C:\WINDOWS\system32\mbprgbar.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 21:55 --------- d-----w C:\Program Files\QuickTime
2008-01-17 21:54 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-17 18:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 20:53 --------- d-----w C:\Program Files\DivX
2007-12-23 06:34 --------- d-----w C:\Program Files\Azureus
2007-12-19 20:05 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-12-19 03:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-18 05:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-17 17:39 --------- d-----w C:\Program Files\DVD Flick
2007-12-16 15:30 --------- d-----w C:\Program Files\InterActual
2007-12-16 15:21 --------- d-----w C:\Program Files\Roxio
2007-12-16 15:20 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-12-16 15:18 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-12-16 15:13 --------- d-----w C:\Program Files\SmartSound Software
2007-12-15 14:28 --------- d-----w C:\Program Files\Sony
2007-12-15 14:16 --------- d-----w C:\Program Files\eMailTrackerPro
2007-12-15 14:15 --------- d-----w C:\Program Files\Visualware Security Suite
2007-12-15 14:15 --------- d-----w C:\Program Files\Batch Watermark Creator
2007-12-15 14:13 --------- d-----w C:\Program Files\Hasbro Interactive
2007-12-15 14:02 --------- d-----w C:\Program Files\Visual IP Trace 2007
2007-12-15 14:01 --------- d-----r C:\Program Files\TypingMaster
2007-12-15 13:50 --------- d-----w C:\Program Files\AudioStreamer
2007-12-15 13:49 --------- d-----w C:\Program Files\Amazon
2007-12-13 18:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-12-09 19:25 --------- d-----w C:\Program Files\dvdSanta
2007-12-08 06:59 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-08 06:59 --------- d-----w C:\Program Files\VSO
2007-12-03 18:52 --------- d-----w C:\Program Files\Super DVD Creator 8.0
2007-12-02 20:21 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-02 19:47 --------- d-----w C:\Program Files\SlySoft
2007-12-02 19:47 --------- d-----w C:\Program Files\Blaze Media Pro
2007-11-29 07:07 --------- d-----w C:\Program Files\McAfee
2007-11-28 01:33 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-22 21:06 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-06-13 10:23 843,776 --sha-r C:\WINDOWS\system32\slccma.exe
.
<pre>
----a-w		   227,856 2008-01-17 23:42:48  C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp  .exe
</pre>


((((((((((((((((((((((((((((( snapshot_2008-01-26_15.26.32.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 20:11:47 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-27 14:55:40 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-26 20:11:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-27 14:55:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-26 20:11:48 11,091,968 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-27 14:55:40 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-26 20:11:48 122,880 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-27 14:55:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-26 20:11:48 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-27 14:55:43 11,091,968 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-26 20:11:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-27 14:55:43 122,880 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-17 08:30 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 03:38 7118848]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe" [2008-01-17 18:42 227856]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-01-17 18:43 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-07 01:16 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
DNSQueryTimeouts REG_MULTI_SZ 1 2 2 4 8 0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ken^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Ken\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-01-17 08:04 1649600 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auction Auto Bidder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-01-17 08:30 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 05:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet]
C:\Program Files\FlashGet\FlashGet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-05-01 08:28 602182 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 03:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2008-01-17 08:04 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-15 03:38 7118848 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-12-15 03:38 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P3000x_S2P]
C:\PROGRAM FILES\DELL\DELL LASER MFP 1600N\PSU\ScanToPc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-02-15 04:39 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-11-16 22:35 397312 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamBully 4]
C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4oe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 09:40]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 07:49]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe" [2008-01-17 18:42]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 15:53]
S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\Ken\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 15:53]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{29FCEE19-7D85-1F31-71F8-D7CC9111458D}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 14:00:00 C:\WINDOWS\Tasks\Vista_Ultimate_International_x86_by_PiterPen.job"
- C:\Documents and Settings\Ken\My Documents\Azureus Downloads\Vista_Ultimate_International_x86_by_PiterPen.iso
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 09:59:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-27 10:03:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 15:03:37
ComboFix2.txt 2008-01-27 07:29:19
ComboFix3.txt 2008-01-26 21:02:29
ComboFix4.txt 2008-01-26 20:27:45
ComboFix5.txt 2008-01-18 01:56:29
.
2008-01-23 09:03:48 --- E O F ---
  • 0

#14
kahdah
Posted 27 January 2008 - 09:17 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok please go ahead with the Kaspersky scan and post those results.
Thank you. :)
  • 0

#15
ken65
Posted 27 January 2008 - 12:33 PM

ken65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 27, 2008 1:20:10 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/01/2008
Kaspersky Anti-Virus database records: 534108
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 96082
Number of viruses found: 6
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 01:40:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Ken\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\History\History.IE5\MSHist012008012720080128\index.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ken\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ken\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\catchme2008-01-17_165526.65.zip/geeba.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\QooBox\Quarantine\catchme2008-01-17_165526.65.zip/qttask.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\catchme2008-01-17_165526.65.zip/ctfmon.exe.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\catchme2008-01-17_165526.65.zip ZIP: infected - 3 skipped
C:\QooBox\Quarantine\catchme2008-01-17_205132.90.zip/geeba.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\QooBox\Quarantine\catchme2008-01-17_205132.90.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP813\A0183128.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP819\A0193232.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dqa skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP819\A0193233.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dqa skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP823\A0194335.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP825\A0196486.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP837\A0199940.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP837\A0199940.exe/WISE0017.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP837\A0199940.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP840\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\dxdgns.dll Infected: Backdoor.Win32.Beastdoor.ab skipped
C:\WINDOWS\SAA2E47F7.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.






ComboFix 08-01-23.1C - Ken 2008-01-27 13:21:27.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.552 [GMT -5:00]
Running from: C:\Documents and Settings\Ken\Desktop\ComboFix(2).exe
.

((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-27 10:06 . 2008-01-27 10:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-27 10:06 . 2008-01-27 10:06 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-27 01:29 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-27 01:29 . 2007-11-24 13:09 211 --a------ C:\Boot.bak
2008-01-26 08:57 . 2008-01-26 08:58 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-25 17:17 . 2008-01-25 17:17 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-23 03:35 . 2008-01-23 03:35 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-22 22:37 . 2008-01-26 15:09 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-17 13:18 . 2008-01-17 13:18 <DIR> d-------- C:\Program Files\Panda Security
2008-01-17 13:15 . 2008-01-17 13:15 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-01-17 13:15 . 2007-07-12 07:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-01-17 13:15 . 2007-05-23 09:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-01-17 11:59 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-17 11:59 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-17 11:59 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-17 11:59 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-17 09:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 09:14 . 2008-01-17 09:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-17 07:57 . 2008-01-17 07:57 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-17 07:57 . 2008-01-17 07:57 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-17 07:54 . 2008-01-27 13:25 4,564,256 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-17 07:54 . 2008-01-27 13:25 85,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-17 07:54 . 2008-01-27 09:58 61,532 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-17 07:54 . 2008-01-27 09:58 8,708 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-17 07:36 . 2008-01-17 08:30 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-17 07:36 . 2008-01-17 08:30 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-13 17:39 . 2008-01-16 18:09 <DIR> d-------- C:\WINDOWS\.mpr_file_store_32
2008-01-12 19:56 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-12 19:56 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-12 08:52 . 2008-01-12 08:52 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-12 08:52 . 2008-01-12 08:52 <DIR> d-------- C:\kav
2007-12-31 08:49 . 2007-12-31 08:49 <DIR> d-------- C:\Program Files\PIXresizer
2007-12-31 08:49 . 2007-04-15 00:05 991,232 --a------ C:\WINDOWS\system32\imageviewer2.ocx
2007-12-31 08:49 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\system32\threed32.ocx
2007-12-31 08:49 . 1999-09-16 09:04 151,552 --a------ C:\WINDOWS\system32\ccrpfd6.ocx
2007-12-31 08:49 . 2000-05-01 23:02 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
2007-12-31 08:49 . 2000-07-09 18:15 106,496 --a------ C:\WINDOWS\system32\mbprgbar.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 21:55 --------- d-----w C:\Program Files\QuickTime
2008-01-17 21:54 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-17 18:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 20:53 --------- d-----w C:\Program Files\DivX
2007-12-23 06:34 --------- d-----w C:\Program Files\Azureus
2007-12-19 20:05 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-12-19 03:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-18 05:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-18 05:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-17 17:39 --------- d-----w C:\Program Files\DVD Flick
2007-12-16 15:30 --------- d-----w C:\Program Files\InterActual
2007-12-16 15:21 --------- d-----w C:\Program Files\Roxio
2007-12-16 15:20 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-12-16 15:18 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-12-16 15:13 --------- d-----w C:\Program Files\SmartSound Software
2007-12-15 14:28 --------- d-----w C:\Program Files\Sony
2007-12-15 14:16 --------- d-----w C:\Program Files\eMailTrackerPro
2007-12-15 14:15 --------- d-----w C:\Program Files\Visualware Security Suite
2007-12-15 14:15 --------- d-----w C:\Program Files\Batch Watermark Creator
2007-12-15 14:13 --------- d-----w C:\Program Files\Hasbro Interactive
2007-12-15 14:02 --------- d-----w C:\Program Files\Visual IP Trace 2007
2007-12-15 14:01 --------- d-----r C:\Program Files\TypingMaster
2007-12-15 13:50 --------- d-----w C:\Program Files\AudioStreamer
2007-12-15 13:49 --------- d-----w C:\Program Files\Amazon
2007-12-13 18:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-09 19:25 --------- d-----w C:\Program Files\dvdSanta
2007-12-08 06:59 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-08 06:59 --------- d-----w C:\Program Files\VSO
2007-12-03 18:52 --------- d-----w C:\Program Files\Super DVD Creator 8.0
2007-12-02 20:21 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-02 19:47 --------- d-----w C:\Program Files\SlySoft
2007-12-02 19:47 --------- d-----w C:\Program Files\Blaze Media Pro
2007-11-29 07:07 --------- d-----w C:\Program Files\McAfee
2007-11-28 01:33 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-22 21:06 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-06-13 10:23 843,776 --sha-r C:\WINDOWS\system32\slccma.exe
.
<pre>
----a-w		   227,856 2008-01-17 23:42:48  C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp  .exe
</pre>


((((((((((((((((((((((((((((( snapshot_2008-01-26_15.26.32.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 20:11:47 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-27 14:55:40 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-26 20:11:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-27 14:55:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-26 20:11:48 11,091,968 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-27 14:55:40 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-26 20:11:48 122,880 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-27 14:55:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-26 20:11:48 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-27 14:55:43 11,091,968 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-26 20:11:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-27 14:55:43 122,880 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-17 08:30 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 03:38 7118848]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe" [2008-01-17 18:42 227856]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-01-17 18:43 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-07 01:16 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
DNSQueryTimeouts REG_MULTI_SZ 1 2 2 4 8 0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ken^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Ken\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-01-17 08:04 1649600 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auction Auto Bidder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-01-17 08:30 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 05:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet]
C:\Program Files\FlashGet\FlashGet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-05-01 08:28 602182 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 03:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2008-01-17 08:04 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-15 03:38 7118848 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-12-15 03:38 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P3000x_S2P]
C:\PROGRAM FILES\DELL\DELL LASER MFP 1600N\PSU\ScanToPc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-02-15 04:39 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-11-16 22:35 397312 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamBully 4]
C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4oe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 09:40]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 07:49]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe" [2008-01-17 18:42]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 15:53]
S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\Ken\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 15:53]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{29FCEE19-7D85-1F31-71F8-D7CC9111458D}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 14:00:00 C:\WINDOWS\Tasks\Vista_Ultimate_International_x86_by_PiterPen.job"
- C:\Documents and Settings\Ken\My Documents\Azureus Downloads\Vista_Ultimate_International_x86_by_PiterPen.iso
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 13:25:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-27 13:27:31
ComboFix-quarantined-files.txt 2008-01-27 18:27:29
ComboFix2.txt 2008-01-27 15:03:40
ComboFix3.txt 2008-01-27 07:29:19
ComboFix4.txt 2008-01-26 21:02:29
ComboFix5.txt 2008-01-26 20:27:45
.
2008-01-23 09:03:48 --- E O F ---
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP