Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dangerous Spammer on my Computer


  • Please log in to reply

#1
0isin

0isin

    New Member

  • Member
  • Pip
  • 9 posts
hey, so yeah. i have a really annoying prgram on my computer. it seems to be sending spam, and my ISP wants to close my account.
i have no clue what the prgram is called, the only reason that i know that it is sending spam is because Avast mail server is telling my in sending loads of spam.
i cant access the internet otherwise the spam will send out, and i dont really want that to happen.

so anyway, heres my HiJack this log, if you could help me thanks alot =)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:55 AM, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\LPhal.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2423041F-8B96-4280-95DC-709250944B8D} - C:\WINDOWS\system32\xxyxyvs.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...wlscbase969.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://sonypictures....aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFDC488F-42B5-4C59-807B-28ED3F83F192}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: aminpa - C:\WINDOWS\Help\aminpa.dll (file missing)
O20 - Winlogon Notify: xxyxyvs - C:\WINDOWS\SYSTEM32\xxyxyvs.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\WINDOWS\system32\LPhal.exe
O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\WINDOWS\system32\LPhal.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11952 bytes





IF YOU COULD HELP ME I WOULD BE VERY GREAT FULL!!

Edited by 0isin, 27 January 2008 - 01:42 PM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
0isin

0isin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
thank you so much for replying, my other computer is running combofix at the moment, the infected one , i will post the report when it is done, thank you so much for replying
  • 0

#4
0isin

0isin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
heres my log from combofix - thanks again for replying. i also included it for download if you need to.


ComboFix 08-01-23.1C - OiSiN 2008-01-26 22:22:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.192 [GMT -5:00]
Running from: C:\Documents and Settings\OiSiN\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\ktsfkbml.dll
C:\Documents and Settings\OiSiN\Application Data\hidires
C:\Documents and Settings\OiSiN\My Documents\pos1000.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1001.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1002.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1003.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1004.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1005.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1006.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1007.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1008.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1009.tmp
C:\Documents and Settings\OiSiN\My Documents\pos100A.tmp
C:\Documents and Settings\OiSiN\My Documents\pos100B.tmp
C:\Documents and Settings\OiSiN\My Documents\pos100C.tmp
C:\Documents and Settings\OiSiN\My Documents\pos100D.tmp
C:\Documents and Settings\OiSiN\My Documents\pos100E.tmp
C:\Documents and Settings\OiSiN\My Documents\pos100F.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1010.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1011.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1012.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1013.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1014.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1015.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1016.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1017.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1018.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1019.tmp
C:\Documents and Settings\OiSiN\My Documents\pos101A.tmp
C:\Documents and Settings\OiSiN\My Documents\pos101B.tmp
C:\Documents and Settings\OiSiN\My Documents\pos101C.tmp
C:\Documents and Settings\OiSiN\My Documents\pos101D.tmp
C:\Documents and Settings\OiSiN\My Documents\pos101E.tmp
C:\Documents and Settings\OiSiN\My Documents\pos101F.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1020.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1021.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1022.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1023.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1024.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1025.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1026.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1027.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1028.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1029.tmp
C:\Documents and Settings\OiSiN\My Documents\pos102A.tmp
C:\Documents and Settings\OiSiN\My Documents\pos102B.tmp
C:\Documents and Settings\OiSiN\My Documents\pos102C.tmp
C:\Documents and Settings\OiSiN\My Documents\pos102D.tmp
C:\Documents and Settings\OiSiN\My Documents\pos102E.tmp
C:\Documents and Settings\OiSiN\My Documents\pos102F.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1030.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1031.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1032.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1033.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1034.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1035.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1036.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1037.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1038.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1039.tmp
C:\Documents and Settings\OiSiN\My Documents\pos103A.tmp
C:\Documents and Settings\OiSiN\My Documents\pos103B.tmp
C:\Documents and Settings\OiSiN\My Documents\pos103C.tmp
C:\Documents and Settings\OiSiN\My Documents\pos103D.tmp
C:\Documents and Settings\OiSiN\My Documents\pos103E.tmp
C:\Documents and Settings\OiSiN\My Documents\pos103F.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1040.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1041.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1042.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1043.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1044.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1045.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1046.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1047.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1048.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1049.tmp
C:\Documents and Settings\OiSiN\My Documents\pos104A.tmp
C:\Documents and Settings\OiSiN\My Documents\pos104B.tmp
C:\Documents and Settings\OiSiN\My Documents\pos104C.tmp
C:\Documents and Settings\OiSiN\My Documents\pos104D.tmp
C:\Documents and Settings\OiSiN\My Documents\pos104E.tmp
C:\Documents and Settings\OiSiN\My Documents\pos104F.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1050.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1051.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1052.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1053.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1054.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1055.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1056.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1057.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1058.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1059.tmp
C:\Documents and Settings\OiSiN\My Documents\pos105A.tmp
C:\Documents and Settings\OiSiN\My Documents\pos105B.tmp
C:\Documents and Settings\OiSiN\My Documents\pos105C.tmp
C:\Documents and Settings\OiSiN\My Documents\pos105D.tmp
C:\Documents and Settings\OiSiN\My Documents\pos105E.tmp
C:\Documents and Settings\OiSiN\My Documents\pos105F.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1060.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1061.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1062.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1063.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1064.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1065.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1066.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1067.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1068.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1069.tmp
C:\Documents and Settings\OiSiN\My Documents\pos106A.tmp
C:\Documents and Settings\OiSiN\My Documents\pos106B.tmp
C:\Documents and Settings\OiSiN\My Documents\pos106C.tmp
C:\Documents and Settings\OiSiN\My Documents\pos106D.tmp
C:\Documents and Settings\OiSiN\My Documents\pos106E.tmp
C:\Documents and Settings\OiSiN\My Documents\pos106F.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1070.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1071.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1072.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1073.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1074.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1075.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1076.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1077.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1078.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1079.tmp
C:\Documents and Settings\OiSiN\My Documents\pos107A.tmp
C:\Documents and Settings\OiSiN\My Documents\pos107B.tmp
C:\Documents and Settings\OiSiN\My Documents\pos107C.tmp
C:\Documents and Settings\OiSiN\My Documents\pos107D.tmp
C:\Documents and Settings\OiSiN\My Documents\pos107E.tmp
C:\Documents and Settings\OiSiN\My Documents\pos107F.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1080.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1081.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1082.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1083.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1084.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1085.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1086.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1087.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1088.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1089.tmp
C:\Documents and Settings\OiSiN\My Documents\pos108A.tmp
C:\Documents and Settings\OiSiN\My Documents\pos108B.tmp
C:\Documents and Settings\OiSiN\My Documents\pos108C.tmp
C:\Documents and Settings\OiSiN\My Documents\pos108D.tmp
C:\Documents and Settings\OiSiN\My Documents\pos108E.tmp
C:\Documents and Settings\OiSiN\My Documents\pos108F.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1090.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1091.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1092.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1093.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1094.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1095.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1096.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1097.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1098.tmp
C:\Documents and Settings\OiSiN\My Documents\pos1099.tmp
C:\Documents and Settings\OiSiN\My Documents\pos109A.tmp
C:\Documents and Settings\OiSiN\My Documents\pos109B.tmp
C:\Documents and Settings\OiSiN\My Documents\pos109C.tmp
C:\Documents and Settings\OiSiN\My Documents\pos109D.tmp
C:\Documents and Settings\OiSiN\My Documents\pos109E.tmp
C:\Documents and Settings\OiSiN\My Documents\pos109F.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10A0.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10A1.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10A2.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10A3.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10A4.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10A5.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10A6.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10A7.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10A8.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10A9.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10AA.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10AB.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10AC.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10AD.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10AE.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10AF.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10B0.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10B1.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10B2.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10B3.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10B4.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10B5.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10B6.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10B7.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10B8.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10B9.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10BA.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10BB.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10BC.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10BD.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10BE.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10BF.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10C0.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10C1.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10C2.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10C3.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10C4.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10C5.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10C6.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10C7.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10C8.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10C9.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10CA.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10CB.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10CC.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10CD.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10CE.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10CF.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10D0.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10D1.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10D2.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10D3.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10D4.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10D5.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10D6.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10D7.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10D8.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10D9.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10DA.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10DB.tmp
C:\Documents and Settings\OiSiN\My Documents\pos10DC.tmp
C:\Documents and Settings\OiSiN\My Documents\posEE9.tmp
C:\Documents and Settings\OiSiN\My Documents\posEEA.tmp
C:\Documents and Settings\OiSiN\My Documents\posEEB.tmp
C:\Documents and Settings\OiSiN\My Documents\posEEC.tmp
C:\Documents and Settings\OiSiN\My Documents\posEED.tmp
C:\Documents and Settings\OiSiN\My Documents\posEEE.tmp
C:\Documents and Settings\OiSiN\My Documents\posEEF.tmp
C:\Documents and Settings\OiSiN\My Documents\posEF0.tmp
C:\Documents and Settings\OiSiN\My Documents\posEF1.tmp
C:\Documents and Settings\OiSiN\My Documents\posEF2.tmp
C:\Documents and Settings\OiSiN\My Documents\posEF3.tmp
C:\Documents and Settings\OiSiN\My Documents\posEF4.tmp
C:\Documents and Settings\OiSiN\My Documents\posEF5.tmp
C:\Documents and Settings\OiSiN\My Documents\posEF6.tmp
C:\Documents and Settings\OiSiN\My Documents\posEF7.tmp
C:\Documents and Settings\OiSiN\My Documents\posEF8.tmp
C:\Documents and Settings\OiSiN\My Documents\posEF9.tmp
C:\Documents and Settings\OiSiN\My Documents\posEFA.tmp
C:\Documents and Settings\OiSiN\My Documents\posEFB.tmp
C:\Documents and Settings\OiSiN\My Documents\posEFC.tmp
C:\Documents and Settings\OiSiN\My Documents\posEFD.tmp
C:\Documents and Settings\OiSiN\My Documents\posEFE.tmp
C:\Documents and Settings\OiSiN\My Documents\posEFF.tmp
C:\Documents and Settings\OiSiN\My Documents\posF00.tmp
C:\Documents and Settings\OiSiN\My Documents\posF01.tmp
C:\Documents and Settings\OiSiN\My Documents\posF02.tmp
C:\Documents and Settings\OiSiN\My Documents\posF03.tmp
C:\Documents and Settings\OiSiN\My Documents\posF04.tmp
C:\Documents and Settings\OiSiN\My Documents\posF05.tmp
C:\Documents and Settings\OiSiN\My Documents\posF06.tmp
C:\Documents and Settings\OiSiN\My Documents\posF07.tmp
C:\Documents and Settings\OiSiN\My Documents\posF08.tmp
C:\Documents and Settings\OiSiN\My Documents\posF09.tmp
C:\Documents and Settings\OiSiN\My Documents\posF0A.tmp
C:\Documents and Settings\OiSiN\My Documents\posF0B.tmp
C:\Documents and Settings\OiSiN\My Documents\posF0C.tmp
C:\Documents and Settings\OiSiN\My Documents\posF0D.tmp
C:\Documents and Settings\OiSiN\My Documents\posF0E.tmp
C:\Documents and Settings\OiSiN\My Documents\posF0F.tmp
C:\Documents and Settings\OiSiN\My Documents\posF10.tmp
C:\Documents and Settings\OiSiN\My Documents\posF11.tmp
C:\Documents and Settings\OiSiN\My Documents\posF12.tmp
C:\Documents and Settings\OiSiN\My Documents\posF13.tmp
C:\Documents and Settings\OiSiN\My Documents\posF14.tmp
C:\Documents and Settings\OiSiN\My Documents\posF15.tmp
C:\Documents and Settings\OiSiN\My Documents\posF16.tmp
C:\Documents and Settings\OiSiN\My Documents\posF17.tmp
C:\Documents and Settings\OiSiN\My Documents\posF18.tmp
C:\Documents and Settings\OiSiN\My Documents\posF19.tmp
C:\Documents and Settings\OiSiN\My Documents\posF1A.tmp
C:\Documents and Settings\OiSiN\My Documents\posF1B.tmp
C:\Documents and Settings\OiSiN\My Documents\posF1C.tmp
C:\Documents and Settings\OiSiN\My Documents\posF1D.tmp
C:\Documents and Settings\OiSiN\My Documents\posF1E.tmp
C:\Documents and Settings\OiSiN\My Documents\posF1F.tmp
C:\Documents and Settings\OiSiN\My Documents\posF20.tmp
C:\Documents and Settings\OiSiN\My Documents\posF21.tmp
C:\Documents and Settings\OiSiN\My Documents\posF22.tmp
C:\Documents and Settings\OiSiN\My Documents\posF23.tmp
C:\Documents and Settings\OiSiN\My Documents\posF24.tmp
C:\Documents and Settings\OiSiN\My Documents\posF25.tmp
C:\Documents and Settings\OiSiN\My Documents\posF26.tmp
C:\Documents and Settings\OiSiN\My Documents\posF27.tmp
C:\Documents and Settings\OiSiN\My Documents\posF28.tmp
C:\Documents and Settings\OiSiN\My Documents\posF29.tmp
C:\Documents and Settings\OiSiN\My Documents\posF2A.tmp
C:\Documents and Settings\OiSiN\My Documents\posF2B.tmp
C:\Documents and Settings\OiSiN\My Documents\posF2C.tmp
C:\Documents and Settings\OiSiN\My Documents\posF2D.tmp
C:\Documents and Settings\OiSiN\My Documents\posF2E.tmp
C:\Documents and Settings\OiSiN\My Documents\posF2F.tmp
C:\Documents and Settings\OiSiN\My Documents\posF30.tmp
C:\Documents and Settings\OiSiN\My Documents\posF31.tmp
C:\Documents and Settings\OiSiN\My Documents\posF32.tmp
C:\Documents and Settings\OiSiN\My Documents\posF33.tmp
C:\Documents and Settings\OiSiN\My Documents\posF34.tmp
C:\Documents and Settings\OiSiN\My Documents\posF35.tmp
C:\Documents and Settings\OiSiN\My Documents\posF36.tmp
C:\Documents and Settings\OiSiN\My Documents\posF37.tmp
C:\Documents and Settings\OiSiN\My Documents\posF38.tmp
C:\Documents and Settings\OiSiN\My Documents\posF39.tmp
C:\Documents and Settings\OiSiN\My Documents\posF3A.tmp
C:\Documents and Settings\OiSiN\My Documents\posF3B.tmp
C:\Documents and Settings\OiSiN\My Documents\posF3C.tmp
C:\Documents and Settings\OiSiN\My Documents\posF3D.tmp
C:\Documents and Settings\OiSiN\My Documents\posF3E.tmp
C:\Documents and Settings\OiSiN\My Documents\posF3F.tmp
C:\Documents and Settings\OiSiN\My Documents\posF40.tmp
C:\Documents and Settings\OiSiN\My Documents\posF41.tmp
C:\Documents and Settings\OiSiN\My Documents\posF42.tmp
C:\Documents and Settings\OiSiN\My Documents\posF43.tmp
C:\Documents and Settings\OiSiN\My Documents\posF44.tmp
C:\Documents and Settings\OiSiN\My Documents\posF45.tmp
C:\Documents and Settings\OiSiN\My Documents\posF46.tmp
C:\Documents and Settings\OiSiN\My Documents\posF47.tmp
C:\Documents and Settings\OiSiN\My Documents\posF48.tmp
C:\Documents and Settings\OiSiN\My Documents\posF49.tmp
C:\Documents and Settings\OiSiN\My Documents\posF4A.tmp
C:\Documents and Settings\OiSiN\My Documents\posF4B.tmp
C:\Documents and Settings\OiSiN\My Documents\posF4C.tmp
C:\Documents and Settings\OiSiN\My Documents\posF4D.tmp
C:\Documents and Settings\OiSiN\My Documents\posF4E.tmp
C:\Documents and Settings\OiSiN\My Documents\posF4F.tmp
C:\Documents and Settings\OiSiN\My Documents\posF50.tmp
C:\Documents and Settings\OiSiN\My Documents\posF51.tmp
C:\Documents and Settings\OiSiN\My Documents\posF52.tmp
C:\Documents and Settings\OiSiN\My Documents\posF53.tmp
C:\Documents and Settings\OiSiN\My Documents\posF54.tmp
C:\Documents and Settings\OiSiN\My Documents\posF55.tmp
C:\Documents and Settings\OiSiN\My Documents\posF56.tmp
C:\Documents and Settings\OiSiN\My Documents\posF57.tmp
C:\Documents and Settings\OiSiN\My Documents\posF58.tmp
C:\Documents and Settings\OiSiN\My Documents\posF59.tmp
C:\Documents and Settings\OiSiN\My Documents\posF5A.tmp
C:\Documents and Settings\OiSiN\My Documents\posF5B.tmp
C:\Documents and Settings\OiSiN\My Documents\posF5C.tmp
C:\Documents and Settings\OiSiN\My Documents\posF5D.tmp
C:\Documents and Settings\OiSiN\My Documents\posF5E.tmp
C:\Documents and Settings\OiSiN\My Documents\posF5F.tmp
C:\Documents and Settings\OiSiN\My Documents\posF60.tmp
C:\Documents and Settings\OiSiN\My Documents\posF61.tmp
C:\Documents and Settings\OiSiN\My Documents\posF62.tmp
C:\Documents and Settings\OiSiN\My Documents\posF63.tmp
C:\Documents and Settings\OiSiN\My Documents\posF64.tmp
C:\Documents and Settings\OiSiN\My Documents\posF65.tmp
C:\Documents and Settings\OiSiN\My Documents\posF66.tmp
C:\Documents and Settings\OiSiN\My Documents\posF67.tmp
C:\Documents and Settings\OiSiN\My Documents\posF68.tmp
C:\Documents and Settings\OiSiN\My Documents\posF69.tmp
C:\Documents and Settings\OiSiN\My Documents\posF6A.tmp
C:\Documents and Settings\OiSiN\My Documents\posF6B.tmp
C:\Documents and Settings\OiSiN\My Documents\posF6C.tmp
C:\Documents and Settings\OiSiN\My Documents\posF6D.tmp
C:\Documents and Settings\OiSiN\My Documents\posF6E.tmp
C:\Documents and Settings\OiSiN\My Documents\posF6F.tmp
C:\Documents and Settings\OiSiN\My Documents\posF70.tmp
C:\Documents and Settings\OiSiN\My Documents\posF71.tmp
C:\Documents and Settings\OiSiN\My Documents\posF72.tmp
C:\Documents and Settings\OiSiN\My Documents\posF73.tmp
C:\Documents and Settings\OiSiN\My Documents\posF74.tmp
C:\Documents and Settings\OiSiN\My Documents\posF75.tmp
C:\Documents and Settings\OiSiN\My Documents\posF76.tmp
C:\Documents and Settings\OiSiN\My Documents\posF77.tmp
C:\Documents and Settings\OiSiN\My Documents\posF78.tmp
C:\Documents and Settings\OiSiN\My Documents\posF79.tmp
C:\Documents and Settings\OiSiN\My Documents\posF7A.tmp
C:\Documents and Settings\OiSiN\My Documents\posF7B.tmp
C:\Documents and Settings\OiSiN\My Documents\posF7C.tmp
C:\Documents and Settings\OiSiN\My Documents\posF7D.tmp
C:\Documents and Settings\OiSiN\My Documents\posF7E.tmp
C:\Documents and Settings\OiSiN\My Documents\posF7F.tmp
C:\Documents and Settings\OiSiN\My Documents\posF80.tmp
C:\Documents and Settings\OiSiN\My Documents\posF81.tmp
C:\Documents and Settings\OiSiN\My Documents\posF82.tmp
C:\Documents and Settings\OiSiN\My Documents\posF83.tmp
C:\Documents and Settings\OiSiN\My Documents\posF84.tmp
C:\Documents and Settings\OiSiN\My Documents\posF85.tmp
C:\Documents and Settings\OiSiN\My Documents\posF86.tmp
C:\Documents and Settings\OiSiN\My Documents\posF87.tmp
C:\Documents and Settings\OiSiN\My Documents\posF88.tmp
C:\Documents and Settings\OiSiN\My Documents\posF89.tmp
C:\Documents and Settings\OiSiN\My Documents\posF8A.tmp
C:\Documents and Settings\OiSiN\My Documents\posF8B.tmp
C:\Documents and Settings\OiSiN\My Documents\posF8C.tmp
C:\Documents and Settings\OiSiN\My Documents\posF8D.tmp
C:\Documents and Settings\OiSiN\My Documents\posF8E.tmp
C:\Documents and Settings\OiSiN\My Documents\posF8F.tmp
C:\Documents and Settings\OiSiN\My Documents\posF90.tmp
C:\Documents and Settings\OiSiN\My Documents\posF91.tmp
C:\Documents and Settings\OiSiN\My Documents\posF92.tmp
C:\Documents and Settings\OiSiN\My Documents\posF93.tmp
C:\Documents and Settings\OiSiN\My Documents\posF94.tmp
C:\Documents and Settings\OiSiN\My Documents\posF95.tmp
C:\Documents and Settings\OiSiN\My Documents\posF96.tmp
C:\Documents and Settings\OiSiN\My Documents\posF97.tmp
C:\Documents and Settings\OiSiN\My Documents\posF98.tmp
C:\Documents and Settings\OiSiN\My Documents\posF99.tmp
C:\Documents and Settings\OiSiN\My Documents\posF9A.tmp
C:\Documents and Settings\OiSiN\My Documents\posF9B.tmp
C:\Documents and Settings\OiSiN\My Documents\posF9C.tmp
C:\Documents and Settings\OiSiN\My Documents\posF9D.tmp
C:\Documents and Settings\OiSiN\My Documents\posF9E.tmp
C:\Documents and Settings\OiSiN\My Documents\posF9F.tmp
C:\Documents and Settings\OiSiN\My Documents\posFA0.tmp
C:\Documents and Settings\OiSiN\My Documents\posFA1.tmp
C:\Documents and Settings\OiSiN\My Documents\posFA2.tmp
C:\Documents and Settings\OiSiN\My Documents\posFA3.tmp
C:\Documents and Settings\OiSiN\My Documents\posFA4.tmp
C:\Documents and Settings\OiSiN\My Documents\posFA5.tmp
C:\Documents and Settings\OiSiN\My Documents\posFA6.tmp
C:\Documents and Settings\OiSiN\My Documents\posFA7.tmp
C:\Documents and Settings\OiSiN\My Documents\posFA8.tmp
C:\Documents and Settings\OiSiN\My Documents\posFA9.tmp
C:\Documents and Settings\OiSiN\My Documents\posFAA.tmp
C:\Documents and Settings\OiSiN\My Documents\posFAB.tmp
C:\Documents and Settings\OiSiN\My Documents\posFAC.tmp
C:\Documents and Settings\OiSiN\My Documents\posFAD.tmp
C:\Documents and Settings\OiSiN\My Documents\posFAE.tmp
C:\Documents and Settings\OiSiN\My Documents\posFAF.tmp
C:\Documents and Settings\OiSiN\My Documents\posFB0.tmp
C:\Documents and Settings\OiSiN\My Documents\posFB1.tmp
C:\Documents and Settings\OiSiN\My Documents\posFB2.tmp
C:\Documents and Settings\OiSiN\My Documents\posFB3.tmp
C:\Documents and Settings\OiSiN\My Documents\posFB4.tmp
C:\Documents and Settings\OiSiN\My Documents\posFB5.tmp
C:\Documents and Settings\OiSiN\My Documents\posFB6.tmp
C:\Documents and Settings\OiSiN\My Documents\posFB7.tmp
C:\Documents and Settings\OiSiN\My Documents\posFB8.tmp
C:\Documents and Settings\OiSiN\My Documents\posFB9.tmp
C:\Documents and Settings\OiSiN\My Documents\posFBA.tmp
C:\Documents and Settings\OiSiN\My Documents\posFBB.tmp
C:\Documents and Settings\OiSiN\My Documents\posFBC.tmp
C:\Documents and Settings\OiSiN\My Documents\posFBD.tmp
C:\Documents and Settings\OiSiN\My Documents\posFBE.tmp
C:\Documents and Settings\OiSiN\My Documents\posFBF.tmp
C:\Documents and Settings\OiSiN\My Documents\posFC0.tmp
C:\Documents and Settings\OiSiN\My Documents\posFC1.tmp
C:\Documents and Settings\OiSiN\My Documents\posFC2.tmp
C:\Documents and Settings\OiSiN\My Documents\posFC3.tmp
C:\Documents and Settings\OiSiN\My Documents\posFC4.tmp
C:\Documents and Settings\OiSiN\My Documents\posFC5.tmp
C:\Documents and Settings\OiSiN\My Documents\posFC6.tmp
C:\Documents and Settings\OiSiN\My Documents\posFC7.tmp
C:\Documents and Settings\OiSiN\My Documents\posFC8.tmp
C:\Documents and Settings\OiSiN\My Documents\posFC9.tmp
C:\Documents and Settings\OiSiN\My Documents\posFCA.tmp
C:\Documents and Settings\OiSiN\My Documents\posFCB.tmp
C:\Documents and Settings\OiSiN\My Documents\posFCC.tmp
C:\Documents and Settings\OiSiN\My Documents\posFCD.tmp
C:\Documents and Settings\OiSiN\My Documents\posFCE.tmp
C:\Documents and Settings\OiSiN\My Documents\posFCF.tmp
C:\Documents and Settings\OiSiN\My Documents\posFD0.tmp
C:\Documents and Settings\OiSiN\My Documents\posFD1.tmp
C:\Documents and Settings\OiSiN\My Documents\posFD2.tmp
C:\Documents and Settings\OiSiN\My Documents\posFD3.tmp
C:\Documents and Settings\OiSiN\My Documents\posFD4.tmp
C:\Documents and Settings\OiSiN\My Documents\posFD5.tmp
C:\Documents and Settings\OiSiN\My Documents\posFD6.tmp
C:\Documents and Settings\OiSiN\My Documents\posFD7.tmp
C:\Documents and Settings\OiSiN\My Documents\posFD8.tmp
C:\Documents and Settings\OiSiN\My Documents\posFD9.tmp
C:\Documents and Settings\OiSiN\My Documents\posFDA.tmp
C:\Documents and Settings\OiSiN\My Documents\posFDB.tmp
C:\Documents and Settings\OiSiN\My Documents\posFDC.tmp
C:\Documents and Settings\OiSiN\My Documents\posFDD.tmp
C:\Documents and Settings\OiSiN\My Documents\posFDE.tmp
C:\Documents and Settings\OiSiN\My Documents\posFDF.tmp
C:\Documents and Settings\OiSiN\My Documents\posFE0.tmp
C:\Documents and Settings\OiSiN\My Documents\posFE1.tmp
C:\Documents and Settings\OiSiN\My Documents\posFE2.tmp
C:\Documents and Settings\OiSiN\My Documents\posFE3.tmp
C:\Documents and Settings\OiSiN\My Documents\posFE4.tmp
C:\Documents and Settings\OiSiN\My Documents\posFE5.tmp
C:\Documents and Settings\OiSiN\My Documents\posFE6.tmp
C:\Documents and Settings\OiSiN\My Documents\posFE7.tmp
C:\Documents and Settings\OiSiN\My Documents\posFE8.tmp
C:\Documents and Settings\OiSiN\My Documents\posFE9.tmp
C:\Documents and Settings\OiSiN\My Documents\posFEA.tmp
C:\Documents and Settings\OiSiN\My Documents\posFEB.tmp
C:\Documents and Settings\OiSiN\My Documents\posFEC.tmp
C:\Documents and Settings\OiSiN\My Documents\posFED.tmp
C:\Documents and Settings\OiSiN\My Documents\posFEE.tmp
C:\Documents and Settings\OiSiN\My Documents\posFEF.tmp
C:\Documents and Settings\OiSiN\My Documents\posFF0.tmp
C:\Documents and Settings\OiSiN\My Documents\posFF1.tmp
C:\Documents and Settings\OiSiN\My Documents\posFF2.tmp
C:\Documents and Settings\OiSiN\My Documents\posFF3.tmp
C:\Documents and Settings\OiSiN\My Documents\posFF4.tmp
C:\Documents and Settings\OiSiN\My Documents\posFF5.tmp
C:\Documents and Settings\OiSiN\My Documents\posFF6.tmp
C:\Documents and Settings\OiSiN\My Documents\posFF7.tmp
C:\Documents and Settings\OiSiN\My Documents\posFF8.tmp
C:\Documents and Settings\OiSiN\My Documents\posFF9.tmp
C:\Documents and Settings\OiSiN\My Documents\posFFA.tmp
C:\Documents and Settings\OiSiN\My Documents\posFFB.tmp
C:\Documents and Settings\OiSiN\My Documents\posFFC.tmp
C:\Documents and Settings\OiSiN\My Documents\posFFD.tmp
C:\Documents and Settings\OiSiN\My Documents\posFFE.tmp
C:\Documents and Settings\OiSiN\My Documents\posFFF.tmp
C:\Documents and Settings\Zoe\My Documents\pos250.tmp
C:\Documents and Settings\Zoe\My Documents\pos251.tmp
C:\Documents and Settings\Zoe\My Documents\pos252.tmp
C:\Documents and Settings\Zoe\My Documents\pos253.tmp
C:\Documents and Settings\Zoe\My Documents\pos254.tmp
C:\Documents and Settings\Zoe\My Documents\pos255.tmp
C:\Documents and Settings\Zoe\My Documents\pos256.tmp
C:\Documents and Settings\Zoe\My Documents\pos257.tmp
C:\Documents and Settings\Zoe\My Documents\pos258.tmp
C:\Documents and Settings\Zoe\My Documents\pos259.tmp
C:\Documents and Settings\Zoe\My Documents\pos25A.tmp
C:\Documents and Settings\Zoe\My Documents\pos25B.tmp
C:\Documents and Settings\Zoe\My Documents\pos25C.tmp
C:\Documents and Settings\Zoe\My Documents\pos25D.tmp
C:\Documents and Settings\Zoe\My Documents\pos25E.tmp
C:\Documents and Settings\Zoe\My Documents\pos25F.tmp
C:\Documents and Settings\Zoe\My Documents\pos260.tmp
C:\Documents and Settings\Zoe\My Documents\pos261.tmp
C:\Documents and Settings\Zoe\My Documents\pos262.tmp
C:\Documents and Settings\Zoe\My Documents\pos263.tmp
C:\Documents and Settings\Zoe\My Documents\pos264.tmp
C:\Documents and Settings\Zoe\My Documents\pos265.tmp
C:\Documents and Settings\Zoe\My Documents\pos266.tmp
C:\Documents and Settings\Zoe\My Documents\pos267.tmp
C:\Documents and Settings\Zoe\My Documents\pos268.tmp
C:\Documents and Settings\Zoe\My Documents\pos269.tmp
C:\Documents and Settings\Zoe\My Documents\pos26A.tmp
C:\Documents and Settings\Zoe\My Documents\pos26B.tmp
C:\Documents and Settings\Zoe\My Documents\pos26C.tmp
C:\Documents and Settings\Zoe\My Documents\pos26D.tmp
C:\Documents and Settings\Zoe\My Documents\pos26E.tmp
C:\Documents and Settings\Zoe\My Documents\pos26F.tmp
C:\Documents and Settings\Zoe\My Documents\pos270.tmp
C:\Documents and Settings\Zoe\My Documents\pos271.tmp
C:\Documents and Settings\Zoe\My Documents\pos272.tmp
C:\Documents and Settings\Zoe\My Documents\pos273.tmp
C:\Documents and Settings\Zoe\My Documents\pos274.tmp
C:\Documents and Settings\Zoe\My Documents\pos275.tmp
C:\Documents and Settings\Zoe\My Documents\pos276.tmp
C:\Documents and Settings\Zoe\My Documents\pos277.tmp
C:\Documents and Settings\Zoe\My Documents\pos278.tmp
C:\Documents and Settings\Zoe\My Documents\pos279.tmp
C:\Documents and Settings\Zoe\My Documents\pos27A.tmp
C:\Documents and Settings\Zoe\My Documents\pos27B.tmp
C:\Documents and Settings\Zoe\My Documents\pos27C.tmp
C:\Documents and Settings\Zoe\My Documents\pos27D.tmp
C:\Documents and Settings\Zoe\My Documents\pos27E.tmp
C:\Documents and Settings\Zoe\My Documents\pos27F.tmp
C:\Documents and Settings\Zoe\My Documents\pos280.tmp
C:\Documents and Settings\Zoe\My Documents\pos281.tmp
C:\Documents and Settings\Zoe\My Documents\pos282.tmp
C:\Documents and Settings\Zoe\My Documents\pos283.tmp
C:\Documents and Settings\Zoe\My Documents\pos284.tmp
C:\Documents and Settings\Zoe\My Documents\pos285.tmp
C:\Documents and Settings\Zoe\My Documents\pos286.tmp
C:\Documents and Settings\Zoe\My Documents\pos287.tmp
C:\Documents and Settings\Zoe\My Documents\pos288.tmp
C:\Documents and Settings\Zoe\My Documents\pos289.tmp
C:\Documents and Settings\Zoe\My Documents\pos28A.tmp
C:\Documents and Settings\Zoe\My Documents\pos28B.tmp
C:\Documents and Settings\Zoe\My Documents\pos28C.tmp
C:\Documents and Settings\Zoe\My Documents\pos28D.tmp
C:\Documents and Settings\Zoe\My Documents\pos28E.tmp
C:\Documents and Settings\Zoe\My Documents\pos28F.tmp
C:\Documents and Settings\Zoe\My Documents\pos290.tmp
C:\Documents and Settings\Zoe\My Documents\pos291.tmp
C:\Documents and Settings\Zoe\My Documents\pos292.tmp
C:\Documents and Settings\Zoe\My Documents\pos293.tmp
C:\Documents and Settings\Zoe\My Documents\pos294.tmp
C:\Documents and Settings\Zoe\My Documents\pos295.tmp
C:\Documents and Settings\Zoe\My Documents\pos296.tmp
C:\Documents and Settings\Zoe\My Documents\pos297.tmp
C:\Documents and Settings\Zoe\My Documents\pos298.tmp
C:\Documents and Settings\Zoe\My Documents\pos299.tmp
C:\Documents and Settings\Zoe\My Documents\pos29A.tmp
C:\Documents and Settings\Zoe\My Documents\pos29B.tmp
C:\Documents and Settings\Zoe\My Documents\pos29C.tmp
C:\Documents and Settings\Zoe\My Documents\pos29D.tmp
C:\Documents and Settings\Zoe\My Documents\pos29E.tmp
C:\Documents and Settings\Zoe\My Documents\pos29F.tmp
C:\Documents and Settings\Zoe\My Documents\pos2A0.tmp
C:\Documents and Settings\Zoe\My Documents\pos2A1.tmp
C:\Documents and Settings\Zoe\My Documents\pos2A2.tmp
C:\Documents and Settings\Zoe\My Documents\pos2A3.tmp
C:\Documents and Settings\Zoe\My Documents\pos2A4.tmp
C:\Documents and Settings\Zoe\My Documents\pos2A5.tmp
C:\Documents and Settings\Zoe\My Documents\pos2A6.tmp
C:\Documents and Settings\Zoe\My Documents\pos2A7.tmp
C:\Documents and Settings\Zoe\My Documents\pos2A8.tmp
C:\Documents and Settings\Zoe\My Documents\pos2A9.tmp
C:\Documents and Settings\Zoe\My Documents\pos2AA.tmp
C:\Documents and Settings\Zoe\My Documents\pos2AB.tmp
C:\Documents and Settings\Zoe\My Documents\pos2AC.tmp
C:\Documents and Settings\Zoe\My Documents\pos2AD.tmp
C:\Documents and Settings\Zoe\My Documents\pos2AE.tmp
C:\Documents and Settings\Zoe\My Documents\pos2AF.tmp
C:\Documents and Settings\Zoe\My Documents\pos2B0.tmp
C:\Documents and Settings\Zoe\My Documents\pos2B1.tmp
C:\Documents and Settings\Zoe\My Documents\pos2B2.tmp
C:\Documents and Settings\Zoe\My Documents\pos2B3.tmp
C:\Documents and Settings\Zoe\My Documents\pos2B4.tmp
C:\Documents and Settings\Zoe\My Documents\pos2B5.tmp
C:\Documents and Settings\Zoe\My Documents\pos2B6.tmp
C:\Documents and Settings\Zoe\My Documents\pos2B7.tmp
C:\Documents and Settings\Zoe\My Documents\pos2B8.tmp
C:\Documents and Settings\Zoe\My Documents\pos2B9.tmp
C:\Documents and Settings\Zoe\My Documents\pos2BA.tmp
C:\Documents and Settings\Zoe\My Documents\pos2BB.tmp
C:\Documents and Settings\Zoe\My Documents\pos2BC.tmp
C:\Documents and Settings\Zoe\My Documents\pos2BD.tmp
C:\Documents and Settings\Zoe\My Documents\pos2BE.tmp
C:\Documents and Settings\Zoe\My Documents\pos2BF.tmp
C:\Documents and Settings\Zoe\My Documents\pos2C0.tmp
C:\Documents and Settings\Zoe\My Documents\pos2C1.tmp
C:\Documents and Settings\Zoe\My Documents\pos2C2.tmp
C:\Documents and Settings\Zoe\My Documents\pos2C3.tmp
C:\Documents and Settings\Zoe\My Documents\pos2C4.tmp
C:\Documents and Settings\Zoe\My Documents\pos2C5.tmp
C:\Documents and Settings\Zoe\My Documents\pos2C6.tmp
C:\Documents and Settings\Zoe\My Documents\pos2C7.tmp
C:\Documents and Settings\Zoe\My Documents\pos2C8.tmp
C:\Documents and Settings\Zoe\My Documents\pos2C9.tmp
C:\Documents and Settings\Zoe\My Documents\pos2CA.tmp
C:\Documents and Settings\Zoe\My Documents\pos2CB.tmp
C:\Documents and Settings\Zoe\My Documents\pos2CC.tmp
C:\Documents and Settings\Zoe\My Documents\pos2CD.tmp
C:\Documents and Settings\Zoe\My Documents\pos2CE.tmp
C:\Documents and Settings\Zoe\My Documents\pos2CF.tmp
C:\Documents and Settings\Zoe\My Documents\pos2D0.tmp
C:\Documents and Settings\Zoe\My Documents\pos2D1.tmp
C:\Documents and Settings\Zoe\My Documents\pos2D2.tmp
C:\Documents and Settings\Zoe\My Documents\pos2D3.tmp
C:\Documents and Settings\Zoe\My Documents\pos2D4.tmp
C:\Documents and Settings\Zoe\My Documents\pos2D5.tmp
C:\Documents and Settings\Zoe\My Documents\pos2D6.tmp
C:\Documents and Settings\Zoe\My Documents\pos2D7.tmp
C:\Documents and Settings\Zoe\My Documents\pos2D8.tmp
C:\Documents and Settings\Zoe\My Documents\pos2D9.tmp
C:\Documents and Settings\Zoe\My Documents\pos2DA.tmp
C:\Documents and Settings\Zoe\My Documents\pos2DB.tmp
C:\Documents and Settings\Zoe\My Documents\pos2DC.tmp
C:\Documents and Settings\Zoe\My Documents\pos2DD.tmp
C:\Documents and Settings\Zoe\My Documents\pos2DE.tmp
C:\Documents and Settings\Zoe\My Documents\pos2DF.tmp
C:\Documents and Settings\Zoe\My Documents\pos2E0.tmp
C:\Documents and Settings\Zoe\My Documents\pos2E1.tmp
C:\Documents and Settings\Zoe\My Documents\pos2E2.tmp
C:\Documents and Settings\Zoe\My Documents\pos2E3.tmp
C:\Documents and Settings\Zoe\My Documents\pos2E4.tmp
C:\Documents and Settings\Zoe\My Documents\pos2E5.tmp
C:\Documents and Settings\Zoe\My Documents\pos2E6.tmp
C:\Documents and Settings\Zoe\My Documents\pos2E7.tmp
C:\Documents and Settings\Zoe\My Documents\pos2E8.tmp
C:\Documents and Settings\Zoe\My Documents\pos2E9.tmp
C:\Documents and Settings\Zoe\My Documents\pos2EA.tmp
C:\Documents and Settings\Zoe\My Documents\pos2EB.tmp
C:\Documents and Settings\Zoe\My Documents\pos2EC.tmp
C:\Documents and Settings\Zoe\My Documents\pos2ED.tmp
C:\Documents and Settings\Zoe\My Documents\pos2EE.tmp
C:\Documents and Settings\Zoe\My Documents\pos2EF.tmp
C:\Documents and Settings\Zoe\My Documents\pos2F0.tmp
C:\Documents and Settings\Zoe\My Documents\pos2F1.tmp
C:\Documents and Settings\Zoe\My Documents\pos2F2.tmp
C:\Documents and Settings\Zoe\My Documents\pos2F3.tmp
C:\Documents and Settings\Zoe\My Documents\pos2F4.tmp
C:\Documents and Settings\Zoe\My Documents\pos2F5.tmp
C:\Documents and Settings\Zoe\My Documents\pos2F6.tmp
C:\Documents and Settings\Zoe\My Documents\pos2F7.tmp
C:\Documents and Settings\Zoe\My Documents\pos2F8.tmp
C:\Documents and Settings\Zoe\My Documents\pos2F9.tmp
C:\Documents and Settings\Zoe\My Documents\pos2FA.tmp
C:\Documents and Settings\Zoe\My Documents\pos2FB.tmp
C:\Documents and Settings\Zoe\My Documents\pos2FC.tmp
C:\Documents and Settings\Zoe\My Documents\pos2FD.tmp
C:\Documents and Settings\Zoe\My Documents\pos2FE.tmp
C:\Documents and Settings\Zoe\My Documents\pos2FF.tmp
C:\Documents and Settings\Zoe\My Documents\pos300.tmp
C:\Documents and Settings\Zoe\My Documents\pos301.tmp
C:\Documents and Settings\Zoe\My Documents\pos302.tmp
C:\Documents and Settings\Zoe\My Documents\pos303.tmp
C:\Documents and Settings\Zoe\My Documents\pos304.tmp
C:\Documents and Settings\Zoe\My Documents\pos305.tmp
C:\Documents and Settings\Zoe\My Documents\pos306.tmp
C:\Documents and Settings\Zoe\My Documents\pos307.tmp
C:\Documents and Settings\Zoe\My Documents\pos308.tmp
C:\Documents and Settings\Zoe\My Documents\pos309.tmp
C:\Documents and Settings\Zoe\My Documents\pos30A.tmp
C:\Documents and Settings\Zoe\My Documents\pos30B.tmp
C:\Documents and Settings\Zoe\My Documents\pos30C.tmp
C:\Documents and Settings\Zoe\My Documents\pos30D.tmp
C:\Documents and Settings\Zoe\My Documents\pos30E.tmp
C:\Documents and Settings\Zoe\My Documents\pos30F.tmp
C:\Documents and Settings\Zoe\My Documents\pos310.tmp
C:\Documents and Settings\Zoe\My Documents\pos311.tmp
C:\Documents and Settings\Zoe\My Documents\pos312.tmp
C:\Documents and Settings\Zoe\My Documents\pos313.tmp
C:\Documents and Settings\Zoe\My Documents\pos314.tmp
C:\Documents and Settings\Zoe\My Documents\pos315.tmp
C:\Documents and Settings\Zoe\My Documents\pos316.tmp
C:\Documents and Settings\Zoe\My Documents\pos317.tmp
C:\Documents and Settings\Zoe\My Documents\pos318.tmp
C:\Documents and Settings\Zoe\My Documents\pos319.tmp
C:\Documents and Settings\Zoe\My Documents\pos31A.tmp
C:\Documents and Settings\Zoe\My Documents\pos31B.tmp
C:\Documents and Settings\Zoe\My Documents\pos31C.tmp
C:\Documents and Settings\Zoe\My Documents\pos31D.tmp
C:\Documents and Settings\Zoe\My Documents\pos31E.tmp
C:\Documents and Settings\Zoe\My Documents\pos31F.tmp
C:\Documents and Settings\Zoe\My Documents\pos320.tmp
C:\Documents and Settings\Zoe\My Documents\pos321.tmp
C:\Documents and Settings\Zoe\My Documents\pos322.tmp
C:\Documents and Settings\Zoe\My Documents\pos323.tmp
C:\Documents and Settings\Zoe\My Documents\pos324.tmp
C:\Documents and Settings\Zoe\My Documents\pos325.tmp
C:\Documents and Settings\Zoe\My Documents\pos326.tmp
C:\Documents and Settings\Zoe\My Documents\pos327.tmp
C:\Documents and Settings\Zoe\My Documents\pos328.tmp
C:\Documents and Settings\Zoe\My Documents\pos329.tmp
C:\Documents and Settings\Zoe\My Documents\pos32A.tmp
C:\Documents and Settings\Zoe\My Documents\pos32B.tmp
C:\Documents and Settings\Zoe\My Documents\pos32C.tmp
C:\Documents and Settings\Zoe\My Documents\pos32D.tmp
C:\Documents and Settings\Zoe\My Documents\pos32E.tmp
C:\Documents and Settings\Zoe\My Documents\pos32F.tmp
C:\Documents and Settings\Zoe\My Documents\pos330.tmp
C:\Documents and Settings\Zoe\My Documents\pos331.tmp
C:\Documents and Settings\Zoe\My Documents\pos332.tmp
C:\Documents and Settings\Zoe\My Documents\pos333.tmp
C:\Documents and Settings\Zoe\My Documents\pos334.tmp
C:\Documents and Settings\Zoe\My Documents\pos335.tmp
C:\Documents and Settings\Zoe\My Documents\pos336.tmp
C:\Documents and Settings\Zoe\My Documents\pos337.tmp
C:\Documents and Settings\Zoe\My Documents\pos338.tmp
C:\Documents and Settings\Zoe\My Documents\pos339.tmp
C:\Documents and Settings\Zoe\My Documents\pos33A.tmp
C:\Documents and Settings\Zoe\My Documents\pos33B.tmp
C:\Documents and Settings\Zoe\My Documents\pos33C.tmp
C:\Documents and Settings\Zoe\My Documents\pos33D.tmp
C:\Documents and Settings\Zoe\My Documents\pos33E.tmp
C:\Documents and Settings\Zoe\My Documents\pos33F.tmp
C:\Documents and Settings\Zoe\My Documents\pos340.tmp
C:\Documents and Settings\Zoe\My Documents\pos341.tmp
C:\Documents and Settings\Zoe\My Documents\pos342.tmp
C:\Documents and Settings\Zoe\My Documents\pos343.tmp
C:\Documents and Settings\Zoe\My Documents\pos344.tmp
C:\Documents and Settings\Zoe\My Documents\pos345.tmp
C:\Documents and Settings\Zoe\My Documents\pos346.tmp
C:\Documents and Settings\Zoe\My Documents\pos347.tmp
C:\Documents and Settings\Zoe\My Documents\pos348.tmp
C:\Documents and Settings\Zoe\My Documents\pos349.tmp
C:\Documents and Settings\Zoe\My Documents\pos34A.tmp
C:\Documents and Settings\Zoe\My Documents\pos34B.tmp
C:\Documents and Settings\Zoe\My Documents\pos34C.tmp
C:\Documents and Settings\Zoe\My Documents\pos34D.tmp
C:\Documents and Settings\Zoe\My Documents\pos34E.tmp
C:\Documents and Settings\Zoe\My Documents\pos34F.tmp
C:\Documents and Settings\Zoe\My Documents\pos350.tmp
C:\Documents and Settings\Zoe\My Documents\pos351.tmp
C:\Documents and Settings\Zoe\My Documents\pos352.tmp
C:\Documents and Settings\Zoe\My Documents\pos353.tmp
C:\Documents and Settings\Zoe\My Documents\pos354.tmp
C:\Documents and Settings\Zoe\My Documents\pos355.tmp
C:\Documents and Settings\Zoe\My Documents\pos356.tmp
C:\Documents and Settings\Zoe\My Documents\pos357.tmp
C:\Documents and Settings\Zoe\My Documents\pos358.tmp
C:\Documents and Settings\Zoe\My Documents\pos359.tmp
C:\Documents and Settings\Zoe\My Documents\pos35A.tmp
C:\Documents and Settings\Zoe\My Documents\pos35B.tmp
C:\Documents and Settings\Zoe\My Documents\pos35C.tmp
C:\Documents and Settings\Zoe\My Documents\pos35D.tmp
C:\Documents and Settings\Zoe\My Documents\pos35E.tmp
C:\Documents and Settings\Zoe\My Documents\pos35F.tmp
C:\Documents and Settings\Zoe\My Documents\pos360.tmp
C:\Documents and Settings\Zoe\My Documents\pos361.tmp
C:\Documents and Settings\Zoe\My Documents\pos362.tmp
C:\Documents and Settings\Zoe\My Documents\pos363.tmp
C:\Documents and Settings\Zoe\My Documents\pos364.tmp
C:\Documents and Settings\Zoe\My Documents\pos365.tmp
C:\Documents and Settings\Zoe\My Documents\pos366.tmp
C:\Documents and Settings\Zoe\My Documents\pos367.tmp
C:\Documents and Settings\Zoe\My Documents\pos368.tmp
C:\Documents and Settings\Zoe\My Documents\pos369.tmp
C:\Documents and Settings\Zoe\My Documents\pos36A.tmp
C:\Documents and Settings\Zoe\My Documents\pos36B.tmp
C:\Documents and Settings\Zoe\My Documents\pos36C.tmp
C:\Documents and Settings\Zoe\My Documents\pos36D.tmp
C:\Documents and Settings\Zoe\My Documents\pos36E.tmp
C:\Documents and Settings\Zoe\My Documents\pos36F.tmp
C:\Documents and Settings\Zoe\My Documents\pos370.tmp
C:\Documents and Settings\Zoe\My Documents\pos371.tmp
C:\Documents and Settings\Zoe\My Documents\pos372.tmp
C:\Documents and Settings\Zoe\My Documents\pos373.tmp
C:\Documents and Settings\Zoe\My Documents\pos374.tmp
C:\Documents and Settings\Zoe\My Documents\pos375.tmp
C:\Documents and Settings\Zoe\My Documents\pos376.tmp
C:\Documents and Settings\Zoe\My Documents\pos377.tmp
C:\Documents and Settings\Zoe\My Documents\pos378.tmp
C:\Documents and Settings\Zoe\My Documents\pos379.tmp
C:\Documents and Settings\Zoe\My Documents\pos37A.tmp
C:\Documents and Settings\Zoe\My Documents\pos37B.tmp
C:\Documents and Settings\Zoe\My Documents\pos37C.tmp
C:\Documents and Settings\Zoe\My Documents\pos37D.tmp
C:\Documents and Settings\Zoe\My Documents\pos37E.tmp
C:\Document

Attached Files

  • Attached File  log.txt   155.21KB   116 downloads

  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Your PC has a lot of infections

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\bnjbvid .exe
C:\WINDOWS\SYSTEM32\refnoqjp.ini
C:\WINDOWS\titmpyte.dll
C:\WINDOWS\bmnmtqlc.exe
C:\fypif.exe
C:\WINDOWS\SYSTEM32\DRIVERS\astq.tga
C:\ttgkdaab.exe
C:\WINDOWS\Help\apnima.bak1
C:\WINDOWS\Help\apnima.bak2
C:\WINDOWS\Help\apnima.ini2

Folder::
C:\Documents and Settings\OiSiN\Application Data\hidires
C:\-1199931731

RenV::
----a-w 10,752 2008-01-24 01:24:17 C:\bnjbvid .exe
----a-w 79,224 2008-01-24 01:24:14 C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w 1,404,928 2008-01-24 21:37:43 C:\Program Files\Analog Devices\Core\smax4pnp .exe
----a-w 73,728 2008-01-24 21:37:41 C:\Program Files\ClamWin\bin\ClamTray .exe
----a-w 1,421,824 2008-01-24 01:24:18 C:\Program Files\PeerGuardian2\pg2 .exe
----a-w 1,266,936 2008-01-24 01:24:19 C:\Program Files\Steam\steam .exe
----a-w 15,872 2008-01-24 21:37:41 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 15,360 2008-01-24 01:24:19 C:\WINDOWS\SYSTEM32\ctfmon .exe

Driver::
SoRa01


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

  • 0

#6
0isin

0isin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
heres the new log:

ComboFix 08-01-23.1C - OiSiN 2008-01-28 15:02:02.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.178 [GMT -5:00]
Running from: C:\Documents and Settings\OiSiN\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\OiSiN\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\bnjbvid .exe
C:\fypif.exe
C:\ttgkdaab.exe
C:\WINDOWS\bmnmtqlc.exe
C:\WINDOWS\Help\apnima.bak1
C:\WINDOWS\Help\apnima.bak2
C:\WINDOWS\Help\apnima.ini2
C:\WINDOWS\SYSTEM32\DRIVERS\astq.tga
C:\WINDOWS\SYSTEM32\refnoqjp.ini
C:\WINDOWS\titmpyte.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1199931731\
C:\fypif.exe
C:\ttgkdaab.exe
C:\WINDOWS\bmnmtqlc.exe
C:\WINDOWS\Help\apnima.bak1
C:\WINDOWS\Help\apnima.bak2
C:\WINDOWS\Help\apnima.ini2
C:\WINDOWS\SYSTEM32\DRIVERS\astq.tga
C:\WINDOWS\SYSTEM32\refnoqjp.ini
C:\WINDOWS\titmpyte.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SORA01
-------\SoRa01


((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.

2008-01-26 22:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 16:36 . 2008-01-27 17:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 16:35 . 2008-01-26 16:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 10:45 . 2008-01-26 10:45 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-25 23:06 . 2008-01-25 23:08 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-24 21:48 . 2008-01-24 21:48 <DIR> d-------- C:\Program Files\TVUPlayer
2008-01-23 20:24 . 2008-01-23 20:24 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2008-01-23 20:24 . 2008-01-23 20:24 10,752 --a------ C:\bnjbvid.exe
2008-01-21 23:38 . 2008-01-21 23:38 2 --a------ C:\-1199931731
2008-01-21 20:56 . 2008-01-21 23:32 <DIR> d-------- C:\Program Files\MP3 WAV Converter
2008-01-21 20:56 . 2002-09-12 16:04 1,269,760 --a------ C:\WINDOWS\SYSTEM32\ASTAudioFile.dll
2008-01-21 20:56 . 2002-09-12 17:55 1,200,128 --a------ C:\WINDOWS\SYSTEM32\ASTAudioInformation.dll
2008-01-21 20:56 . 1999-05-21 16:37 992,384 --a------ C:\WINDOWS\SYSTEM32\fpSpr30.ocx
2008-01-21 20:56 . 2008-01-21 23:32 2 --a------ C:\WINDOWS\SYSTEM32\RICHTX.DEP
2008-01-21 17:49 . 2008-01-21 23:50 4,613 --a------ C:\WINDOWS\cool.ini
2008-01-21 17:48 . 2008-01-21 17:50 <DIR> d-------- C:\cool
2008-01-21 17:48 . 1997-04-29 08:06 140,288 --a------ C:\WINDOWS\SYSTEM32\ra3214_4.dll
2008-01-21 17:48 . 1997-05-01 15:01 127,023 --a------ C:\WINDOWS\c96unins.exe
2008-01-21 17:48 . 1997-04-29 08:06 90,624 --a------ C:\WINDOWS\SYSTEM32\pnc32301.dll
2008-01-21 17:48 . 1997-04-29 08:06 85,504 --a------ C:\WINDOWS\SYSTEM32\encdnet.dll
2008-01-21 17:48 . 1997-04-29 08:06 72,704 --a------ C:\WINDOWS\SYSTEM32\ra3228_8.dll
2008-01-21 17:48 . 1997-04-29 08:06 13,824 --a------ C:\WINDOWS\SYSTEM32\ra32dnet.dll
2008-01-21 17:25 . 2008-01-21 17:25 <DIR> d-------- C:\Program Files\HammerHead
2008-01-17 07:31 . 2008-01-17 07:31 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-01-17 07:31 . 2008-01-17 07:32 <DIR> d-------- C:\Program Files\Canon
2008-01-17 07:24 . 2005-09-02 04:59 117,760 -ra------ C:\WINDOWS\SYSTEM32\CNDPTPU.dll
2008-01-17 07:24 . 2005-09-02 05:10 63,488 -ra------ C:\WINDOWS\SYSTEM32\CNDPTPC.dll
2008-01-15 21:19 . 2008-01-21 18:22 <DIR> d-------- C:\Program Files\Gish
2008-01-02 01:45 . 2008-01-02 01:45 <DIR> d-------- C:\ijji
2008-01-02 01:26 . 2008-01-02 01:51 <DIR> d-------- C:\Program Files\softnyx
2007-12-28 03:16 . 2007-12-28 03:17 <DIR> d-------- C:\Pandora

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 20:02 --------- d-----w C:\Program Files\Steam
2008-01-28 20:02 --------- d-----w C:\Program Files\PeerGuardian2
2008-01-26 22:58 --------- d-----w C:\Program Files\Cheat Engine
2008-01-26 20:45 --------- d-----w C:\Program Files\Global Defense Network
2008-01-26 19:53 --------- d-----w C:\Program Files\StepMania
2008-01-26 17:12 --------- d-----w C:\Program Files\Three Rings Design
2008-01-26 09:04 --------- d-----w C:\Program Files\QuickTime
2008-01-26 09:01 --------- d-----w C:\Program Files\MSN Messenger
2008-01-26 04:07 --------- d-----w C:\Program Files\Trend Micro
2008-01-25 20:38 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-24 22:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 22:18 --------- d-----w C:\Program Files\Microsoft Games
2008-01-24 22:17 --------- d-----w C:\Program Files\Silkroad
2008-01-24 22:16 --------- d-----w C:\Program Files\De Blob
2008-01-24 22:13 --------- d-----w C:\Program Files\Activision
2008-01-24 03:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-21 22:49 --------- d-----w C:\Program Files\Sony
2008-01-21 22:48 --------- d-----w C:\Program Files\Sony Setup
2008-01-15 01:39 102,400 ----a-w C:\WINDOWS\DUMPcff2.tmp
2007-12-27 19:09 --------- d-----w C:\Program Files\MARS
2007-12-27 19:09 --------- d-----w C:\Program Files\ArcSoft
2007-12-26 19:51 --------- d-----w C:\Program Files\sz8033
2007-12-23 05:55 --------- d-----w C:\Program Files\ATI Technologies
2007-12-23 05:26 --------- d-----w C:\Program Files\Ubisoft
2007-12-23 05:25 --------- d-----w C:\Program Files\EA SPORTS
2007-12-23 05:21 --------- d-----w C:\Program Files\EA GAMES
2007-12-23 05:17 --------- d-----w C:\Program Files\America's Army Server Manager
2007-12-21 23:51 --------- d-----w C:\Program Files\Sierra On-Line
2007-12-21 23:51 --------- d-----w C:\Program Files\Real
2007-12-18 02:40 --------- d-----w C:\Program Files\uTorrent
2007-12-17 14:52 --------- d-----w C:\Program Files\Frets on Fire
2007-12-15 17:15 --------- d-----w C:\Program Files\Riva
2007-12-13 23:34 --------- d-----w C:\Program Files\Bullet Candy
2007-12-10 21:40 --------- d-----w C:\Program Files\Banshee Screamer Alarm
2007-12-07 16:55 --------- d-----w C:\Program Files\Free Download Manager
2007-12-06 17:56 --------- d-----w C:\Program Files\MegaPremium Link Maker
2007-12-06 08:53 --------- d-----w C:\Program Files\Game_Maker7
2007-12-06 08:38 --------- d-----w C:\Program Files\GameTap
2007-12-05 14:26 --------- d-----w C:\Program Files\OpenVideoJoiner
2007-12-05 09:16 --------- d-----w C:\Program Files\AliveMedia
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 02:16 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-03 08:44 --------- d-----w C:\Program Files\Volume Logic iTunes Plug-in
2007-12-03 08:44 --------- d-----w C:\Program Files\iTunes
2007-12-01 11:45 --------- d-s---w C:\Program Files\Xfire
2007-12-01 06:54 --------- d-----w C:\Program Files\AVSEdit
2007-11-29 14:29 --------- d-----w C:\Program Files\Microangelo Toolset 6
2007-11-28 15:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
1998-04-24 05:00 1,078 ------w C:\Program Files\Common Files\RECYFULL.ICO
.

((((((((((((((((((((((((((((( [email protected]_23.05.54.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-27 03:22:13 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-28 20:01:35 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-27 03:22:13 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-28 20:01:35 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-27 03:22:13 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-28 20:01:35 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-27 03:22:13 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-28 20:01:35 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-27 03:22:16 17,469,440 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-28 20:01:36 17,469,440 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-27 03:22:16 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-28 20:01:36 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2008-01-23 20:24 1421824]
"Steam"="c:\program files\steam\steam.exe" [2008-01-23 20:24 1266936]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-23 20:24 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-23 20:24 79224]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-01-24 16:37 73728]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-01-24 16:37 15872]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-23 20:24 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aminpa]
C:\WINDOWS\Help\aminpa.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^THDetect.exe]
backup=C:\WINDOWS\pss\THDetect.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 11:06 11776 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"drvsyskit"=C:\Documents and Settings\OiSiN\Application Data\hidires\hidr.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HostManager"=C:\Program Files\Common Files\AOL\1162419055\ee\AOLSoftware.exe
"IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
"InfoData"=rundll32.exe "C:\WINDOWS\system32\cpubguss.dll",realset
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-10-19 20:19]
R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2007-12-04 05:15]
R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-09-27 08:57]
S1 astq;astq;C:\WINDOWS\system32\drivers\astq.tga []
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 cheetah1;Cheetah1;C:\Documents and Settings\OiSiN\Desktop\Cheetah Engine 2.0\cheetahrules.sys []
S3 DADriv1;DADriv1;C:\Documents and Settings\OiSiN\Desktop\MapleStory hacks and crap\DaEngine\DAK32.sys []
S3 geebers12;geebers12;C:\Buffy Engine 2.1\nvid888.sys [2007-05-03 14:37]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 11:11]
S3 Phal;Phal - Logitech io2 USB driver;C:\WINDOWS\system32\Drivers\LPhalUsb.sys [2004-06-24 20:27]
S3 sejt1;sejt1;C:\DOCUME~1\OiSiN\LOCALS~1\Temp\Rar$EX00.188\AkumaEngine33\sejt.sys []
S3 UCEDRIVER53;UCEDRIVER53;C:\Program Files\Ultimate Hack Pack\UCE\cetc.sys [2006-06-14 00:47]
S3 zenx1;zenx1;C:\DOCUME~1\OiSiN\LOCALS~1\Temp\Rar$EX02.797\MHSK\ZenxEngine\zenx.sys []

*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2007-02-02 16:35:39 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-01-28 20:23:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 15:24:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Completion time: 2008-01-28 15:35:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-28 20:35:12
ComboFix2.txt 2008-01-27 04:07:15
.
2008-01-09 01:40:51 --- E O F ---
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.



CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "C:\bnjbvid.exe"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:


    • C:\bnjbvid.exe

  • Click Open.
  • Click Post.
Thank you!




1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\bnjbvid.exe
C:\WINDOWS\Help\aminpa.dll

Folder::
C:\-1199931731
C:\Documents and Settings\OiSiN\Application Data\hidires

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aminpa]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"drvsyskit"=-

Driver::
astq


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

  • 0

#8
0isin

0isin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
hey, um... my computer wont run in Safe Mode, it just wont run. when i start to run it, it says after loading all of the ofther info "press ecs to stop STSD from starting" i think it said that. notice in my report how it says,[red] SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[red]

any suggestions?

Edited by 0isin, 28 January 2008 - 03:21 PM.

  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Sorry forgot about that

Go do the other steps for the time being. We will come back to that
  • 0

#10
0isin

0isin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
alright , thanks again :)
  • 0

Advertisements


#11
0isin

0isin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
so yea, i did everything else. heres the new combofix log

ComboFix 08-01-23.1C - OiSiN 2008-01-28 16:27:53.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.105 [GMT -5:00]
Running from: C:\Documents and Settings\OiSiN\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\OiSiN\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\bnjbvid.exe
C:\WINDOWS\Help\aminpa.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1199931731\
C:\bnjbvid.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\astq


((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.

2008-01-28 15:56 . 2008-01-28 15:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-28 15:56 . 2008-01-28 15:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-26 22:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 16:36 . 2008-01-27 17:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 16:35 . 2008-01-26 16:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 10:45 . 2008-01-26 10:45 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-25 23:06 . 2008-01-25 23:08 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-24 21:48 . 2008-01-24 21:48 <DIR> d-------- C:\Program Files\TVUPlayer
2008-01-23 20:24 . 2008-01-23 20:24 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2008-01-21 23:38 . 2008-01-21 23:38 2 --a------ C:\-1199931731
2008-01-21 20:56 . 2008-01-21 23:32 <DIR> d-------- C:\Program Files\MP3 WAV Converter
2008-01-21 20:56 . 2002-09-12 16:04 1,269,760 --a------ C:\WINDOWS\SYSTEM32\ASTAudioFile.dll
2008-01-21 20:56 . 2002-09-12 17:55 1,200,128 --a------ C:\WINDOWS\SYSTEM32\ASTAudioInformation.dll
2008-01-21 20:56 . 1999-05-21 16:37 992,384 --a------ C:\WINDOWS\SYSTEM32\fpSpr30.ocx
2008-01-21 20:56 . 2008-01-21 23:32 2 --a------ C:\WINDOWS\SYSTEM32\RICHTX.DEP
2008-01-21 17:49 . 2008-01-21 23:50 4,613 --a------ C:\WINDOWS\cool.ini
2008-01-21 17:48 . 2008-01-21 17:50 <DIR> d-------- C:\cool
2008-01-21 17:48 . 1997-04-29 08:06 140,288 --a------ C:\WINDOWS\SYSTEM32\ra3214_4.dll
2008-01-21 17:48 . 1997-05-01 15:01 127,023 --a------ C:\WINDOWS\c96unins.exe
2008-01-21 17:48 . 1997-04-29 08:06 90,624 --a------ C:\WINDOWS\SYSTEM32\pnc32301.dll
2008-01-21 17:48 . 1997-04-29 08:06 85,504 --a------ C:\WINDOWS\SYSTEM32\encdnet.dll
2008-01-21 17:48 . 1997-04-29 08:06 72,704 --a------ C:\WINDOWS\SYSTEM32\ra3228_8.dll
2008-01-21 17:48 . 1997-04-29 08:06 13,824 --a------ C:\WINDOWS\SYSTEM32\ra32dnet.dll
2008-01-21 17:25 . 2008-01-21 17:25 <DIR> d-------- C:\Program Files\HammerHead
2008-01-17 07:31 . 2008-01-17 07:31 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-01-17 07:31 . 2008-01-17 07:32 <DIR> d-------- C:\Program Files\Canon
2008-01-17 07:24 . 2005-09-02 04:59 117,760 -ra------ C:\WINDOWS\SYSTEM32\CNDPTPU.dll
2008-01-17 07:24 . 2005-09-02 05:10 63,488 -ra------ C:\WINDOWS\SYSTEM32\CNDPTPC.dll
2008-01-15 21:19 . 2008-01-21 18:22 <DIR> d-------- C:\Program Files\Gish
2008-01-02 01:45 . 2008-01-02 01:45 <DIR> d-------- C:\ijji
2008-01-02 01:26 . 2008-01-02 01:51 <DIR> d-------- C:\Program Files\softnyx
2007-12-28 03:16 . 2007-12-28 03:17 <DIR> d-------- C:\Pandora

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 21:56 --------- d-----w C:\Program Files\Steam
2008-01-28 21:32 --------- d-----w C:\Program Files\PeerGuardian2
2008-01-26 22:58 --------- d-----w C:\Program Files\Cheat Engine
2008-01-26 20:45 --------- d-----w C:\Program Files\Global Defense Network
2008-01-26 19:53 --------- d-----w C:\Program Files\StepMania
2008-01-26 17:12 --------- d-----w C:\Program Files\Three Rings Design
2008-01-26 09:04 --------- d-----w C:\Program Files\QuickTime
2008-01-26 09:01 --------- d-----w C:\Program Files\MSN Messenger
2008-01-26 04:07 --------- d-----w C:\Program Files\Trend Micro
2008-01-25 20:38 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-24 22:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 22:18 --------- d-----w C:\Program Files\Microsoft Games
2008-01-24 22:17 --------- d-----w C:\Program Files\Silkroad
2008-01-24 22:16 --------- d-----w C:\Program Files\De Blob
2008-01-24 22:13 --------- d-----w C:\Program Files\Activision
2008-01-24 03:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-21 22:49 --------- d-----w C:\Program Files\Sony
2008-01-21 22:48 --------- d-----w C:\Program Files\Sony Setup
2008-01-15 01:39 102,400 ----a-w C:\WINDOWS\DUMPcff2.tmp
2007-12-27 19:09 --------- d-----w C:\Program Files\MARS
2007-12-27 19:09 --------- d-----w C:\Program Files\ArcSoft
2007-12-26 19:51 --------- d-----w C:\Program Files\sz8033
2007-12-23 05:55 --------- d-----w C:\Program Files\ATI Technologies
2007-12-23 05:26 --------- d-----w C:\Program Files\Ubisoft
2007-12-23 05:25 --------- d-----w C:\Program Files\EA SPORTS
2007-12-23 05:21 --------- d-----w C:\Program Files\EA GAMES
2007-12-23 05:17 --------- d-----w C:\Program Files\America's Army Server Manager
2007-12-21 23:51 --------- d-----w C:\Program Files\Sierra On-Line
2007-12-21 23:51 --------- d-----w C:\Program Files\Real
2007-12-18 02:40 --------- d-----w C:\Program Files\uTorrent
2007-12-17 14:52 --------- d-----w C:\Program Files\Frets on Fire
2007-12-15 17:15 --------- d-----w C:\Program Files\Riva
2007-12-13 23:34 --------- d-----w C:\Program Files\Bullet Candy
2007-12-10 21:40 --------- d-----w C:\Program Files\Banshee Screamer Alarm
2007-12-07 16:55 --------- d-----w C:\Program Files\Free Download Manager
2007-12-06 17:56 --------- d-----w C:\Program Files\MegaPremium Link Maker
2007-12-06 08:53 --------- d-----w C:\Program Files\Game_Maker7
2007-12-06 08:38 --------- d-----w C:\Program Files\GameTap
2007-12-05 14:26 --------- d-----w C:\Program Files\OpenVideoJoiner
2007-12-05 09:16 --------- d-----w C:\Program Files\AliveMedia
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 02:16 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-03 08:44 --------- d-----w C:\Program Files\Volume Logic iTunes Plug-in
2007-12-03 08:44 --------- d-----w C:\Program Files\iTunes
2007-12-01 11:45 --------- d-s---w C:\Program Files\Xfire
2007-12-01 06:54 --------- d-----w C:\Program Files\AVSEdit
2007-11-29 14:29 --------- d-----w C:\Program Files\Microangelo Toolset 6
2007-11-28 15:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
1998-04-24 05:00 1,078 ------w C:\Program Files\Common Files\RECYFULL.ICO
.

((((((((((((((((((((((((((((( [email protected]_23.05.54.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-27 03:22:13 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-28 21:27:44 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-27 03:22:13 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-28 21:27:44 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-27 03:22:13 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-28 21:27:44 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-27 03:22:13 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-28 21:27:44 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-27 03:22:16 17,469,440 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-28 21:27:45 17,469,440 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-27 03:22:16 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-28 21:27:45 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2008-01-23 20:24 1421824]
"Steam"="c:\program files\steam\steam.exe" [2008-01-23 20:24 1266936]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-23 20:24 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-23 20:24 79224]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-01-24 16:37 73728]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-01-24 16:37 15872]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-23 20:24 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aminpa]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^THDetect.exe]
backup=C:\WINDOWS\pss\THDetect.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 11:06 11776 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HostManager"=C:\Program Files\Common Files\AOL\1162419055\ee\AOLSoftware.exe
"IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
"InfoData"=rundll32.exe "C:\WINDOWS\system32\cpubguss.dll",realset
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-10-19 20:19]
R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2007-12-04 05:15]
R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-09-27 08:57]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 cheetah1;Cheetah1;C:\Documents and Settings\OiSiN\Desktop\Cheetah Engine 2.0\cheetahrules.sys []
S3 DADriv1;DADriv1;C:\Documents and Settings\OiSiN\Desktop\MapleStory hacks and crap\DaEngine\DAK32.sys []
S3 geebers12;geebers12;C:\Buffy Engine 2.1\nvid888.sys [2007-05-03 14:37]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 11:11]
S3 Phal;Phal - Logitech io2 USB driver;C:\WINDOWS\system32\Drivers\LPhalUsb.sys [2004-06-24 20:27]
S3 sejt1;sejt1;C:\DOCUME~1\OiSiN\LOCALS~1\Temp\Rar$EX00.188\AkumaEngine33\sejt.sys []
S3 UCEDRIVER53;UCEDRIVER53;C:\Program Files\Ultimate Hack Pack\UCE\cetc.sys [2006-06-14 00:47]
S3 zenx1;zenx1;C:\DOCUME~1\OiSiN\LOCALS~1\Temp\Rar$EX02.797\MHSK\ZenxEngine\zenx.sys []

.
Contents of the 'Scheduled Tasks' folder
"2007-02-02 16:35:39 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-01-28 21:56:27 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 16:56:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Completion time: 2008-01-28 17:07:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-28 22:07:29
ComboFix2.txt 2008-01-28 20:35:17
ComboFix3.txt 2008-01-27 04:07:15
.
2008-01-09 01:40:51 --- E O F ---
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Delete your version of ComboFix.exe and the folder C:\qoobox then do this


Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#13
0isin

0isin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok, i downloaded the stuff, now i have the new combofix. heres its log.

ComboFix 08-01-30.1 - OiSiN 2008-01-29 16:37:53.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.117 [GMT -5:00]
Running from: C:\Documents and Settings\OiSiN\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-28 15:56 . 2008-01-28 17:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-28 15:56 . 2008-01-28 15:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-26 23:09 . 2008-01-26 23:09 <DIR> d-------- C:\Documents and Settings\OiSiN\DoctorWeb
2008-01-26 16:36 . 2008-01-27 17:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 16:36 . 2008-01-26 16:36 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\SUPERAntiSpyware.com
2008-01-26 16:36 . 2008-01-26 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-26 16:35 . 2008-01-26 16:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 10:45 . 2008-01-26 10:45 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-25 23:06 . 2008-01-29 16:32 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-25 23:06 . 2008-01-26 00:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-25 15:37 . 2008-01-25 15:37 <DIR> d-------- C:\Documents and Settings\Gabi Sanio\Application Data\Thunderbird
2008-01-24 21:48 . 2008-01-24 21:48 <DIR> d-------- C:\Program Files\TVUPlayer
2008-01-24 21:48 . 2008-01-24 21:48 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\TVU networks
2008-01-24 21:48 . 2008-01-24 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-01-23 20:24 . 2008-01-23 20:24 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2008-01-21 23:38 . 2008-01-21 23:38 2 --a------ C:\-1199931731
2008-01-21 20:56 . 2008-01-21 23:32 <DIR> d-------- C:\Program Files\MP3 WAV Converter
2008-01-21 20:56 . 2002-09-12 16:04 1,269,760 --a------ C:\WINDOWS\SYSTEM32\ASTAudioFile.dll
2008-01-21 20:56 . 2002-09-12 17:55 1,200,128 --a------ C:\WINDOWS\SYSTEM32\ASTAudioInformation.dll
2008-01-21 20:56 . 1999-05-21 16:37 992,384 --a------ C:\WINDOWS\SYSTEM32\fpSpr30.ocx
2008-01-21 20:56 . 2008-01-21 23:32 2 --a------ C:\WINDOWS\SYSTEM32\RICHTX.DEP
2008-01-21 17:56 . 2008-01-21 17:56 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\Publish Providers
2008-01-21 17:56 . 2008-01-21 21:45 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\NetMedia Providers
2008-01-21 17:49 . 2008-01-21 23:50 4,613 --a------ C:\WINDOWS\cool.ini
2008-01-21 17:48 . 2008-01-21 17:50 <DIR> d-------- C:\cool
2008-01-21 17:48 . 1997-04-29 08:06 140,288 --a------ C:\WINDOWS\SYSTEM32\ra3214_4.dll
2008-01-21 17:48 . 1997-05-01 15:01 127,023 --a------ C:\WINDOWS\c96unins.exe
2008-01-21 17:48 . 1997-04-29 08:06 90,624 --a------ C:\WINDOWS\SYSTEM32\pnc32301.dll
2008-01-21 17:48 . 1997-04-29 08:06 85,504 --a------ C:\WINDOWS\SYSTEM32\encdnet.dll
2008-01-21 17:48 . 1997-04-29 08:06 72,704 --a------ C:\WINDOWS\SYSTEM32\ra3228_8.dll
2008-01-21 17:48 . 1997-04-29 08:06 13,824 --a------ C:\WINDOWS\SYSTEM32\ra32dnet.dll
2008-01-21 17:25 . 2008-01-21 17:25 <DIR> d-------- C:\Program Files\HammerHead
2008-01-17 07:31 . 2008-01-17 07:31 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-01-17 07:31 . 2008-01-17 07:32 <DIR> d-------- C:\Program Files\Canon
2008-01-17 07:24 . 2005-09-02 04:59 117,760 -ra------ C:\WINDOWS\SYSTEM32\CNDPTPU.dll
2008-01-17 07:24 . 2005-09-02 05:10 63,488 -ra------ C:\WINDOWS\SYSTEM32\CNDPTPC.dll
2008-01-15 21:19 . 2008-01-21 18:22 <DIR> d-------- C:\Program Files\Gish
2008-01-02 01:45 . 2008-01-02 01:45 <DIR> d-------- C:\ijji
2008-01-02 01:45 . 2008-01-02 01:45 <DIR> d--h----- C:\Documents and Settings\OiSiN\Application Data\ijjigame
2008-01-02 01:44 . 2008-01-02 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-01-02 01:26 . 2008-01-02 01:51 <DIR> d-------- C:\Program Files\softnyx
2007-12-28 03:16 . 2007-12-28 03:17 <DIR> d-------- C:\Pandora
2007-12-27 14:11 . 2007-12-27 14:13 37 --a------ C:\WINDOWS\marscam.ini
2007-12-27 14:10 . 2001-10-16 10:23 163,840 --a------ C:\WINDOWS\SYSTEM32\PhotoImpression Screen Saver.scr
2007-12-27 14:09 . 2007-12-27 14:09 <DIR> d-------- C:\Program Files\MARS
2007-12-27 14:09 . 2007-12-27 14:09 <DIR> d-------- C:\Program Files\ArcSoft
2007-12-27 14:09 . 2001-05-30 00:00 352,256 --a------ C:\WINDOWS\SYSTEM32\ijl15.dll
2007-12-27 14:09 . 2005-03-15 17:25 127,574 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MR97310c.sys
2007-12-27 14:09 . 2004-05-11 14:06 102,400 --a------ C:\WINDOWS\SYSTEM32\mr310ifc.dll
2007-12-27 14:09 . 2005-02-03 15:21 73,728 --a------ C:\WINDOWS\SYSTEM32\mr310ipc.dll
2007-12-27 14:09 . 2001-10-12 10:57 36,864 --a------ C:\WINDOWS\SYSTEM32\mr310exv.dll
2007-12-27 14:09 . 2001-10-12 10:58 28,672 --a------ C:\WINDOWS\SYSTEM32\mr310exd.dll
2007-12-27 14:09 . 2000-12-07 10:13 15,164 --a------ C:\WINDOWS\mr310twc.ini
2007-12-27 14:09 . 2002-04-12 15:31 12,106 --a------ C:\WINDOWS\mr310twc.src
2007-12-26 14:52 . 2007-12-26 14:52 <DIR> d-------- C:\Documents and Settings\Fiachra\Application Data\School Zone Preferences
2007-12-26 14:51 . 2007-12-26 14:51 <DIR> d-------- C:\Program Files\sz8033
2007-12-26 14:34 . 2007-12-26 14:34 <DIR> d-------- C:\Documents and Settings\Fiachra\Application Data\ATI
2007-12-25 12:24 . 2007-12-25 12:24 <DIR> d-------- C:\Documents and Settings\Zoe\Application Data\ATI
2007-12-24 12:51 . 2007-12-24 12:51 71,667 --a------ C:\noobsahead.jpg
2007-12-23 18:46 . 2007-12-23 18:46 <DIR> d-------- C:\Documents and Settings\Gabi Sanio\Application Data\ATI
2007-12-23 10:47 . 2007-12-23 10:47 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\ATI
2007-12-23 10:47 . 2007-12-23 10:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-12-23 00:53 . 2007-12-23 00:55 <DIR> d-------- C:\Program Files\ATI Technologies
2007-12-23 00:53 . 2007-12-05 14:17 593,920 --a------ C:\WINDOWS\SYSTEM32\ati2sgag.exe
2007-12-22 02:18 . 2008-01-29 16:31 <DIR> d-------- C:\Program Files\Steam
2007-12-21 18:51 . 2007-12-21 18:51 <DIR> d-------- C:\Program Files\Sierra On-Line
2007-12-19 16:42 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\SYSTEM32\d3dx9_35.dll
2007-12-17 21:40 . 2007-12-17 21:40 <DIR> d-------- C:\Program Files\uTorrent
2007-12-17 09:52 . 2007-12-17 09:52 <DIR> d-------- C:\Program Files\Frets on Fire
2007-12-17 09:52 . 2007-12-17 09:52 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\fretsonfire
2007-12-15 12:15 . 2007-12-15 12:15 <DIR> d-------- C:\Program Files\Riva
2007-12-15 11:48 . 2008-01-30 16:45 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-12-13 18:34 . 2007-12-13 18:34 <DIR> d-------- C:\Program Files\Bullet Candy
2007-12-11 18:18 . 2007-12-11 18:18 <DIR> d-------- C:\GMouse20
2007-12-10 04:37 . 2007-12-10 16:40 <DIR> d-------- C:\Program Files\Banshee Screamer Alarm
2007-12-08 07:21 . 2007-12-08 07:21 <DIR> d-------- C:\Documents and Settings\Gabi Sanio\Application Data\MEGAUPLOADTOOLBAR
2007-12-08 04:26 . 2007-12-15 13:54 50 --a------ C:\WINDOWS\MegaManager.INI
2007-12-08 03:44 . 2007-12-08 03:44 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\Megaupload
2007-12-07 11:55 . 2008-01-28 22:21 <DIR> d-------- C:\Program Files\Free Download Manager
2007-12-07 11:55 . 2008-01-28 22:26 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\Free Download Manager
2007-12-07 11:55 . 2007-12-07 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2007-12-06 12:56 . 2007-12-06 12:56 <DIR> d-------- C:\Program Files\MegaPremium Link Maker
2007-12-06 03:53 . 2007-12-06 03:53 <DIR> d-------- C:\Program Files\Game_Maker7
2007-12-06 03:38 . 2007-12-06 03:38 <DIR> d-------- C:\Program Files\GameTap
2007-12-06 03:38 . 2007-12-06 03:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameTap
2007-12-05 09:26 . 2007-12-05 09:26 <DIR> d-------- C:\Program Files\OpenVideoJoiner
2007-12-05 04:16 . 2007-12-05 04:16 <DIR> d-------- C:\Program Files\AliveMedia
2007-12-04 22:05 . 2007-12-04 22:05 368,640 --a------ C:\WINDOWS\SYSTEM32\ATIDEMGX.dll
2007-12-04 21:48 . 2007-12-04 21:48 9,535,488 --a------ C:\WINDOWS\SYSTEM32\atioglx2.dll
2007-12-04 21:33 . 2007-12-04 21:33 3,107,788 --a------ C:\WINDOWS\SYSTEM32\ativvaxx.dat
2007-12-04 21:33 . 2007-12-04 21:33 3,107,788 --a------ C:\WINDOWS\SYSTEM32\ativva5x.dat
2007-12-04 21:33 . 2007-12-04 21:33 887,724 --a------ C:\WINDOWS\SYSTEM32\ativva6x.dat
2007-12-04 21:19 . 2007-12-04 21:19 385,024 --a------ C:\WINDOWS\SYSTEM32\atikvmag.dll
2007-12-04 21:16 . 2007-12-04 21:16 49,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ati2erec.dll
2007-12-04 21:14 . 2007-12-04 21:14 180,224 --a------ C:\WINDOWS\SYSTEM32\atiok3x2.dll
2007-12-03 11:58 . 2008-01-21 17:56 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\Sony
2007-12-03 11:58 . 2007-12-03 11:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2007-12-03 11:52 . 2008-01-21 17:48 <DIR> d-------- C:\Program Files\Sony Setup
2007-12-01 01:55 . 2007-12-01 01:55 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\AVSEdit
2007-12-01 01:54 . 2007-12-01 01:54 <DIR> d-------- C:\Program Files\AVSEdit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-26 22:58 --------- d-----w C:\Program Files\Cheat Engine
2008-01-26 20:45 --------- d-----w C:\Program Files\Global Defense Network
2008-01-26 19:53 --------- d-----w C:\Program Files\StepMania
2008-01-26 17:12 --------- d-----w C:\Program Files\Three Rings Design
2008-01-26 09:04 --------- d-----w C:\Program Files\QuickTime
2008-01-26 09:01 --------- d-----w C:\Program Files\MSN Messenger
2008-01-26 05:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-26 04:07 --------- d-----w C:\Program Files\Trend Micro
2008-01-25 20:38 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-24 22:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 22:18 --------- d-----w C:\Program Files\Microsoft Games
2008-01-24 22:17 --------- d-----w C:\Program Files\Silkroad
2008-01-24 22:16 --------- d-----w C:\Program Files\De Blob
2008-01-24 22:13 --------- d-----w C:\Program Files\Activision
2008-01-24 03:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-23 02:28 --------- d-----w C:\Documents and Settings\OiSiN\Application Data\uTorrent
2008-01-21 22:49 --------- d-----w C:\Program Files\Sony
2008-01-15 01:39 102,400 ----a-w C:\WINDOWS\DUMPcff2.tmp
2008-01-14 14:26 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-12-28 02:29 --------- d-----w C:\Documents and Settings\OiSiN\Application Data\dvdcss
2007-12-23 05:26 --------- d-----w C:\Program Files\Ubisoft
2007-12-23 05:26 --------- d-----w C:\Documents and Settings\Fiachra\Application Data\InstallShield
2007-12-23 05:25 --------- d-----w C:\Program Files\EA SPORTS
2007-12-23 05:21 --------- d-----w C:\Program Files\EA GAMES
2007-12-23 05:17 --------- d-----w C:\Program Files\America's Army Server Manager
2007-12-21 23:51 --------- d-----w C:\Program Files\Real
2007-12-17 17:06 --------- d-----w C:\Documents and Settings\Gabi Sanio\Application Data\Apple Computer
2007-12-08 12:24 --------- d-----w C:\Documents and Settings\Gabi Sanio\Application Data\dvdcss
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ati2mtag.sys
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\SYSTEM32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\SYSTEM32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\SYSTEM32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\SYSTEM32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\SYSTEM32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\SYSTEM32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\SYSTEM32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\SYSTEM32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\SYSTEM32\ati2evxx.exe
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\SYSTEM32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\SYSTEM32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\SYSTEM32\atioglxx.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\SYSTEM32\atitvo32.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\SYSTEM32\ati2cqag.dll
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\SYSTEM32\AvastSS.scr
2007-12-03 08:44 --------- d-----w C:\Program Files\Volume Logic iTunes Plug-in
2007-12-03 08:44 --------- d-----w C:\Program Files\iTunes
2007-12-03 08:40 --------- d-----w C:\Documents and Settings\OiSiN\Application Data\Volume Logic iTunes Plug-in
2007-12-01 12:07 103,736 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2007-12-01 11:45 --------- d-s---w C:\Program Files\Xfire
2007-11-29 14:29 --------- d-----w C:\Program Files\Microangelo Toolset 6
2007-11-28 15:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-18 05:15 43,520 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt03.dll
2007-11-15 15:18 40,733 ----a-w C:\WINDOWS\SYSTEM32\rightonadz-uninst.exe
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-30 09:55 3,065,856 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-20 01:06 50,688 ----a-w C:\WINDOWS\SYSTEM32\wbhelp2.dll
2007-10-18 11:46 98,304 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2007-10-16 12:44 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-16 12:44 249,856 -c----w C:\WINDOWS\Setup1.exe
2007-10-16 11:55 166,777 ----a-w C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
2007-10-11 05:57 96,256 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
2007-10-11 05:57 666,112 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2007-10-11 05:57 666,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-11 05:57 617,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-11 05:57 55,808 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-11 05:57 532,480 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-11 05:57 474,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2007-10-11 05:57 449,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-11 05:57 39,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-10-11 05:57 357,888 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-10-11 05:57 251,904 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
2007-10-11 05:57 205,824 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-11 05:57 16,384 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-11 05:57 151,040 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
2007-10-11 05:57 146,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-11 05:57 1,498,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2007-10-11 05:57 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
2007-10-11 05:57 1,024,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
2007-10-11 05:02 98,304 ----a-w C:\WINDOWS\SYSTEM32\Kaze to Desktop.scr
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2007-07-08 21:38 22,328 ----a-w C:\Documents and Settings\OiSiN\Application Data\PnkBstrK.sys
2006-01-29 00:46 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
1998-04-24 05:00 1,078 ------w C:\Program Files\Common Files\RECYFULL.ICO
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2008-01-23 20:24 1421824]
"Steam"="c:\program files\steam\steam.exe" [2008-01-23 20:24 1266936]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-23 20:24 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-23 20:24 79224]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-01-24 16:37 73728]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-01-24 16:37 15872]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-23 20:24 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^THDetect.exe]
backup=C:\WINDOWS\pss\THDetect.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 11:06 11776 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HostManager"=C:\Program Files\Common Files\AOL\1162419055\ee\AOLSoftware.exe
"IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
"InfoData"=rundll32.exe "C:\WINDOWS\system32\cpubguss.dll",realset
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-10-19 20:19]
R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2007-12-04 05:15]
R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-09-27 08:57]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 cheetah1;Cheetah1;C:\Documents and Settings\OiSiN\Desktop\Cheetah Engine 2.0\cheetahrules.sys []
S3 DADriv1;DADriv1;C:\Documents and Settings\OiSiN\Desktop\MapleStory hacks and crap\DaEngine\DAK32.sys []
S3 geebers12;geebers12;C:\Buffy Engine 2.1\nvid888.sys [2007-05-03 14:37]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 11:11]
S3 Phal;Phal - Logitech io2 USB driver;C:\WINDOWS\system32\Drivers\LPhalUsb.sys [2004-06-24 20:27]
S3 sejt1;sejt1;C:\DOCUME~1\OiSiN\LOCALS~1\Temp\Rar$EX00.188\AkumaEngine33\sejt.sys []
S3 UCEDRIVER53;UCEDRIVER53;C:\Program Files\Ultimate Hack Pack\UCE\cetc.sys [2006-06-14 00:47]
S3 zenx1;zenx1;C:\DOCUME~1\OiSiN\LOCALS~1\Temp\Rar$EX02.797\MHSK\ZenxEngine\zenx.sys []

*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2007-02-02 16:35:39 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-01-29 19:30:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 16:45:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Completion time: 2008-01-30 17:01:34
ComboFix2.txt 2008-01-28 22:07:34
.
2008-01-30 21:54:50 --- E O F ---

and i still cant enter SAFE MODE.

Edited by 0isin, 29 January 2008 - 04:18 PM.

  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello


CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "C:\WINDOWS\system32\cpubguss.dll"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:


    • C:\WINDOWS\system32\cpubguss.dll

  • Click Open.
  • Click Post.
Thank you!




1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\cpubguss.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InfoData"=-


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Download and run SafeBootKeyRepair-CF from:

http://download.blee...otKeyRepair.exe
or
http://www.techsuppo...eyRepair-CF.exe

It will take only a moment for it to run.
A log will be produced at C:\SafeBoot_Repair.txt. Please post that in your next reply



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#15
0isin

0isin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok, so i checked for cpubgauss.dll, but couldnt find it. i guess i must have deleted it. but i think this was from a cheatengine thing called cake pub.

anyway, heres my new combofix log

ComboFix 08-01-30.1 - OiSiN 2008-01-31 16:09:51.5 - NTFSx86
Running from: C:\Documents and Settings\OiSiN\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\OiSiN\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\cpubguss.dll
.

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-31 15:27 . 2008-01-31 15:41 <DIR> d-------- C:\Program Files\IDoser v4
2008-01-28 15:56 . 2008-01-28 17:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-28 15:56 . 2008-01-28 15:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-26 23:09 . 2008-01-26 23:09 <DIR> d-------- C:\Documents and Settings\OiSiN\DoctorWeb
2008-01-26 16:36 . 2008-01-27 17:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 16:36 . 2008-01-26 16:36 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\SUPERAntiSpyware.com
2008-01-26 16:36 . 2008-01-26 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-26 16:35 . 2008-01-26 16:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 10:45 . 2008-01-26 10:45 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-25 23:06 . 2008-01-29 16:32 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-25 23:06 . 2008-01-26 00:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-25 15:37 . 2008-01-25 15:37 <DIR> d-------- C:\Documents and Settings\Gabi Sanio\Application Data\Thunderbird
2008-01-24 21:48 . 2008-01-24 21:48 <DIR> d-------- C:\Program Files\TVUPlayer
2008-01-24 21:48 . 2008-01-24 21:48 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\TVU networks
2008-01-24 21:48 . 2008-01-24 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-01-23 20:24 . 2008-01-23 20:24 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2008-01-21 23:38 . 2008-01-21 23:38 2 --a------ C:\-1199931731
2008-01-21 20:56 . 2008-01-21 23:32 <DIR> d-------- C:\Program Files\MP3 WAV Converter
2008-01-21 20:56 . 2002-09-12 16:04 1,269,760 --a------ C:\WINDOWS\SYSTEM32\ASTAudioFile.dll
2008-01-21 20:56 . 2002-09-12 17:55 1,200,128 --a------ C:\WINDOWS\SYSTEM32\ASTAudioInformation.dll
2008-01-21 20:56 . 1999-05-21 16:37 992,384 --a------ C:\WINDOWS\SYSTEM32\fpSpr30.ocx
2008-01-21 20:56 . 2008-01-21 23:32 2 --a------ C:\WINDOWS\SYSTEM32\RICHTX.DEP
2008-01-21 17:56 . 2008-01-21 17:56 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\Publish Providers
2008-01-21 17:56 . 2008-01-21 21:45 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\NetMedia Providers
2008-01-21 17:49 . 2008-01-21 23:50 4,613 --a------ C:\WINDOWS\cool.ini
2008-01-21 17:48 . 2008-01-21 17:50 <DIR> d-------- C:\cool
2008-01-21 17:48 . 1997-04-29 08:06 140,288 --a------ C:\WINDOWS\SYSTEM32\ra3214_4.dll
2008-01-21 17:48 . 1997-05-01 15:01 127,023 --a------ C:\WINDOWS\c96unins.exe
2008-01-21 17:48 . 1997-04-29 08:06 90,624 --a------ C:\WINDOWS\SYSTEM32\pnc32301.dll
2008-01-21 17:48 . 1997-04-29 08:06 85,504 --a------ C:\WINDOWS\SYSTEM32\encdnet.dll
2008-01-21 17:48 . 1997-04-29 08:06 72,704 --a------ C:\WINDOWS\SYSTEM32\ra3228_8.dll
2008-01-21 17:48 . 1997-04-29 08:06 13,824 --a------ C:\WINDOWS\SYSTEM32\ra32dnet.dll
2008-01-21 17:25 . 2008-01-21 17:25 <DIR> d-------- C:\Program Files\HammerHead
2008-01-17 07:31 . 2008-01-17 07:31 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-01-17 07:31 . 2008-01-17 07:32 <DIR> d-------- C:\Program Files\Canon
2008-01-17 07:24 . 2005-09-02 04:59 117,760 -ra------ C:\WINDOWS\SYSTEM32\CNDPTPU.dll
2008-01-17 07:24 . 2005-09-02 05:10 63,488 -ra------ C:\WINDOWS\SYSTEM32\CNDPTPC.dll
2008-01-15 21:19 . 2008-01-21 18:22 <DIR> d-------- C:\Program Files\Gish
2008-01-02 01:45 . 2008-01-02 01:45 <DIR> d-------- C:\ijji
2008-01-02 01:45 . 2008-01-02 01:45 <DIR> d--h----- C:\Documents and Settings\OiSiN\Application Data\ijjigame
2008-01-02 01:44 . 2008-01-02 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-01-02 01:26 . 2008-01-02 01:51 <DIR> d-------- C:\Program Files\softnyx
2007-12-28 03:16 . 2007-12-28 03:17 <DIR> d-------- C:\Pandora
2007-12-27 14:11 . 2007-12-27 14:13 37 --a------ C:\WINDOWS\marscam.ini
2007-12-27 14:10 . 2001-10-16 10:23 163,840 --a------ C:\WINDOWS\SYSTEM32\PhotoImpression Screen Saver.scr
2007-12-27 14:09 . 2007-12-27 14:09 <DIR> d-------- C:\Program Files\MARS
2007-12-27 14:09 . 2007-12-27 14:09 <DIR> d-------- C:\Program Files\ArcSoft
2007-12-27 14:09 . 2001-05-30 00:00 352,256 --a------ C:\WINDOWS\SYSTEM32\ijl15.dll
2007-12-27 14:09 . 2005-03-15 17:25 127,574 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MR97310c.sys
2007-12-27 14:09 . 2004-05-11 14:06 102,400 --a------ C:\WINDOWS\SYSTEM32\mr310ifc.dll
2007-12-27 14:09 . 2005-02-03 15:21 73,728 --a------ C:\WINDOWS\SYSTEM32\mr310ipc.dll
2007-12-27 14:09 . 2001-10-12 10:57 36,864 --a------ C:\WINDOWS\SYSTEM32\mr310exv.dll
2007-12-27 14:09 . 2001-10-12 10:58 28,672 --a------ C:\WINDOWS\SYSTEM32\mr310exd.dll
2007-12-27 14:09 . 2000-12-07 10:13 15,164 --a------ C:\WINDOWS\mr310twc.ini
2007-12-27 14:09 . 2002-04-12 15:31 12,106 --a------ C:\WINDOWS\mr310twc.src
2007-12-26 14:52 . 2007-12-26 14:52 <DIR> d-------- C:\Documents and Settings\Fiachra\Application Data\School Zone Preferences
2007-12-26 14:51 . 2007-12-26 14:51 <DIR> d-------- C:\Program Files\sz8033
2007-12-26 14:34 . 2007-12-26 14:34 <DIR> d-------- C:\Documents and Settings\Fiachra\Application Data\ATI
2007-12-25 12:24 . 2007-12-25 12:24 <DIR> d-------- C:\Documents and Settings\Zoe\Application Data\ATI
2007-12-24 12:51 . 2007-12-24 12:51 71,667 --a------ C:\noobsahead.jpg
2007-12-23 18:46 . 2007-12-23 18:46 <DIR> d-------- C:\Documents and Settings\Gabi Sanio\Application Data\ATI
2007-12-23 10:47 . 2007-12-23 10:47 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\ATI
2007-12-23 10:47 . 2007-12-23 10:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-12-23 00:53 . 2007-12-23 00:55 <DIR> d-------- C:\Program Files\ATI Technologies
2007-12-23 00:53 . 2007-12-05 14:17 593,920 --a------ C:\WINDOWS\SYSTEM32\ati2sgag.exe
2007-12-22 02:18 . 2008-01-31 15:49 <DIR> d-------- C:\Program Files\Steam
2007-12-21 18:51 . 2007-12-21 18:51 <DIR> d-------- C:\Program Files\Sierra On-Line
2007-12-19 16:42 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\SYSTEM32\d3dx9_35.dll
2007-12-17 21:40 . 2007-12-17 21:40 <DIR> d-------- C:\Program Files\uTorrent
2007-12-17 09:52 . 2007-12-17 09:52 <DIR> d-------- C:\Program Files\Frets on Fire
2007-12-17 09:52 . 2007-12-17 09:52 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\fretsonfire
2007-12-15 12:15 . 2007-12-15 12:15 <DIR> d-------- C:\Program Files\Riva
2007-12-15 11:48 . 2008-01-31 16:18 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-12-13 18:34 . 2007-12-13 18:34 <DIR> d-------- C:\Program Files\Bullet Candy
2007-12-11 18:18 . 2007-12-11 18:18 <DIR> d-------- C:\GMouse20
2007-12-10 04:37 . 2007-12-10 16:40 <DIR> d-------- C:\Program Files\Banshee Screamer Alarm
2007-12-08 07:21 . 2007-12-08 07:21 <DIR> d-------- C:\Documents and Settings\Gabi Sanio\Application Data\MEGAUPLOADTOOLBAR
2007-12-08 04:26 . 2007-12-15 13:54 50 --a------ C:\WINDOWS\MegaManager.INI
2007-12-08 03:44 . 2007-12-08 03:44 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\Megaupload
2007-12-07 11:55 . 2008-01-28 22:21 <DIR> d-------- C:\Program Files\Free Download Manager
2007-12-07 11:55 . 2008-01-28 22:26 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\Free Download Manager
2007-12-07 11:55 . 2007-12-07 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2007-12-06 12:56 . 2007-12-06 12:56 <DIR> d-------- C:\Program Files\MegaPremium Link Maker
2007-12-06 03:53 . 2007-12-06 03:53 <DIR> d-------- C:\Program Files\Game_Maker7
2007-12-06 03:38 . 2007-12-06 03:38 <DIR> d-------- C:\Program Files\GameTap
2007-12-06 03:38 . 2007-12-06 03:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameTap
2007-12-05 09:26 . 2007-12-05 09:26 <DIR> d-------- C:\Program Files\OpenVideoJoiner
2007-12-05 04:16 . 2007-12-05 04:16 <DIR> d-------- C:\Program Files\AliveMedia
2007-12-04 22:05 . 2007-12-04 22:05 368,640 --a------ C:\WINDOWS\SYSTEM32\ATIDEMGX.dll
2007-12-04 21:48 . 2007-12-04 21:48 9,535,488 --a------ C:\WINDOWS\SYSTEM32\atioglx2.dll
2007-12-04 21:33 . 2007-12-04 21:33 3,107,788 --a------ C:\WINDOWS\SYSTEM32\ativvaxx.dat
2007-12-04 21:33 . 2007-12-04 21:33 3,107,788 --a------ C:\WINDOWS\SYSTEM32\ativva5x.dat
2007-12-04 21:33 . 2007-12-04 21:33 887,724 --a------ C:\WINDOWS\SYSTEM32\ativva6x.dat
2007-12-04 21:19 . 2007-12-04 21:19 385,024 --a------ C:\WINDOWS\SYSTEM32\atikvmag.dll
2007-12-04 21:16 . 2007-12-04 21:16 49,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ati2erec.dll
2007-12-04 21:14 . 2007-12-04 21:14 180,224 --a------ C:\WINDOWS\SYSTEM32\atiok3x2.dll
2007-12-03 11:58 . 2008-01-21 17:56 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\Sony
2007-12-03 11:58 . 2007-12-03 11:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2007-12-03 11:52 . 2008-01-21 17:48 <DIR> d-------- C:\Program Files\Sony Setup
2007-12-01 01:55 . 2007-12-01 01:55 <DIR> d-------- C:\Documents and Settings\OiSiN\Application Data\AVSEdit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 21:15 --------- d-----w C:\Documents and Settings\OiSiN\Application Data\uTorrent
2008-01-30 23:19 --------- d-----w C:\Program Files\MSN Messenger
2008-01-30 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-26 22:58 --------- d-----w C:\Program Files\Cheat Engine
2008-01-26 20:45 --------- d-----w C:\Program Files\Global Defense Network
2008-01-26 19:53 --------- d-----w C:\Program Files\StepMania
2008-01-26 17:12 --------- d-----w C:\Program Files\Three Rings Design
2008-01-26 09:04 --------- d-----w C:\Program Files\QuickTime
2008-01-26 05:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-26 04:07 --------- d-----w C:\Program Files\Trend Micro
2008-01-25 20:38 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-24 22:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 22:18 --------- d-----w C:\Program Files\Microsoft Games
2008-01-24 22:17 --------- d-----w C:\Program Files\Silkroad
2008-01-24 22:16 --------- d-----w C:\Program Files\De Blob
2008-01-24 22:13 --------- d-----w C:\Program Files\Activision
2008-01-24 03:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-21 22:49 --------- d-----w C:\Program Files\Sony
2008-01-15 01:39 102,400 ----a-w C:\WINDOWS\DUMPcff2.tmp
2008-01-14 14:26 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-12-28 02:29 --------- d-----w C:\Documents and Settings\OiSiN\Application Data\dvdcss
2007-12-23 05:26 --------- d-----w C:\Program Files\Ubisoft
2007-12-23 05:26 --------- d-----w C:\Documents and Settings\Fiachra\Application Data\InstallShield
2007-12-23 05:25 --------- d-----w C:\Program Files\EA SPORTS
2007-12-23 05:21 --------- d-----w C:\Program Files\EA GAMES
2007-12-23 05:17 --------- d-----w C:\Program Files\America's Army Server Manager
2007-12-21 23:51 --------- d-----w C:\Program Files\Real
2007-12-17 17:06 --------- d-----w C:\Documents and Settings\Gabi Sanio\Application Data\Apple Computer
2007-12-08 12:24 --------- d-----w C:\Documents and Settings\Gabi Sanio\Application Data\dvdcss
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ati2mtag.sys
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\SYSTEM32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\SYSTEM32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\SYSTEM32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\SYSTEM32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\SYSTEM32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\SYSTEM32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\SYSTEM32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\SYSTEM32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\SYSTEM32\ati2evxx.exe
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\SYSTEM32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\SYSTEM32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\SYSTEM32\atioglxx.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\SYSTEM32\atitvo32.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\SYSTEM32\ati2cqag.dll
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\SYSTEM32\AvastSS.scr
2007-12-03 08:44 --------- d-----w C:\Program Files\Volume Logic iTunes Plug-in
2007-12-03 08:44 --------- d-----w C:\Program Files\iTunes
2007-12-03 08:40 --------- d-----w C:\Documents and Settings\OiSiN\Application Data\Volume Logic iTunes Plug-in
2007-12-01 12:07 103,736 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2007-12-01 11:45 --------- d-s---w C:\Program Files\Xfire
2007-11-29 14:29 --------- d-----w C:\Program Files\Microangelo Toolset 6
2007-11-28 15:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-18 05:15 43,520 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt03.dll
2007-11-15 15:18 40,733 ----a-w C:\WINDOWS\SYSTEM32\rightonadz-uninst.exe
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-30 09:55 3,065,856 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-20 01:06 50,688 ----a-w C:\WINDOWS\SYSTEM32\wbhelp2.dll
2007-10-18 11:46 98,304 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2007-10-16 12:44 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-16 12:44 249,856 -c----w C:\WINDOWS\Setup1.exe
2007-10-16 11:55 166,777 ----a-w C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
2007-10-11 05:57 96,256 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
2007-10-11 05:57 666,112 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2007-10-11 05:57 666,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-11 05:57 617,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-11 05:57 55,808 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-11 05:57 532,480 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-11 05:57 474,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2007-10-11 05:57 449,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-11 05:57 39,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-10-11 05:57 357,888 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-10-11 05:57 251,904 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
2007-10-11 05:57 205,824 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-11 05:57 16,384 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-11 05:57 151,040 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
2007-10-11 05:57 146,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-11 05:57 1,498,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2007-10-11 05:57 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
2007-10-11 05:57 1,024,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
2007-10-11 05:02 98,304 ----a-w C:\WINDOWS\SYSTEM32\Kaze to Desktop.scr
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2007-07-08 21:38 22,328 ----a-w C:\Documents and Settings\OiSiN\Application Data\PnkBstrK.sys
2006-01-29 00:46 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
1998-04-24 05:00 1,078 ------w C:\Program Files\Common Files\RECYFULL.ICO
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2008-01-23 20:24 1421824]
"Steam"="c:\program files\steam\steam.exe" [2008-01-23 20:24 1266936]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-23 20:24 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-23 20:24 79224]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-01-24 16:37 73728]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-01-24 16:37 15872]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-23 20:24 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^THDetect.exe]
backup=C:\WINDOWS\pss\THDetect.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 11:06 11776 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HostManager"=C:\Program Files\Common Files\AOL\1162419055\ee\AOLSoftware.exe
"IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-10-19 20:19]
R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2007-12-04 05:15]
R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-09-27 08:57]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 cheetah1;Cheetah1;C:\Documents and Settings\OiSiN\Desktop\Cheetah Engine 2.0\cheetahrules.sys []
S3 DADriv1;DADriv1;C:\Documents and Settings\OiSiN\Desktop\MapleStory hacks and crap\DaEngine\DAK32.sys []
S3 geebers12;geebers12;C:\Buffy Engine 2.1\nvid888.sys [2007-05-03 14:37]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 11:11]
S3 Phal;Phal - Logitech io2 USB driver;C:\WINDOWS\system32\Drivers\LPhalUsb.sys [2004-06-24 20:27]
S3 sejt1;sejt1;C:\DOCUME~1\OiSiN\LOCALS~1\Temp\Rar$EX00.188\AkumaEngine33\sejt.sys []
S3 UCEDRIVER53;UCEDRIVER53;C:\Program Files\Ultimate Hack Pack\UCE\cetc.sys [2006-06-14 00:47]
S3 zenx1;zenx1;C:\DOCUME~1\OiSiN\LOCALS~1\Temp\Rar$EX02.797\MHSK\ZenxEngine\zenx.sys []

*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2007-02-02 16:35:39 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-01-31 20:40:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 16:18:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Completion time: 2008-01-31 16:33:50
ComboFix2.txt 2008-01-30 22:01:35
ComboFix3.txt 2008-01-28 22:07:34
.
2008-01-30 21:54:50 --- E O F ---
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP