Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Serious PC Virus Problems - Help Please [RESOLVED]

Started by Lilz , Mar 15 2008 12:45 PM

This topic is locked

#1
Lilz

Posted 15 March 2008 - 12:45 PM

Member

Member
55 posts

Sorry I am new and not used to forums!

I posted my problems and for help here: http://www.geekstogo...ms-t191155.html

I have been told to post my log file from WinPatrol here. I cannot run HijackThis

Here is the log file:

Log created by WinPatrol version 14.0.2007.1:14.0.2007.1
Scan saved at 6:04:36 PM, on 3/15/2008
Platform: Windows XP SP2 Home Edition Service Pack 2 (Build 2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\Lavasoft\AD-AWARE 2007\AAWSERVICE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRAM FILES\Real\REALPLAYER\realplay.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\xitami\xigui32.exe
C:\PROGRAM FILES\QUICKTIME\qttask.exe
C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\ipoint.exe
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER\SPYHUNTER3.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\Uniblue\REGISTRYBOOSTER 2\REGISTRYBOOSTER.EXE
C:\PROGRAM FILES\INCREDIMAIL\bin\ImApp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE
C:\PROGRAM FILES\INCREDIMAIL\bin\ImNotfy.exe
C:\WINDOWS\system32\cidaemon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [igfxtray]C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd]C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers]C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup]C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler]C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start
O4 - HKLM\..\Run: [RealTray]C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA]C:\WINDOWS\system32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Motive SmartBridge]C:\Program Files\blueyonder IST\SmartBridge\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [xitami]C:\xitami\xigui32.exe
O4 - HKLM\..\Run: [MSKDetectorExe]C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [REGSHAVE]C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task]C:\Program Files\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck]C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint]C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [HP Software Update]C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [fwenc.exe]C:\Program Files\CheckPoint\SecuRemote\bin\fwenc.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite]C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [WinPatrol]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\RunOnceSetup: [Registrando Panda ActiveX]C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\as.dll
O4 - HKLM\..\RunOnceSetup: [Registrando Panda Almacen]C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\pavpz.dll
O4 - HKLM\..\RunOnceSetup: [Registering ActiveScan controles]C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\ascontrol.dll
O4 - HKCU\..\Run: [IncrediMail]C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2]C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\j2re1.4.2_03\bin
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft...p...&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft...amp;ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/stg_drm.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} (http://download.micr...03a978f/wvc1dmo) - http://download.micr...78f/wvc1dmo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1164667977908
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164667972127
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_03) - http://java.sun.com/...indows-i586.cab
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) - http://java.sun.com/...indows-i586.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O21 - UPnPMonitor - UPnP Tray Monitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll
O23 - Service: Ad-Aware 2007 Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: hpqcxs08 - Hewlett-Packard Co. - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
O23 - Service: HP CUE DeviceDiscovery Service - Hewlett-Packard Co. - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Net Driver HPZ12 - Hewlett-Packard - C:\WINDOWS\system32\HPZinw12.dll
O23 - Service: Intel NCS NetService - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - Hewlett-Packard - C:\WINDOWS\system32\HPZipm12.dll
O23 - Service: TrueVector Internet Monitor - - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 7.00.6000.16608
MSIE: Internet Explorer (7.00.6000.16608)
Firefox 2.0.0.4 installed in C:\Program Files\Mozilla Firefox.
2265 IE Cookies in Folder: C:\Documents and Settings\caryl\Cookies\
424 Mozilla Cookies in Folder: C:\Documents and Settings\caryl\Application Data\Mozilla\FireFox\Profiles\5t3papux.default

WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP00 - HKLM\CS3: BootExecute = autocheck autochk /p \??\C:
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.

WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [RegCure.job]C:\Program Files\RegCure\RegCure.exe Never
WP31 - Scheduled Tasks: [RegCure Program Check.job]C:\Program Files\RegCure\RegCure.exe 03/15/2008 5:44 PM
WP31 - Scheduled Tasks: [APSSchedule.job]c:\PHP\php.exe 03/14/2008 6:53 AM

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\dell.sdr
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\IPH.PH
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\sqmdata00.sqm
WP32 - Hidden File: C:\sqmdata01.sqm
WP32 - Hidden File: C:\sqmdata02.sqm
WP32 - Hidden File: C:\sqmnoopt00.sqm
WP32 - Hidden File: C:\sqmnoopt01.sqm
WP32 - Hidden File: C:\sqmnoopt02.sqm
WP32 - Hidden File: C:\WINDOWS\QTFont.qfn
WP32 - Hidden File: C:\WINDOWS\uedit32.cfg
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\02BD63BE89.sys
WP32 - Hidden File: C:\WINDOWS\system32\9E7333B588.sys
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\drivers\fidbox.dat
WP32 - Hidden File: C:\WINDOWS\system32\drivers\fidbox.idx
WP32 - Hidden File: C:\WINDOWS\system32\KGyGaAvL.sys
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\vsconfig.xml
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest

WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [WinZip File]C:\PROGRA~1\WINZIP\winzip32.exe %1
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .CSS: [Microsoft Development Environment]C:\Program Files\Microsoft Visual Studio\Common\IDE\IDE98\devenv.exe %1
WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .RAM: [RealPlayer File]C:\Program Files\Real\RealPlayer\RealPlay.exe /m audio/x-pn-realaudio %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*

Memory currently in use: 51%
Physical Memory Free: 502,444 KB
Paging File Free: 2,099,976 KB
Virtual Memory Free: 2,041,016 KB

--
End of file

I hope you can help me - many thanks

Edited by Lilz, 15 March 2008 - 01:06 PM.

#2
kahdah

Posted 15 March 2008 - 01:10 PM

GeekU Teacher

Retired Staff
15,822 posts

Hello Lilz

Welcome to G2Go.

=====================
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

#3
Lilz

Posted 15 March 2008 - 01:34 PM

Member

Topic Starter
Member
55 posts

Edit - it is running now

Edited by Lilz, 15 March 2008 - 01:55 PM.

#4
Lilz

Posted 15 March 2008 - 02:13 PM

Member

Topic Starter
Member
55 posts

Oh I am so excited - something good had happened already after the Comofix!!!!!! Windows Firewall has popped up on my start up - that hasn't happened all week!!!!!! It is asking me if I want to block "Fwenc" by Checkpoint. I don't know whether to say yes

Do you know please? I also got a pop up from WinPatrol to say that something had been changed in HOSTS - I said yes to accept the change - hope that was OK!

Also I have another Explorer icon as well as the old one. I used the new one to get to here - hope that was OK!

Here is the ComboFix log:

ComboFix 08-03-14.4 - caryl 2008-03-15 19:51:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.551 [GMT 0:00]
Running from: C:\Documents and Settings\caryl\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\1001328.exe
C:\WINDOWS\system32\drivers\down\100500.exe
C:\WINDOWS\system32\drivers\down\100859.exe
C:\WINDOWS\system32\drivers\down\102187.exe
C:\WINDOWS\system32\drivers\down\102281.exe
C:\WINDOWS\system32\drivers\down\103406.exe
C:\WINDOWS\system32\drivers\down\103906.exe
C:\WINDOWS\system32\drivers\down\104718.exe
C:\WINDOWS\system32\drivers\down\104796.exe
C:\WINDOWS\system32\drivers\down\104968.exe
C:\WINDOWS\system32\drivers\down\105734.exe
C:\WINDOWS\system32\drivers\down\106031.exe
C:\WINDOWS\system32\drivers\down\106109.exe
C:\WINDOWS\system32\drivers\down\106343.exe
C:\WINDOWS\system32\drivers\down\106390.exe
C:\WINDOWS\system32\drivers\down\1065125.exe
C:\WINDOWS\system32\drivers\down\1065750.exe
C:\WINDOWS\system32\drivers\down\1067500.exe
C:\WINDOWS\system32\drivers\down\1068375.exe
C:\WINDOWS\system32\drivers\down\1069500.exe
C:\WINDOWS\system32\drivers\down\107171.exe
C:\WINDOWS\system32\drivers\down\107328.exe
C:\WINDOWS\system32\drivers\down\1073781.exe
C:\WINDOWS\system32\drivers\down\108093.exe
C:\WINDOWS\system32\drivers\down\108125.exe
C:\WINDOWS\system32\drivers\down\108187.exe
C:\WINDOWS\system32\drivers\down\109359.exe
C:\WINDOWS\system32\drivers\down\109812.exe
C:\WINDOWS\system32\drivers\down\110234.exe
C:\WINDOWS\system32\drivers\down\1108906.exe
C:\WINDOWS\system32\drivers\down\111093.exe
C:\WINDOWS\system32\drivers\down\112015.exe
C:\WINDOWS\system32\drivers\down\1124765.exe
C:\WINDOWS\system32\drivers\down\112562.exe
C:\WINDOWS\system32\drivers\down\1126546.exe
C:\WINDOWS\system32\drivers\down\1128984.exe
C:\WINDOWS\system32\drivers\down\1130656.exe
C:\WINDOWS\system32\drivers\down\113484.exe
C:\WINDOWS\system32\drivers\down\1135953.exe
C:\WINDOWS\system32\drivers\down\113671.exe
C:\WINDOWS\system32\drivers\down\113781.exe
C:\WINDOWS\system32\drivers\down\1138796.exe
C:\WINDOWS\system32\drivers\down\1139281.exe
C:\WINDOWS\system32\drivers\down\1139562.exe
C:\WINDOWS\system32\drivers\down\1142218.exe
C:\WINDOWS\system32\drivers\down\114687.exe
C:\WINDOWS\system32\drivers\down\115125.exe
C:\WINDOWS\system32\drivers\down\115171.exe
C:\WINDOWS\system32\drivers\down\116421.exe
C:\WINDOWS\system32\drivers\down\117203.exe
C:\WINDOWS\system32\drivers\down\117484.exe
C:\WINDOWS\system32\drivers\down\1175656.exe
C:\WINDOWS\system32\drivers\down\117609.exe
C:\WINDOWS\system32\drivers\down\117734.exe
C:\WINDOWS\system32\drivers\down\1179718.exe
C:\WINDOWS\system32\drivers\down\118812.exe
C:\WINDOWS\system32\drivers\down\119546.exe
C:\WINDOWS\system32\drivers\down\119593.exe
C:\WINDOWS\system32\drivers\down\119609.exe
C:\WINDOWS\system32\drivers\down\121078.exe
C:\WINDOWS\system32\drivers\down\121734.exe
C:\WINDOWS\system32\drivers\down\121937.exe
C:\WINDOWS\system32\drivers\down\122203.exe
C:\WINDOWS\system32\drivers\down\122750.exe
C:\WINDOWS\system32\drivers\down\123109.exe
C:\WINDOWS\system32\drivers\down\123609.exe
C:\WINDOWS\system32\drivers\down\123625.exe
C:\WINDOWS\system32\drivers\down\123687.exe
C:\WINDOWS\system32\drivers\down\124171.exe
C:\WINDOWS\system32\drivers\down\124359.exe
C:\WINDOWS\system32\drivers\down\124796.exe
C:\WINDOWS\system32\drivers\down\1255578.exe
C:\WINDOWS\system32\drivers\down\125578.exe
C:\WINDOWS\system32\drivers\down\1256109.exe
C:\WINDOWS\system32\drivers\down\125781.exe
C:\WINDOWS\system32\drivers\down\125796.exe
C:\WINDOWS\system32\drivers\down\125921.exe
C:\WINDOWS\system32\drivers\down\1259984.exe
C:\WINDOWS\system32\drivers\down\1260625.exe
C:\WINDOWS\system32\drivers\down\126156.exe
C:\WINDOWS\system32\drivers\down\126218.exe
C:\WINDOWS\system32\drivers\down\126421.exe
C:\WINDOWS\system32\drivers\down\126687.exe
C:\WINDOWS\system32\drivers\down\126875.exe
C:\WINDOWS\system32\drivers\down\1271546.exe
C:\WINDOWS\system32\drivers\down\127203.exe
C:\WINDOWS\system32\drivers\down\127250.exe
C:\WINDOWS\system32\drivers\down\127265.exe
C:\WINDOWS\system32\drivers\down\127812.exe
C:\WINDOWS\system32\drivers\down\128359.exe
C:\WINDOWS\system32\drivers\down\128531.exe
C:\WINDOWS\system32\drivers\down\128968.exe
C:\WINDOWS\system32\drivers\down\129609.exe
C:\WINDOWS\system32\drivers\down\129625.exe
C:\WINDOWS\system32\drivers\down\130328.exe
C:\WINDOWS\system32\drivers\down\130375.exe
C:\WINDOWS\system32\drivers\down\130406.exe
C:\WINDOWS\system32\drivers\down\1304500.exe
C:\WINDOWS\system32\drivers\down\130546.exe
C:\WINDOWS\system32\drivers\down\130593.exe
C:\WINDOWS\system32\drivers\down\130750.exe
C:\WINDOWS\system32\drivers\down\131093.exe
C:\WINDOWS\system32\drivers\down\131140.exe
C:\WINDOWS\system32\drivers\down\131234.exe
C:\WINDOWS\system32\drivers\down\131281.exe
C:\WINDOWS\system32\drivers\down\131390.exe
C:\WINDOWS\system32\drivers\down\132000.exe
C:\WINDOWS\system32\drivers\down\132046.exe
C:\WINDOWS\system32\drivers\down\132328.exe
C:\WINDOWS\system32\drivers\down\132437.exe
C:\WINDOWS\system32\drivers\down\132921.exe
C:\WINDOWS\system32\drivers\down\133156.exe
C:\WINDOWS\system32\drivers\down\133234.exe
C:\WINDOWS\system32\drivers\down\133250.exe
C:\WINDOWS\system32\drivers\down\133515.exe
C:\WINDOWS\system32\drivers\down\133921.exe
C:\WINDOWS\system32\drivers\down\134046.exe
C:\WINDOWS\system32\drivers\down\1341906.exe
C:\WINDOWS\system32\drivers\down\134406.exe
C:\WINDOWS\system32\drivers\down\135171.exe
C:\WINDOWS\system32\drivers\down\135468.exe
C:\WINDOWS\system32\drivers\down\13548265.exe
C:\WINDOWS\system32\drivers\down\13550375.exe
C:\WINDOWS\system32\drivers\down\13551296.exe
C:\WINDOWS\system32\drivers\down\1355812.exe
C:\WINDOWS\system32\drivers\down\135593.exe
C:\WINDOWS\system32\drivers\down\135625.exe
C:\WINDOWS\system32\drivers\down\13567515.exe
C:\WINDOWS\system32\drivers\down\1357718.exe
C:\WINDOWS\system32\drivers\down\135812.exe
C:\WINDOWS\system32\drivers\down\135828.exe
C:\WINDOWS\system32\drivers\down\135984.exe
C:\WINDOWS\system32\drivers\down\13611250.exe
C:\WINDOWS\system32\drivers\down\136203.exe
C:\WINDOWS\system32\drivers\down\13652218.exe
C:\WINDOWS\system32\drivers\down\13662062.exe
C:\WINDOWS\system32\drivers\down\13663859.exe
C:\WINDOWS\system32\drivers\down\13676250.exe
C:\WINDOWS\system32\drivers\down\13678406.exe
C:\WINDOWS\system32\drivers\down\13684484.exe
C:\WINDOWS\system32\drivers\down\13687937.exe
C:\WINDOWS\system32\drivers\down\1368875.exe
C:\WINDOWS\system32\drivers\down\13689406.exe
C:\WINDOWS\system32\drivers\down\13699500.exe
C:\WINDOWS\system32\drivers\down\1370875.exe
C:\WINDOWS\system32\drivers\down\13725046.exe
C:\WINDOWS\system32\drivers\down\137281.exe
C:\WINDOWS\system32\drivers\down\137515.exe
C:\WINDOWS\system32\drivers\down\137578.exe
C:\WINDOWS\system32\drivers\down\13768609.exe
C:\WINDOWS\system32\drivers\down\13777312.exe
C:\WINDOWS\system32\drivers\down\137812.exe
C:\WINDOWS\system32\drivers\down\1378140.exe
C:\WINDOWS\system32\drivers\down\138015.exe
C:\WINDOWS\system32\drivers\down\138062.exe
C:\WINDOWS\system32\drivers\down\1381468.exe
C:\WINDOWS\system32\drivers\down\138203.exe
C:\WINDOWS\system32\drivers\down\138515.exe
C:\WINDOWS\system32\drivers\down\1386468.exe
C:\WINDOWS\system32\drivers\down\138687.exe
C:\WINDOWS\system32\drivers\down\1386890.exe
C:\WINDOWS\system32\drivers\down\138765.exe
C:\WINDOWS\system32\drivers\down\1389578.exe
C:\WINDOWS\system32\drivers\down\139484.exe
C:\WINDOWS\system32\drivers\down\139734.exe
C:\WINDOWS\system32\drivers\down\139812.exe
C:\WINDOWS\system32\drivers\down\140015.exe
C:\WINDOWS\system32\drivers\down\140375.exe
C:\WINDOWS\system32\drivers\down\140609.exe
C:\WINDOWS\system32\drivers\down\141062.exe
C:\WINDOWS\system32\drivers\down\141328.exe
C:\WINDOWS\system32\drivers\down\141546.exe
C:\WINDOWS\system32\drivers\down\141859.exe
C:\WINDOWS\system32\drivers\down\141968.exe
C:\WINDOWS\system32\drivers\down\142203.exe
C:\WINDOWS\system32\drivers\down\142343.exe
C:\WINDOWS\system32\drivers\down\142625.exe
C:\WINDOWS\system32\drivers\down\1431437.exe
C:\WINDOWS\system32\drivers\down\1435343.exe
C:\WINDOWS\system32\drivers\down\143703.exe
C:\WINDOWS\system32\drivers\down\143718.exe
C:\WINDOWS\system32\drivers\down\143750.exe
C:\WINDOWS\system32\drivers\down\143968.exe
C:\WINDOWS\system32\drivers\down\144140.exe
C:\WINDOWS\system32\drivers\down\144343.exe
C:\WINDOWS\system32\drivers\down\144359.exe
C:\WINDOWS\system32\drivers\down\144750.exe
C:\WINDOWS\system32\drivers\down\144968.exe
C:\WINDOWS\system32\drivers\down\145031.exe
C:\WINDOWS\system32\drivers\down\145656.exe
C:\WINDOWS\system32\drivers\down\145843.exe
C:\WINDOWS\system32\drivers\down\145875.exe
C:\WINDOWS\system32\drivers\down\146000.exe
C:\WINDOWS\system32\drivers\down\14620265.exe
C:\WINDOWS\system32\drivers\down\14620625.exe
C:\WINDOWS\system32\drivers\down\14624437.exe
C:\WINDOWS\system32\drivers\down\14625375.exe
C:\WINDOWS\system32\drivers\down\14631250.exe
C:\WINDOWS\system32\drivers\down\14655734.exe
C:\WINDOWS\system32\drivers\down\14659703.exe
C:\WINDOWS\system32\drivers\down\14661437.exe
C:\WINDOWS\system32\drivers\down\14663765.exe
C:\WINDOWS\system32\drivers\down\14672250.exe
C:\WINDOWS\system32\drivers\down\146734.exe
C:\WINDOWS\system32\drivers\down\14675250.exe
C:\WINDOWS\system32\drivers\down\14676109.exe
C:\WINDOWS\system32\drivers\down\14676921.exe
C:\WINDOWS\system32\drivers\down\14679250.exe
C:\WINDOWS\system32\drivers\down\146796.exe
C:\WINDOWS\system32\drivers\down\147109.exe
C:\WINDOWS\system32\drivers\down\147125.exe
C:\WINDOWS\system32\drivers\down\147218.exe
C:\WINDOWS\system32\drivers\down\14722359.exe
C:\WINDOWS\system32\drivers\down\14743796.exe
C:\WINDOWS\system32\drivers\down\147640.exe
C:\WINDOWS\system32\drivers\down\147656.exe
C:\WINDOWS\system32\drivers\down\147671.exe
C:\WINDOWS\system32\drivers\down\148062.exe
C:\WINDOWS\system32\drivers\down\148562.exe
C:\WINDOWS\system32\drivers\down\148640.exe
C:\WINDOWS\system32\drivers\down\148906.exe
C:\WINDOWS\system32\drivers\down\148984.exe
C:\WINDOWS\system32\drivers\down\149296.exe
C:\WINDOWS\system32\drivers\down\149390.exe
C:\WINDOWS\system32\drivers\down\149625.exe
C:\WINDOWS\system32\drivers\down\149890.exe
C:\WINDOWS\system32\drivers\down\150093.exe
C:\WINDOWS\system32\drivers\down\150484.exe
C:\WINDOWS\system32\drivers\down\150875.exe
C:\WINDOWS\system32\drivers\down\151093.exe
C:\WINDOWS\system32\drivers\down\151156.exe
C:\WINDOWS\system32\drivers\down\151421.exe
C:\WINDOWS\system32\drivers\down\151453.exe
C:\WINDOWS\system32\drivers\down\151906.exe
C:\WINDOWS\system32\drivers\down\151984.exe
C:\WINDOWS\system32\drivers\down\152140.exe
C:\WINDOWS\system32\drivers\down\152203.exe
C:\WINDOWS\system32\drivers\down\152375.exe
C:\WINDOWS\system32\drivers\down\152625.exe
C:\WINDOWS\system32\drivers\down\152718.exe
C:\WINDOWS\system32\drivers\down\152781.exe
C:\WINDOWS\system32\drivers\down\153109.exe
C:\WINDOWS\system32\drivers\down\153187.exe
C:\WINDOWS\system32\drivers\down\153437.exe
C:\WINDOWS\system32\drivers\down\153781.exe
C:\WINDOWS\system32\drivers\down\153828.exe
C:\WINDOWS\system32\drivers\down\154218.exe
C:\WINDOWS\system32\drivers\down\154281.exe
C:\WINDOWS\system32\drivers\down\15429156.exe
C:\WINDOWS\system32\drivers\down\15430968.exe
C:\WINDOWS\system32\drivers\down\15431796.exe
C:\WINDOWS\system32\drivers\down\15433500.exe
C:\WINDOWS\system32\drivers\down\15437796.exe
C:\WINDOWS\system32\drivers\down\154468.exe
C:\WINDOWS\system32\drivers\down\154500.exe
C:\WINDOWS\system32\drivers\down\15459812.exe
C:\WINDOWS\system32\drivers\down\154640.exe
C:\WINDOWS\system32\drivers\down\15465875.exe
C:\WINDOWS\system32\drivers\down\15467562.exe
C:\WINDOWS\system32\drivers\down\15469468.exe
C:\WINDOWS\system32\drivers\down\15476578.exe
C:\WINDOWS\system32\drivers\down\15479406.exe
C:\WINDOWS\system32\drivers\down\15481593.exe
C:\WINDOWS\system32\drivers\down\15482171.exe
C:\WINDOWS\system32\drivers\down\15484593.exe
C:\WINDOWS\system32\drivers\down\15526343.exe
C:\WINDOWS\system32\drivers\down\155265.exe
C:\WINDOWS\system32\drivers\down\155281.exe
C:\WINDOWS\system32\drivers\down\15531375.exe
C:\WINDOWS\system32\drivers\down\155484.exe
C:\WINDOWS\system32\drivers\down\156640.exe
C:\WINDOWS\system32\drivers\down\156796.exe
C:\WINDOWS\system32\drivers\down\15874984.exe
C:\WINDOWS\system32\drivers\down\15875671.exe
C:\WINDOWS\system32\drivers\down\15881296.exe
C:\WINDOWS\system32\drivers\down\15882250.exe
C:\WINDOWS\system32\drivers\down\15886968.exe
C:\WINDOWS\system32\drivers\down\158921.exe
C:\WINDOWS\system32\drivers\down\159000.exe
C:\WINDOWS\system32\drivers\down\15908218.exe
C:\WINDOWS\system32\drivers\down\15914953.exe
C:\WINDOWS\system32\drivers\down\15916671.exe
C:\WINDOWS\system32\drivers\down\15919015.exe
C:\WINDOWS\system32\drivers\down\15920312.exe
C:\WINDOWS\system32\drivers\down\15925625.exe
C:\WINDOWS\system32\drivers\down\15928156.exe
C:\WINDOWS\system32\drivers\down\15928890.exe
C:\WINDOWS\system32\drivers\down\15929796.exe
C:\WINDOWS\system32\drivers\down\15931656.exe
C:\WINDOWS\system32\drivers\down\159406.exe
C:\WINDOWS\system32\drivers\down\159437.exe
C:\WINDOWS\system32\drivers\down\159531.exe
C:\WINDOWS\system32\drivers\down\15971625.exe
C:\WINDOWS\system32\drivers\down\15975062.exe
C:\WINDOWS\system32\drivers\down\159828.exe
C:\WINDOWS\system32\drivers\down\159953.exe
C:\WINDOWS\system32\drivers\down\160015.exe
C:\WINDOWS\system32\drivers\down\160250.exe
C:\WINDOWS\system32\drivers\down\161093.exe
C:\WINDOWS\system32\drivers\down\161171.exe
C:\WINDOWS\system32\drivers\down\161562.exe
C:\WINDOWS\system32\drivers\down\161609.exe
C:\WINDOWS\system32\drivers\down\161718.exe
C:\WINDOWS\system32\drivers\down\162640.exe
C:\WINDOWS\system32\drivers\down\162890.exe
C:\WINDOWS\system32\drivers\down\163500.exe
C:\WINDOWS\system32\drivers\down\164390.exe
C:\WINDOWS\system32\drivers\down\164437.exe
C:\WINDOWS\system32\drivers\down\164828.exe
C:\WINDOWS\system32\drivers\down\165000.exe
C:\WINDOWS\system32\drivers\down\165375.exe
C:\WINDOWS\system32\drivers\down\165734.exe
C:\WINDOWS\system32\drivers\down\165921.exe
C:\WINDOWS\system32\drivers\down\166109.exe
C:\WINDOWS\system32\drivers\down\166437.exe
C:\WINDOWS\system32\drivers\down\167843.exe
C:\WINDOWS\system32\drivers\down\168078.exe
C:\WINDOWS\system32\drivers\down\168234.exe
C:\WINDOWS\system32\drivers\down\168250.exe
C:\WINDOWS\system32\drivers\down\168375.exe
C:\WINDOWS\system32\drivers\down\168859.exe
C:\WINDOWS\system32\drivers\down\168906.exe
C:\WINDOWS\system32\drivers\down\169343.exe
C:\WINDOWS\system32\drivers\down\169765.exe
C:\WINDOWS\system32\drivers\down\169828.exe
C:\WINDOWS\system32\drivers\down\169843.exe
C:\WINDOWS\system32\drivers\down\169968.exe
C:\WINDOWS\system32\drivers\down\170078.exe
C:\WINDOWS\system32\drivers\down\170125.exe
C:\WINDOWS\system32\drivers\down\171281.exe
C:\WINDOWS\system32\drivers\down\171453.exe
C:\WINDOWS\system32\drivers\down\171671.exe
C:\WINDOWS\system32\drivers\down\172265.exe
C:\WINDOWS\system32\drivers\down\172875.exe
C:\WINDOWS\system32\drivers\down\173093.exe
C:\WINDOWS\system32\drivers\down\173453.exe
C:\WINDOWS\system32\drivers\down\173718.exe
C:\WINDOWS\system32\drivers\down\174343.exe
C:\WINDOWS\system32\drivers\down\174453.exe
C:\WINDOWS\system32\drivers\down\174921.exe
C:\WINDOWS\system32\drivers\down\175078.exe
C:\WINDOWS\system32\drivers\down\175687.exe
C:\WINDOWS\system32\drivers\down\175906.exe
C:\WINDOWS\system32\drivers\down\176343.exe
C:\WINDOWS\system32\drivers\down\176375.exe
C:\WINDOWS\system32\drivers\down\176562.exe
C:\WINDOWS\system32\drivers\down\176687.exe
C:\WINDOWS\system32\drivers\down\177281.exe
C:\WINDOWS\system32\drivers\down\178515.exe
C:\WINDOWS\system32\drivers\down\179187.exe
C:\WINDOWS\system32\drivers\down\180125.exe
C:\WINDOWS\system32\drivers\down\180250.exe
C:\WINDOWS\system32\drivers\down\180421.exe
C:\WINDOWS\system32\drivers\down\180453.exe
C:\WINDOWS\system32\drivers\down\181109.exe
C:\WINDOWS\system32\drivers\down\181328.exe
C:\WINDOWS\system32\drivers\down\181796.exe
C:\WINDOWS\system32\drivers\down\182031.exe
C:\WINDOWS\system32\drivers\down\182046.exe
C:\WINDOWS\system32\drivers\down\182437.exe
C:\WINDOWS\system32\drivers\down\182765.exe
C:\WINDOWS\system32\drivers\down\182937.exe
C:\WINDOWS\system32\drivers\down\183046.exe
C:\WINDOWS\system32\drivers\down\183312.exe
C:\WINDOWS\system32\drivers\down\183437.exe
C:\WINDOWS\system32\drivers\down\183656.exe
C:\WINDOWS\system32\drivers\down\184109.exe
C:\WINDOWS\system32\drivers\down\185062.exe
C:\WINDOWS\system32\drivers\down\185437.exe
C:\WINDOWS\system32\drivers\down\185812.exe
C:\WINDOWS\system32\drivers\down\186671.exe
C:\WINDOWS\system32\drivers\down\187343.exe
C:\WINDOWS\system32\drivers\down\187968.exe
C:\WINDOWS\system32\drivers\down\188343.exe
C:\WINDOWS\system32\drivers\down\188468.exe
C:\WINDOWS\system32\drivers\down\188734.exe
C:\WINDOWS\system32\drivers\down\189343.exe
C:\WINDOWS\system32\drivers\down\189421.exe
C:\WINDOWS\system32\drivers\down\189718.exe
C:\WINDOWS\system32\drivers\down\190187.exe
C:\WINDOWS\system32\drivers\down\190671.exe
C:\WINDOWS\system32\drivers\down\191015.exe
C:\WINDOWS\system32\drivers\down\19157000.exe
C:\WINDOWS\system32\drivers\down\19157453.exe
C:\WINDOWS\system32\drivers\down\19164671.exe
C:\WINDOWS\system32\drivers\down\191671.exe
C:\WINDOWS\system32\drivers\down\19167468.exe
C:\WINDOWS\system32\drivers\down\19169437.exe
C:\WINDOWS\system32\drivers\down\19173078.exe
C:\WINDOWS\system32\drivers\down\191796.exe
C:\WINDOWS\system32\drivers\down\19210093.exe
C:\WINDOWS\system32\drivers\down\19214218.exe
C:\WINDOWS\system32\drivers\down\192156.exe
C:\WINDOWS\system32\drivers\down\19215843.exe
C:\WINDOWS\system32\drivers\down\19217796.exe
C:\WINDOWS\system32\drivers\down\19219546.exe
C:\WINDOWS\system32\drivers\down\19226375.exe
C:\WINDOWS\system32\drivers\down\19232171.exe
C:\WINDOWS\system32\drivers\down\19233453.exe
C:\WINDOWS\system32\drivers\down\19233750.exe
C:\WINDOWS\system32\drivers\down\192359.exe
C:\WINDOWS\system32\drivers\down\19236437.exe
C:\WINDOWS\system32\drivers\down\192750.exe
C:\WINDOWS\system32\drivers\down\19279750.exe
C:\WINDOWS\system32\drivers\down\19283500.exe
C:\WINDOWS\system32\drivers\down\193250.exe
C:\WINDOWS\system32\drivers\down\193500.exe
C:\WINDOWS\system32\drivers\down\193625.exe
C:\WINDOWS\system32\drivers\down\194984.exe
C:\WINDOWS\system32\drivers\down\195250.exe
C:\WINDOWS\system32\drivers\down\195625.exe
C:\WINDOWS\system32\drivers\down\195781.exe
C:\WINDOWS\system32\drivers\down\195796.exe
C:\WINDOWS\system32\drivers\down\196078.exe
C:\WINDOWS\system32\drivers\down\196453.exe
C:\WINDOWS\system32\drivers\down\196484.exe
C:\WINDOWS\system32\drivers\down\197593.exe
C:\WINDOWS\system32\drivers\down\197671.exe
C:\WINDOWS\system32\drivers\down\197906.exe
C:\WINDOWS\system32\drivers\down\198281.exe
C:\WINDOWS\system32\drivers\down\198437.exe
C:\WINDOWS\system32\drivers\down\198734.exe
C:\WINDOWS\system32\drivers\down\199671.exe
C:\WINDOWS\system32\drivers\down\200453.exe
C:\WINDOWS\system32\drivers\down\200781.exe
C:\WINDOWS\system32\drivers\down\202031.exe
C:\WINDOWS\system32\drivers\down\202281.exe
C:\WINDOWS\system32\drivers\down\202390.exe
C:\WINDOWS\system32\drivers\down\202406.exe
C:\WINDOWS\system32\drivers\down\202515.exe
C:\WINDOWS\system32\drivers\down\202531.exe
C:\WINDOWS\system32\drivers\down\202750.exe
C:\WINDOWS\system32\drivers\down\203031.exe
C:\WINDOWS\system32\drivers\down\203125.exe
C:\WINDOWS\system32\drivers\down\203812.exe
C:\WINDOWS\system32\drivers\down\204484.exe
C:\WINDOWS\system32\drivers\down\205421.exe
C:\WINDOWS\system32\drivers\down\205734.exe
C:\WINDOWS\system32\drivers\down\205921.exe
C:\WINDOWS\system32\drivers\down\206656.exe
C:\WINDOWS\system32\drivers\down\207015.exe
C:\WINDOWS\system32\drivers\down\207703.exe
C:\WINDOWS\system32\drivers\down\208515.exe
C:\WINDOWS\system32\drivers\down\208703.exe
C:\WINDOWS\system32\drivers\down\209125.exe
C:\WINDOWS\system32\drivers\down\209750.exe
C:\WINDOWS\system32\drivers\down\209890.exe
C:\WINDOWS\system32\drivers\down\210031.exe
C:\WINDOWS\system32\drivers\down\210531.exe
C:\WINDOWS\system32\drivers\down\210687.exe
C:\WINDOWS\system32\drivers\down\210796.exe
C:\WINDOWS\system32\drivers\down\210875.exe
C:\WINDOWS\system32\drivers\down\211625.exe
C:\WINDOWS\system32\drivers\down\212140.exe
C:\WINDOWS\system32\drivers\down\212281.exe
C:\WINDOWS\system32\drivers\down\213375.exe
C:\WINDOWS\system32\drivers\down\213562.exe
C:\WINDOWS\system32\drivers\down\213937.exe
C:\WINDOWS\system32\drivers\down\214484.exe
C:\WINDOWS\system32\drivers\down\214531.exe
C:\WINDOWS\system32\drivers\down\214546.exe
C:\WINDOWS\system32\drivers\down\216171.exe
C:\WINDOWS\system32\drivers\down\216234.exe
C:\WINDOWS\system32\drivers\down\216593.exe
C:\WINDOWS\system32\drivers\down\216796.exe
C:\WINDOWS\system32\drivers\down\217234.exe
C:\WINDOWS\system32\drivers\down\217546.exe
C:\WINDOWS\system32\drivers\down\218015.exe
C:\WINDOWS\system32\drivers\down\218125.exe
C:\WINDOWS\system32\drivers\down\218296.exe
C:\WINDOWS\system32\drivers\down\219375.exe
C:\WINDOWS\system32\drivers\down\220500.exe
C:\WINDOWS\system32\drivers\down\220921.exe
C:\WINDOWS\system32\drivers\down\222671.exe
C:\WINDOWS\system32\drivers\down\223703.exe
C:\WINDOWS\system32\drivers\down\224593.exe
C:\WINDOWS\system32\drivers\down\224625.exe
C:\WINDOWS\system32\drivers\down\227109.exe
C:\WINDOWS\system32\drivers\down\227453.exe
C:\WINDOWS\system32\drivers\down\227562.exe
C:\WINDOWS\system32\drivers\down\227609.exe
C:\WINDOWS\system32\drivers\down\227843.exe
C:\WINDOWS\system32\drivers\down\228203.exe
C:\WINDOWS\system32\drivers\down\228625.exe
C:\WINDOWS\system32\drivers\down\228890.exe
C:\WINDOWS\system32\drivers\down\229281.exe
C:\WINDOWS\system32\drivers\down\230203.exe
C:\WINDOWS\system32\drivers\down\230578.exe
C:\WINDOWS\system32\drivers\down\232843.exe
C:\WINDOWS\system32\drivers\down\233359.exe
C:\WINDOWS\system32\drivers\down\237578.exe
C:\WINDOWS\system32\drivers\down\238218.exe
C:\WINDOWS\system32\drivers\down\238265.exe
C:\WINDOWS\system32\drivers\down\238656.exe
C:\WINDOWS\system32\drivers\down\238921.exe
C:\WINDOWS\system32\drivers\down\240531.exe
C:\WINDOWS\system32\drivers\down\240812.exe
C:\WINDOWS\system32\drivers\down\240828.exe
C:\WINDOWS\system32\drivers\down\241875.exe
C:\WINDOWS\system32\drivers\down\242453.exe
C:\WINDOWS\system32\drivers\down\242609.exe
C:\WINDOWS\system32\drivers\down\243062.exe
C:\WINDOWS\system32\drivers\down\243125.exe
C:\WINDOWS\system32\drivers\down\243390.exe
C:\WINDOWS\system32\drivers\down\246468.exe
C:\WINDOWS\system32\drivers\down\246500.exe
C:\WINDOWS\system32\drivers\down\247093.exe
C:\WINDOWS\system32\drivers\down\247828.exe
C:\WINDOWS\system32\drivers\down\248125.exe
C:\WINDOWS\system32\drivers\down\249015.exe
C:\WINDOWS\system32\drivers\down\249921.exe
C:\WINDOWS\system32\drivers\down\251187.exe
C:\WINDOWS\system32\drivers\down\253218.exe
C:\WINDOWS\system32\drivers\down\253718.exe
C:\WINDOWS\system32\drivers\down\254234.exe
C:\WINDOWS\system32\drivers\down\254968.exe
C:\WINDOWS\system32\drivers\down\255062.exe
C:\WINDOWS\system32\drivers\down\255140.exe
C:\WINDOWS\system32\drivers\down\255187.exe
C:\WINDOWS\system32\drivers\down\255968.exe
C:\WINDOWS\system32\drivers\down\256375.exe
C:\WINDOWS\system32\drivers\down\256984.exe
C:\WINDOWS\system32\drivers\down\258171.exe
C:\WINDOWS\system32\drivers\down\258296.exe
C:\WINDOWS\system32\drivers\down\258828.exe
C:\WINDOWS\system32\drivers\down\259031.exe
C:\WINDOWS\system32\drivers\down\259265.exe
C:\WINDOWS\system32\drivers\down\262062.exe
C:\WINDOWS\system32\drivers\down\263843.exe
C:\WINDOWS\system32\drivers\down\263953.exe
C:\WINDOWS\system32\drivers\down\265109.exe
C:\WINDOWS\system32\drivers\down\266937.exe
C:\WINDOWS\system32\drivers\down\267046.exe
C:\WINDOWS\system32\drivers\down\267687.exe
C:\WINDOWS\system32\drivers\down\268109.exe
C:\WINDOWS\system32\drivers\down\272265.exe
C:\WINDOWS\system32\drivers\down\272859.exe
C:\WINDOWS\system32\drivers\down\275437.exe
C:\WINDOWS\system32\drivers\down\281015.exe
C:\WINDOWS\system32\drivers\down\281312.exe
C:\WINDOWS\system32\drivers\down\281734.exe
C:\WINDOWS\system32\drivers\down\282171.exe
C:\WINDOWS\system32\drivers\down\283656.exe
C:\WINDOWS\system32\drivers\down\284234.exe
C:\WINDOWS\system32\drivers\down\284359.exe
C:\WINDOWS\system32\drivers\down\284875.exe
C:\WINDOWS\system32\drivers\down\287140.exe
C:\WINDOWS\system32\drivers\down\288343.exe
C:\WINDOWS\system32\drivers\down\289609.exe
C:\WINDOWS\system32\drivers\down\289750.exe
C:\WINDOWS\system32\drivers\down\291156.exe
C:\WINDOWS\system32\drivers\down\292328.exe
C:\WINDOWS\system32\drivers\down\295156.exe
C:\WINDOWS\system32\drivers\down\297375.exe
C:\WINDOWS\system32\drivers\down\298906.exe
C:\WINDOWS\system32\drivers\down\29959015.exe
C:\WINDOWS\system32\drivers\down\29961203.exe
C:\WINDOWS\system32\drivers\down\29961359.exe
C:\WINDOWS\system32\drivers\down\29962906.exe
C:\WINDOWS\system32\drivers\down\30021890.exe
C:\WINDOWS\system32\drivers\down\30024812.exe
C:\WINDOWS\system32\drivers\down\30026406.exe
C:\WINDOWS\system32\drivers\down\30029046.exe
C:\WINDOWS\system32\drivers\down\30035843.exe
C:\WINDOWS\system32\drivers\down\30038875.exe
C:\WINDOWS\system32\drivers\down\30039234.exe
C:\WINDOWS\system32\drivers\down\30039437.exe
C:\WINDOWS\system32\drivers\down\30041296.exe
C:\WINDOWS\system32\drivers\down\30081625.exe
C:\WINDOWS\system32\drivers\down\30085125.exe
C:\WINDOWS\system32\drivers\down\301562.exe
C:\WINDOWS\system32\drivers\down\301890.exe
C:\WINDOWS\system32\drivers\down\302984.exe
C:\WINDOWS\system32\drivers\down\303328.exe
C:\WINDOWS\system32\drivers\down\306250.exe
C:\WINDOWS\system32\drivers\down\307250.exe
C:\WINDOWS\system32\drivers\down\309609.exe
C:\WINDOWS\system32\drivers\down\311281.exe
C:\WINDOWS\system32\drivers\down\313062.exe
C:\WINDOWS\system32\drivers\down\313984.exe
C:\WINDOWS\system32\drivers\down\316343.exe
C:\WINDOWS\system32\drivers\down\318328.exe
C:\WINDOWS\system32\drivers\down\318750.exe
C:\WINDOWS\system32\drivers\down\319078.exe
C:\WINDOWS\system32\drivers\down\321468.exe
C:\WINDOWS\system32\drivers\down\323406.exe
C:\WINDOWS\system32\drivers\down\323937.exe
C:\WINDOWS\system32\drivers\down\325796.exe
C:\WINDOWS\system32\drivers\down\326843.exe
C:\WINDOWS\system32\drivers\down\330984.exe
C:\WINDOWS\system32\drivers\down\348484.exe
C:\WINDOWS\system32\drivers\down\353453.exe
C:\WINDOWS\system32\drivers\down\371937.exe
C:\WINDOWS\system32\drivers\down\3723968.exe
C:\WINDOWS\system32\drivers\down\3730640.exe
C:\WINDOWS\system32\drivers\down\3731500.exe
C:\WINDOWS\system32\drivers\down\3736796.exe
C:\WINDOWS\system32\drivers\down\3743390.exe
C:\WINDOWS\system32\drivers\down\375859.exe
C:\WINDOWS\system32\drivers\down\3761109.exe
C:\WINDOWS\system32\drivers\down\3767953.exe
C:\WINDOWS\system32\drivers\down\3769640.exe
C:\WINDOWS\system32\drivers\down\3773296.exe
C:\WINDOWS\system32\drivers\down\3776078.exe
C:\WINDOWS\system32\drivers\down\3784312.exe
C:\WINDOWS\system32\drivers\down\3788015.exe
C:\WINDOWS\system32\drivers\down\3791828.exe
C:\WINDOWS\system32\drivers\down\3792156.exe
C:\WINDOWS\system32\drivers\down\3795093.exe
C:\WINDOWS\system32\drivers\down\3830000.exe
C:\WINDOWS\system32\drivers\down\3835687.exe
C:\WINDOWS\system32\drivers\down\44512625.exe
C:\WINDOWS\system32\drivers\down\44514031.exe
C:\WINDOWS\system32\drivers\down\44514125.exe
C:\WINDOWS\system32\drivers\down\44516828.exe
C:\WINDOWS\system32\drivers\down\44523890.exe
C:\WINDOWS\system32\drivers\down\44549250.exe
C:\WINDOWS\system32\drivers\down\44555609.exe
C:\WINDOWS\system32\drivers\down\44557203.exe
C:\WINDOWS\system32\drivers\down\44564406.exe
C:\WINDOWS\system32\drivers\down\44571734.exe
C:\WINDOWS\system32\drivers\down\44574593.exe
C:\WINDOWS\system32\drivers\down\44576281.exe
C:\WINDOWS\system32\drivers\down\44576671.exe
C:\WINDOWS\system32\drivers\down\44578875.exe
C:\WINDOWS\system32\drivers\down\44621015.exe
C:\WINDOWS\system32\drivers\down\44624468.exe
C:\WINDOWS\system32\drivers\down\70375.exe
C:\WINDOWS\system32\drivers\down\71031.exe
C:\WINDOWS\system32\drivers\down\7401500.exe
C:\WINDOWS\system32\drivers\down\7402828.exe
C:\WINDOWS\system32\drivers\down\7410718.exe
C:\WINDOWS\system32\drivers\down\7411593.exe
C:\WINDOWS\system32\drivers\down\7412812.exe
C:\WINDOWS\system32\drivers\down\7417406.exe
C:\WINDOWS\system32\drivers\down\7454953.exe
C:\WINDOWS\system32\drivers\down\7463109.exe
C:\WINDOWS\system32\drivers\down\7464875.exe
C:\WINDOWS\system32\drivers\down\7476703.exe
C:\WINDOWS\system32\drivers\down\7478609.exe
C:\WINDOWS\system32\drivers\down\7492531.exe
C:\WINDOWS\system32\drivers\down\74953.exe
C:\WINDOWS\system32\drivers\down\7495625.exe
C:\WINDOWS\system32\drivers\down\7496718.exe
C:\WINDOWS\system32\drivers\down\7497171.exe
C:\WINDOWS\system32\drivers\down\7499234.exe
C:\WINDOWS\system32\drivers\down\75640.exe
C:\WINDOWS\system32\drivers\down\75703.exe
C:\WINDOWS\system32\drivers\down\76250.exe
C:\WINDOWS\system32\drivers\down\76625.exe
C:\WINDOWS\system32\drivers\down\76812.exe
C:\WINDOWS\system32\drivers\down\77375.exe
C:\WINDOWS\system32\drivers\down\77468.exe
C:\WINDOWS\system32\drivers\down\77671.exe
C:\WINDOWS\system32\drivers\down\77703.exe
C:\WINDOWS\system32\drivers\down\77781.exe
C:\WINDOWS\system32\drivers\down\77968.exe
C:\WINDOWS\system32\drivers\down\78312.exe
C:\WINDOWS\system32\drivers\down\78359.exe
C:\WINDOWS\system32\drivers\down\78718.exe
C:\WINDOWS\system32\drivers\down\78828.exe
C:\WINDOWS\system32\drivers\down\78953.exe
C:\WINDOWS\system32\drivers\down\79125.exe
C:\WINDOWS\system32\drivers\down\79343.exe
C:\WINDOWS\system32\drivers\down\79671.exe
C:\WINDOWS\system32\drivers\down\797250.exe
C:\WINDOWS\system32\drivers\down\79765.exe
C:\WINDOWS\system32\drivers\down\799203.exe
C:\WINDOWS\system32\drivers\down\80046.exe
C:\WINDOWS\system32\drivers\down\80078.exe
C:\WINDOWS\system32\drivers\down\801046.exe
C:\WINDOWS\system32\drivers\down\80156.exe
C:\WINDOWS\system32\drivers\down\80484.exe
C:\WINDOWS\system32\drivers\down\80656.exe
C:\WINDOWS\system32\drivers\down\80687.exe
C:\WINDOWS\system32\drivers\down\80890.exe
C:\WINDOWS\system32\drivers\down\81046.exe
C:\WINDOWS\system32\drivers\down\82078.exe
C:\WINDOWS\system32\drivers\down\82203.exe
C:\WINDOWS\system32\drivers\down\82625.exe
C:\WINDOWS\system32\drivers\down\826609.exe
C:\WINDOWS\system32\drivers\down\82765.exe
C:\WINDOWS\system32\drivers\down\83046.exe
C:\WINDOWS\system32\drivers\down\83453.exe
C:\WINDOWS\system32\drivers\down\83640.exe
C:\WINDOWS\system32\drivers\down\83953.exe
C:\WINDOWS\system32\drivers\down\84015.exe
C:\WINDOWS\system32\drivers\down\84375.exe
C:\WINDOWS\system32\drivers\down\84421.exe
C:\WINDOWS\system32\drivers\down\84640.exe
C:\WINDOWS\system32\drivers\down\84671.exe
C:\WINDOWS\system32\drivers\down\848578.exe
C:\WINDOWS\system32\drivers\down\849140.exe
C:\WINDOWS\system32\drivers\down\849640.exe
C:\WINDOWS\system32\drivers\down\85031.exe
C:\WINDOWS\system32\drivers\down\850781.exe
C:\WINDOWS\system32\drivers\down\851875.exe
C:\WINDOWS\system32\drivers\down\853046.exe
C:\WINDOWS\system32\drivers\down\85328.exe
C:\WINDOWS\system32\drivers\down\85343.exe
C:\WINDOWS\system32\drivers\down\85562.exe
C:\WINDOWS\system32\drivers\down\85718.exe
C:\WINDOWS\system32\drivers\down\85906.exe
C:\WINDOWS\system32\drivers\down\85984.exe
C:\WINDOWS\system32\drivers\down\86375.exe
C:\WINDOWS\system32\drivers\down\86406.exe
C:\WINDOWS\system32\drivers\down\86437.exe
C:\WINDOWS\system32\drivers\down\86609.exe
C:\WINDOWS\system32\drivers\down\866265.exe
C:\WINDOWS\system32\drivers\down\867515.exe
C:\WINDOWS\system32\drivers\down\867843.exe
C:\WINDOWS\system32\drivers\down\86796.exe
C:\WINDOWS\system32\drivers\down\87000.exe
C:\WINDOWS\system32\drivers\down\870109.exe
C:\WINDOWS\system32\drivers\down\873406.exe
C:\WINDOWS\system32\drivers\down\87468.exe
C:\WINDOWS\system32\drivers\down\87562.exe
C:\WINDOWS\system32\drivers\down\87828.exe
C:\WINDOWS\system32\drivers\down\87937.exe
C:\WINDOWS\system32\drivers\down\879500.exe
C:\WINDOWS\system32\drivers\down\88015.exe
C:\WINDOWS\system32\drivers\down\88031.exe
C:\WINDOWS\system32\drivers\down\88265.exe
C:\WINDOWS\system32\drivers\down\88406.exe
C:\WINDOWS\system32\drivers\down\88500.exe
C:\WINDOWS\system32\drivers\down\88625.exe
C:\WINDOWS\system32\drivers\down\88843.exe
C:\WINDOWS\system32\drivers\down\89093.exe
C:\WINDOWS\system32\drivers\down\89109.exe
C:\WINDOWS\system32\drivers\down\89359.exe
C:\WINDOWS\system32\drivers\down\89437.exe
C:\WINDOWS\system32\drivers\down\90125.exe
C:\WINDOWS\system32\drivers\down\90265.exe
C:\WINDOWS\system32\drivers\down\906203.exe
C:\WINDOWS\system32\drivers\down\906609.exe
C:\WINDOWS\system32\drivers\down\90750.exe
C:\WINDOWS\system32\drivers\down\907750.exe
C:\WINDOWS\system32\drivers\down\90859.exe
C:\WINDOWS\system32\drivers\down\90953.exe
C:\WINDOWS\system32\drivers\down\91031.exe
C:\WINDOWS\system32\drivers\down\911796.exe
C:\WINDOWS\system32\drivers\down\913234.exe
C:\WINDOWS\system32\drivers\down\91390.exe
C:\WINDOWS\system32\drivers\down\91484.exe
C:\WINDOWS\system32\drivers\down\915093.exe
C:\WINDOWS\system32\drivers\down\91593.exe
C:\WINDOWS\system32\drivers\down\91656.exe
C:\WINDOWS\system32\drivers\down\91890.exe
C:\WINDOWS\system32\drivers\down\91984.exe
C:\WINDOWS\system32\drivers\down\92015.exe
C:\WINDOWS\system32\drivers\down\920375.exe
C:\WINDOWS\system32\drivers\down\92187.exe
C:\WINDOWS\system32\drivers\down\92203.exe
C:\WINDOWS\system32\drivers\down\92312.exe
C:\WINDOWS\system32\drivers\down\92687.exe
C:\WINDOWS\system32\drivers\down\92843.exe
C:\WINDOWS\system32\drivers\down\930046.exe
C:\WINDOWS\system32\drivers\down\93109.exe
C:\WINDOWS\system32\drivers\down\93250.exe
C:\WINDOWS\system32\drivers\down\933203.exe
C:\WINDOWS\system32\drivers\down\93343.exe
C:\WINDOWS\system32\drivers\down\93625.exe
C:\WINDOWS\system32\drivers\down\936953.exe
C:\WINDOWS\system32\drivers\down\93890.exe
C:\WINDOWS\system32\drivers\down\93937.exe
C:\WINDOWS\system32\drivers\down\940859.exe
C:\WINDOWS\system32\drivers\down\94328.exe
C:\WINDOWS\system32\drivers\down\94343.exe
C:\WINDOWS\system32\drivers\down\94359.exe
C:\WINDOWS\system32\drivers\down\944531.exe
C:\WINDOWS\system32\drivers\down\94625.exe
C:\WINDOWS\system32\drivers\down\95312.exe
C:\WINDOWS\system32\drivers\down\95421.exe
C:\WINDOWS\system32\drivers\down\95625.exe
C:\WINDOWS\system32\drivers\down\956968.exe
C:\WINDOWS\system32\drivers\down\961546.exe
C:\WINDOWS\system32\drivers\down\96468.exe
C:\WINDOWS\system32\drivers\down\96687.exe
C:\WINDOWS\system32\drivers\down\96937.exe
C:\WINDOWS\system32\drivers\down\97937.exe
C:\WINDOWS\system32\drivers\down\98000.exe
C:\WINDOWS\system32\drivers\down\98281.exe
C:\WINDOWS\system32\drivers\down\98437.exe
C:\WINDOWS\system32\drivers\down\98734.exe
C:\WINDOWS\system32\drivers\down\98796.exe
C:\WINDOWS\system32\drivers\down\991796.exe
C:\WINDOWS\system32\drivers\down\99265.exe
C:\WINDOWS\system32\drivers\down\99359.exe
C:\WINDOWS\system32\drivers\down\99406.exe
C:\WINDOWS\system32\drivers\down\99453.exe
C:\WINDOWS\system32\drivers\down\99484.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\instsrv.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_SROSA
-------\srosa

((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.

2008-03-15 20:00 . 2008-03-15 20:00 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-03-15 11:54 . 2008-03-15 11:54 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-15 11:53 . 2008-03-15 11:53 <DIR> d-------- C:\stdtsa
2008-03-15 11:44 . 2008-03-15 11:44 <DIR> d-------- C:\Program Files\BillP Studios
2008-03-15 11:44 . 2008-03-15 11:44 <DIR> d-------- C:\Documents and Settings\caryl\Application Data\WinPatrol
2008-03-14 23:46 . 2008-03-14 23:46 <DIR> d-------- C:\Program Files\Uniblue
2008-03-14 23:46 . 2008-03-14 23:46 <DIR> d-------- C:\Documents and Settings\caryl\Application Data\Uniblue
2008-03-14 20:40 . 2008-03-14 20:40 <DIR> d-------- C:\WINDOWS\system32\Zonelabs
2008-03-14 20:40 . 2008-03-14 20:59 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-14 20:40 . 2008-03-14 20:40 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-14 17:16 . 2008-03-14 17:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-13 11:08 . 2008-03-13 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-13 00:28 . 2008-03-13 00:42 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-13 00:19 . 2008-03-13 17:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-12 22:46 . 2008-03-12 22:46 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-12 17:49 . 2007-08-23 12:08 33,288 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-03-12 17:49 . 2007-08-23 12:10 28,168 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-03-12 17:49 . 2007-08-23 12:08 25,096 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-03-12 16:58 . 2008-03-14 00:11 <DIR> d-------- C:\Documents and Settings\caryl\.housecall6.6
2008-03-12 12:01 . 2008-03-12 12:01 <DIR> d-------- C:\RegCure_1.5.0.55
2008-03-12 12:01 . 2008-03-12 12:18 <DIR> d-------- C:\Program Files\RegCure
2008-03-11 20:12 . 2008-03-14 23:03 <DIR> d-------- C:\DS Games
2008-03-10 13:31 . 2008-03-10 13:32 286,720 --a------ C:\WINDOWS\iun506.exe
2008-03-09 20:10 . 2008-03-09 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-03-09 20:09 . 2008-03-09 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-03-06 19:20 . 2008-03-06 19:20 244 --ah----- C:\sqmnoopt02.sqm
2008-03-06 19:20 . 2008-03-06 19:20 232 --ah----- C:\sqmdata02.sqm
2008-02-29 22:39 . 2008-02-29 22:40 <DIR> d-------- C:\Documents and Settings\caryl\Application Data\Abra Academy2
2008-02-29 00:00 . 2008-02-29 00:00 <DIR> d-------- C:\Program Files\Abra Academy - Returning Cast
2008-02-28 19:47 . 2008-02-28 19:47 <DIR> d-------- C:\Documents and Settings\caryl\Application Data\iWin
2008-02-28 14:48 . 2008-02-28 14:48 <DIR> d-------- C:\Documents and Settings\caryl\Application Data\cerasus.media
2008-02-27 23:18 . 2008-02-27 23:18 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-02-20 14:50 . 2008-02-20 14:50 <DIR> d-------- C:\Documents and Settings\caryl\Application Data\Ipswitch
2008-02-20 12:01 . 2008-02-20 12:01 <DIR> d-------- C:\Program Files\Ipswitch
2008-02-20 12:01 . 2008-02-20 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ipswitch
2008-02-20 12:01 . 2007-08-09 12:50 606,293 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-02-20 12:01 . 2007-08-09 12:50 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-02-18 20:26 . 2008-02-18 20:28 <DIR> d-------- C:\Program Files\Sprill - The Mystery of The Bermuda Triangle
<

Edited by Lilz, 15 March 2008 - 02:23 PM.

#5
Lilz

Posted 15 March 2008 - 02:26 PM

Member

Topic Starter
Member
55 posts

I think my log files are too big - when I preview my post it looks like I have all the log details on it - but when I submit it - they are not there! HELP please

My Highjack file from WinPatrol:

Log created by WinPatrol version 14.0.2007.1:14.0.2007.1
Scan saved at 8:22:37 PM, on 3/15/2008
Platform: Windows XP SP2 Home Edition Service Pack 2 (Build 2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\Lavasoft\AD-AWARE 2007\AAWSERVICE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRAM FILES\Java\J2RE1.4.2_03\bin\jusched.exe
C:\PROGRAM FILES\Real\REALPLAYER\realplay.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\xitami\xigui32.exe
C:\PROGRAM FILES\QUICKTIME\qttask.exe
C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\ipoint.exe
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\CHECKPOINT\SECUREMOTE\bin\fwenc.exe
C:\PROGRAM FILES\Uniblue\REGISTRYBOOSTER 2\REGISTRYBOOSTER.EXE
C:\PROGRAM FILES\INCREDIMAIL\bin\ImApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\iexplore.exe
C:\PROGRAM FILES\HP\SMART WEB PRINTING\HPSWP_CLIPBOOK.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [igfxtray]C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd]C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers]C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup]C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler]C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start
O4 - HKLM\..\Run: [RealTray]C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA]C:\WINDOWS\system32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Motive SmartBridge]C:\Program Files\blueyonder IST\SmartBridge\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [xitami]C:\xitami\xigui32.exe
O4 - HKLM\..\Run: [REGSHAVE]C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task]C:\Program Files\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck]C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint]C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [HP Software Update]C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [fwenc.exe]C:\Program Files\CheckPoint\SecuRemote\bin\fwenc.exe
O4 - HKLM\..\RunOnceSetup: [Registrando Panda ActiveX]C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\as.dll
O4 - HKLM\..\RunOnceSetup: [Registrando Panda Almacen]C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\pavpz.dll
O4 - HKLM\..\RunOnceSetup: [Registering ActiveScan controles]C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\ascontrol.dll
O4 - HKCU\..\Run: [IncrediMail]C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2]C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\j2re1.4.2_03\bin
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft...p...&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft...amp;ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/stg_drm.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} (http://download.micr...03a978f/wvc1dmo) - http://download.micr...78f/wvc1dmo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1164667977908
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164667972127
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_03) - http://java.sun.com/...indows-i586.cab
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) - http://java.sun.com/...indows-i586.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O21 - UPnPMonitor - UPnP Tray Monitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll
O23 - Service: Ad-Aware 2007 Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Application Management - - C:\WINDOWS\System32\appmgmts.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: hpqcxs08 - Hewlett-Packard Co. - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
O23 - Service: HP CUE DeviceDiscovery Service - Hewlett-Packard Co. - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Net Driver HPZ12 - Hewlett-Packard - C:\WINDOWS\system32\HPZinw12.dll
O23 - Service: Intel NCS NetService - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - Hewlett-Packard - C:\WINDOWS\system32\HPZipm12.dll
O23 - Service: TrueVector Internet Monitor - - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 7.00.6000.16608
MSIE: Internet Explorer (7.00.6000.16608)
Firefox 2.0.0.4 installed in C:\Program Files\Mozilla Firefox.
2265 IE Cookies in Folder: C:\Documents and Settings\caryl\Cookies\
424 Mozilla Cookies in Folder: C:\Documents and Settings\caryl\Application Data\Mozilla\FireFox\Profiles\5t3papux.default

WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP00 - HKLM\CS3: BootExecute = autocheck autochk /p \??\C:
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.

WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [RegCure.job]C:\Program Files\RegCure\RegCure.exe Never
WP31 - Scheduled Tasks: [RegCure Program Check.job]C:\Program Files\RegCure\RegCure.exe 03/15/2008 8:00 PM
WP31 - Scheduled Tasks: [APSSchedule.job]c:\PHP\php.exe 03/14/2008 6:53 AM

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\dell.sdr
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\IPH.PH
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\sqmdata00.sqm
WP32 - Hidden File: C:\sqmdata01.sqm
WP32 - Hidden File: C:\sqmdata02.sqm
WP32 - Hidden File: C:\sqmnoopt00.sqm
WP32 - Hidden File: C:\sqmnoopt01.sqm
WP32 - Hidden File: C:\sqmnoopt02.sqm
WP32 - Hidden File: C:\WINDOWS\QTFont.qfn
WP32 - Hidden File: C:\WINDOWS\uedit32.cfg
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\02BD63BE89.sys
WP32 - Hidden File: C:\WINDOWS\system32\9E7333B588.sys
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\drivers\fidbox.dat
WP32 - Hidden File: C:\WINDOWS\system32\drivers\fidbox.idx
WP32 - Hidden File: C:\WINDOWS\system32\KGyGaAvL.sys
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest

WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [WinZip File]C:\PROGRA~1\WINZIP\winzip32.exe %1
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .CSS: [Microsoft Development Environment]C:\Program Files\Microsoft Visual Studio\Common\IDE\IDE98\devenv.exe %1
WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .RAM: [RealPlayer File]C:\Program Files\Real\RealPlayer\RealPlay.exe /m audio/x-pn-realaudio %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*

Memory currently in use: 41%
Physical Memory Free: 609,028 KB
Paging File Free: 2,168,556 KB
Virtual Memory Free: 2,054,764 KB

--
End of file

Edited by Lilz, 15 March 2008 - 02:27 PM.

#6
Lilz

Posted 15 March 2008 - 02:29 PM

Member

Topic Starter
Member
55 posts

The second part of my ComboFix log:

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_SROSA
-------\srosa

((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.

2008-03-15 20:00 . 2008-03-15 20:00 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-03-15 11:54 . 2008-03-15 11:54 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-15 11:53 . 2008-03-15 11:53 <DIR> d-------- C:\stdtsa
2008-03-15 11:44 . 2008-03-15 11:44 <DIR> d-------- C:\Program Files\BillP Studios
2008-03-15 11:44 . 2008-03-15 11:44 <DIR> d-------- C:\Documents and Settings\caryl\Application Data\WinPatrol
2008-03-14 23:46 . 2008-03-14 23:46 <DIR> d-------- C:\Program Files\Uniblue
2008-03-14 23:46 . 2008-03-14 23:46 <DIR> d-------- C:\Documents and Settings\caryl\Application Data\Uniblue
2008-03-14 20:40 . 2008-03-14 20:40 <DIR> d-------- C:\WINDOWS\system32\Zonelabs
2008-03-14 20:40 . 2008-03-14 20:59 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-14 20:40 . 2008-03-14 20:40 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-14 17:16 . 2008-03-14 17:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-13 11:08 . 2008-03-13 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-13 00:28 . 2008-03-13 00:42 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-13 00:19 . 2008-03-13 17:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-12 22:46 . 2008-03-12 22:46 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-12 17:49 . 2007-08-23 12:08 33,288 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-03-12 17:49 . 2007-08-23 12:10 28,168 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-03-12 17:49 . 2007-08-23 12:08 25,096 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-03-12 16:58 . 2008-03-14 00:11 <DIR> d-------- C:\Documents and Settings\caryl\.housecall6.6
2008-03-12 12:01 . 2008-03-12 12:01 <DIR> d-------- C:\RegCure_1.5.0.55
2008-03-12 12:01 . 2008-03-12 12:18 <DIR> d-------- C:\Program Files\RegCure
2008-03-11 20:12 . 2008-03-14 23:03 <DIR> d-------- C:\DS Games
2008-03-10 13:31 . 2008-03-10 13:32 286,720 --a------ C:\WINDOWS\iun506.exe
2008-03-09 20:10 . 2008-03-09 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-03-09 20:09 . 2008-03-09 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-03-06 19:20 . 2008-03-06 19:20 244 --ah----- C:\sqmnoopt02.sqm
2008-03-06 19:20 . 2008-03-06 19:20 232 --ah----- C:\sqmdata02.sqm
2008-02-29 22:39 . 2008-02-29 22:40 <DIR> d-------- C:\Documents and Settings\caryl\Application Data\Abra Academy2
2008-02-29 00:00 . 2008-02-29 00:00 <DIR> d-------- C:\Program Files\Abra Academy - Returning Cast
2008-02-28 19:47 . 2008-02-28 19:47 <DIR> d-------- C:\Documents and Settings\caryl\Application Data\iWin
2008-02-28 14:48 . 2008-02-28 14:48 <DIR> d-------- C:\Documents and Settings\caryl\Application Data\cerasus.media
2008-02-27 23:18 . 2008-02-27 23:18 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-02-20 14:50 . 2008-02-20 14:50 <DIR> d-------- C:\Documents and Settings\caryl\Application Data\Ipswitch
2008-02-20 12:01 . 2008-02-20 12:01 <DIR> d-------- C:\Program Files\Ipswitch
2008-02-20 12:01 . 2008-02-20 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ipswitch
2008-02-20 12:01 . 2007-08-09 12:50 606,293 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-02-20 12:01 . 2007-08-09 12:50 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-02-18 20:26 . 2008-02-18 20:28 <DIR> d-------- C:\Program Files\Sprill - The Mystery of The Bermuda Triangle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 12:14 --------- d-----w C:\Program Files\The Scruffs
2008-03-15 12:13 --------- d-----w C:\Program Files\Sunset Studio Deluxe
2008-03-15 09:29 --------- d-----w C:\Program Files\eMule
2008-03-14 10:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-12 19:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-12 11:37 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-12 11:37 --------- d-----w C:\Documents and Settings\caryl\Application Data\AVG7
2008-03-12 11:19 970,652 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-12 11:19 82,798,624 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-10 13:43 --------- d-----w C:\Program Files\Travelogue 360 Rome
2008-03-09 20:23 --------- d-----w C:\Program Files\IncrediMail
2008-03-09 20:09 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-03-03 17:34 --------- d-----w C:\Documents and Settings\caryl\Application Data\PlayFirst
2008-03-03 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-02-27 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\MonteCristo
2008-02-17 14:43 --------- d-----w C:\Program Files\SpongeBob SquarePants Krabby Quest
2008-02-12 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-02-12 13:00 --------- d-----w C:\Program Files\Spirit of Wandering - The Legend
2008-02-07 20:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-02-07 13:43 --------- d-----w C:\Program Files\The Nightshift Code
2008-02-03 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Friday's games
2008-02-02 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-02-02 09:20 --------- d-----w C:\Documents and Settings\caryl\Application Data\GameHouse
2008-02-01 10:29 --------- d-----w C:\Program Files\Lavasoft
2008-02-01 10:26 --------- d-----w C:\Documents and Settings\caryl\Application Data\Lavasoft
2008-01-31 18:02 --------- d-----w C:\Documents and Settings\caryl\Application Data\HP
2008-01-31 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-01-31 13:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-01-31 13:05 --------- d-----w C:\Program Files\HP
2008-01-31 13:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-01-31 13:04 --------- d-----w C:\Documents and Settings\caryl\Application Data\HPAppData
2008-01-31 13:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-01-31 13:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-01-31 13:01 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-31 13:01 --------- d-----w C:\Program Files\Common Files\HP
2008-01-31 13:00 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2006-07-12 10:29 56 --sh--r C:\WINDOWS\system32\02BD63BE89.sys
2006-07-12 10:35 88 --sh--r C:\WINDOWS\system32\9E7333B588.sys
2006-07-13 14:54 5,434 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-03-09 12:51 243072]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 19:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 19:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 19:50 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48 32881]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-05-26 18:30 26112]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20 122940]
"Motive SmartBridge"="C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe" [2006-07-04 09:07 651264]
"xitami"="C:\xitami\xigui32.exe" [2006-06-01 21:25 536576]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-27 12:43 282624]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 23:15 600896]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"fwenc.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\fwenc.exe" [2002-08-07 12:51 2421248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-03-14 22:16 15360]
"Spyware Doctor"="" []

C:\Documents and Settings\oliver\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-09-30 09:38:54 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-01-23 14:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2007-12-05 16:06 1885464 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
--------- 2008-01-27 05:38 316728 C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\xitami\\xigui32.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\fwenc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"113:TCP"= 113:TCP:TCP-TRAFFIC

R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;C:\WINDOWS\ZDCNDIS5.sys [2006-06-20 10:57]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2002-08-18 14:59]
S1 SAVOnAccess Control;SAVOnAccess Control;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys []
S1 SAVOnAccess Filter;SAVOnAccess Filter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys []
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-02-10 15:10]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2006-06-20 10:57]
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 12:53]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-05-15 13:49]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-05-15 13:49]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-05-15 13:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 06:53:04 C:\WINDOWS\Tasks\APSSchedule.job"
- c:\php\php.exe'C:\xitami\webpages\APS\APSSchedule.php
"2008-03-15 20:00:19 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-12 12:02:51 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 20:00:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\BridgeMP]
"ImagePath"="1"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\System32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-03-15 20:04:02 - machine was rebooted [caryl]
ComboFix-quarantined-files.txt 2008-03-15 20:03:59
ComboFix2.txt 2006-11-28 20:48:08
.
2008-02-13 17:07:18 --- E O F ---

#7
kahdah

Posted 15 March 2008 - 02:29 PM

GeekU Teacher

Retired Staff
15,822 posts

Checkpoint is legit and yes that was fine about the hosts file.
=======================================
Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\sqmnoopt02.sqm
C:\sqmdata02.sqm
C:\WINDOWS\system32\drivers\down
C:\Documents and Settings\oliver\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

==========================
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
====================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Edited by kahdah, 15 March 2008 - 02:33 PM.

#8
Lilz

Posted 15 March 2008 - 02:38 PM

Member

Topic Starter
Member
55 posts

I am SOOOOOO grateful - I was able to download Hijackthis! Unbelievable! I haven't been able to run or install any "tools" all week! You are such a TOP man! Enough rambling but I am so excited and grateful! IE seems to be running really fast again too! Sorry - rambling agian!

Here is the Hijack file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:36:18, on 15/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\xitami\xigui32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CheckPoint\SecuRemote\bin\fwenc.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...&...&channel=uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [xitami] C:\xitami\xigui32.exe
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [fwenc.exe] "C:\Program Files\CheckPoint\SecuRemote\bin\fwenc.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/stg_drm.ocx
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1164667977908
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164667972127
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{88C916FB-2BBB-45E4-BDC1-42B27D7DB4FB}: NameServer = 212.135.1.36
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 7409 bytes

#9
kahdah

Posted 15 March 2008 - 02:44 PM

GeekU Teacher

Retired Staff
15,822 posts

You are welcome it is actually the maker of Combofix you should thank as I am only a helper.
But thanks anyway

====================
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)

Now click on Fix Checked and then close Hijackthis.
====================================
Go ahead and install the following antivirus.
This is free.
AVG free
=============================
Then Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

#10
Lilz

Posted 15 March 2008 - 02:47 PM

Member

Topic Starter
Member
55 posts

OT Move it result:

C:\sqmnoopt02.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\WINDOWS\system32\drivers\down moved successfully.
C:\Documents and Settings\oliver\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03152008_204248

The rest to follow

#11
Lilz

Posted 15 March 2008 - 04:24 PM

Member

Topic Starter
Member
55 posts

Hi - just finished the Kaspersky scan - it found 11 viruses and 87 infected files

The file is saved as a text doc but is so big it will never fit on here!

What should I do?

I am just going to do the Hijack edit thing and try and install AVG - I'll wait to hear from you.

Thanks

#12
kahdah

Posted 15 March 2008 - 04:31 PM

GeekU Teacher

Retired Staff
15,822 posts

Try to e-mail the kaspersky scan to me at kahdah at aol.com replace at with @

#13
Lilz

Posted 15 March 2008 - 04:42 PM

Member

Topic Starter
Member
55 posts

Will email it to you - thanks for that. I did the Highjack thing - no problems.

I have now downloaded and installed AVG - so good to be able to do that!

I am running a scan now.

#14
kahdah

Posted 15 March 2008 - 04:59 PM

GeekU Teacher

Retired Staff
15,822 posts

Hold off on that scan please with AVG.

I would like for you to submit some files for me to analyze.

Click Here
and submit these 2 files for me please.
C:\Program Files\blueyonder IST\SmartBridge\blueyonder-istnotifier.exe
C:\script.vbs

thank you.
We will continue after you have done that .