Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Will Not let me run HiJackThis[RESOLVED]


  • This topic is locked This topic is locked

#16
wadeb_21

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
I"m looking for the Notepad file right now. Did you want me to run the combo fix in normal mode?
  • 0

Advertisements


#17
wadeb_21

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
Ok here is the notepad file I was looking for. Hope this helps.

Attached Files


  • 0

#18
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Yes please run Combofix in normal mode, then post me the log it produces. Also, please copy the log and paste it into your reply instead of attaching it. This makes it much easier for me to read and research.
  • 0

#19
wadeb_21

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
Below is the Combofix log.

ComboFix 08-04-14.2 - jesse wool 2008-04-15 15:39:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.626 [GMT -4:00]
Running from: C:\Documents and Settings\jesse wool\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ADMIN\Application Data\wsnpoem
C:\Documents and Settings\ADMIN\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\ADMIN\Application Data\wsnpoem\video.dll
C:\Documents and Settings\All Users\Application Data\Starware316
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Anti-Virus-Pro.com
C:\Documents and Settings\jesse wool\Application Data\Starware316
C:\Documents and Settings\jesse wool\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\jesse wool\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\Layouts\WeatherLayout.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\Layouts\WeatherLayout.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\jesse wool\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\jesse wool\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\Tem144.tmp
C:\Documents and Settings\jesse wool\Application Data\Starware316\Tem22B.tmp
C:\Documents and Settings\jesse wool\Application Data\Starware316\Tem5DF.tmp
C:\Documents and Settings\jesse wool\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\jesse wool\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\jesse wool\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Program Files\AntiVirusPro
C:\Program Files\cjb
C:\Program Files\ecurit~1
C:\Program Files\ecurit~1\?ecurity\
C:\Program Files\ecurit~1\smss .exe
C:\Program Files\iSecurity
C:\Program Files\iSecurity\iSecurity.dat
C:\Program Files\iSecurity\syscleaner.bmp
C:\Program Files\iSecurity\syscleanerinstalled.bmp
C:\Program Files\iSecurity\systemdefender.bmp
C:\Program Files\iSecurity\systemdefenderinstalled.bmp
C:\Program Files\iSecurity\winifixer.bmp
C:\Program Files\iSecurity\winifixerinstalled.bmp
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe
C:\Program Files\screensavers.com\SSSInstaller\bin\sinstaller3.exe
C:\Program Files\screensavers.com\SSSInstaller\bin\SSSInstaller.dll
C:\Program Files\screensavers.com\SSSUninst.exe
C:\Program Files\sks~1
C:\Program Files\sks~1\??sks\
C:\Program Files\Starware316
C:\Program Files\Starware316\brand.bmp
C:\Program Files\Starware316\icons\star_16.ico
C:\Program Files\Starware316\Starware316Config.xml
C:\Program Files\Starware316\Starware316Uninstall.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\conf.inf
C:\WINDOWS\desktop.html
C:\WINDOWS\fnts~1
C:\WINDOWS\Installer\{d1f822ca-1c3a-4a6d-a27b-5e6efe4fb1c9}\KernelPrx.dll
C:\WINDOWS\ky.sxc
C:\WINDOWS\mscon.sio
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\msram.dll
C:\WINDOWS\system32\n.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\system32\ssqomnm.dll
C:\WINDOWS\system32\ucifuqwh.dll
C:\WINDOWS\winself.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_icf
-------\Service_ICF
-------\Legacy_mssysinterv1
-------\mssysinterv1


((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-15 15:43 . 2008-04-15 15:43 <DIR> d-------- C:\Temp\tn3
2008-04-15 15:05 . 2008-04-15 11:39 <DIR> d-------- C:\SDFix
2008-04-15 14:06 . 2008-04-15 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-15 14:00 . 2008-04-15 14:00 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\AVG7
2008-04-15 13:53 . 2006-10-04 10:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-15 13:53 . 2006-10-04 10:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-15 13:53 . 2006-10-04 10:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-15 13:32 . 2008-03-01 09:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-15 13:32 . 2007-06-30 23:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-15 13:32 . 2007-06-30 23:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-15 13:32 . 2008-03-01 09:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-15 13:32 . 2008-03-01 09:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-15 13:32 . 2008-03-01 09:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-15 13:32 . 2008-04-15 13:32 114,688 --a------ C:\WINDOWS\system32\dahwhixe.exe
2008-04-15 13:32 . 2008-03-01 09:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-15 13:32 . 2008-03-01 09:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-15 13:32 . 2008-02-22 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-15 13:18 . 2008-04-15 13:51 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-15 13:17 . 2008-02-20 01:32 45,568 -----c--- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-04-15 13:14 . 2007-07-12 19:31 765,952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2008-04-15 13:14 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-15 12:38 . 2008-04-15 12:38 <DIR> d-------- C:\Deckard
2008-04-15 10:55 . 2008-04-15 14:03 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-15 10:55 . 2008-04-15 10:55 <DIR> d-------- C:\Documents and Settings\jesse wool\Application Data\SUPERAntiSpyware.com
2008-04-15 10:55 . 2008-04-15 10:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-15 09:17 . 2008-04-15 09:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-15 08:26 . 2008-04-15 08:27 <DIR> d-------- C:\WINDOWS\system32\spool
2008-04-14 17:07 . 2008-04-14 17:07 <DIR> d-------- C:\Documents and Settings\jesse wool\Application Data\TmpRecentIcons
2008-04-14 16:38 . 2008-04-14 16:38 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-14 15:59 . 2002-04-15 22:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-04-14 15:59 . 2007-08-13 18:06 56,700 --a------ C:\WINDOWS\system32\ieuinit.inf
2008-04-14 15:59 . 2004-08-02 15:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-04-14 15:59 . 2004-08-02 15:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-04-14 15:24 . 2008-04-15 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\wdkbqdwn
2008-04-14 14:26 . 2008-04-14 14:26 <DIR> d--hs---- C:\Documents and Settings\ADMIN\UserData
2008-04-14 14:20 . 2005-09-26 15:50 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Jasc Software Inc
2008-04-14 14:20 . 2005-09-26 15:35 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Intel
2008-04-14 14:20 . 2005-09-26 15:59 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Gtek
2008-04-14 14:20 . 2008-04-15 10:53 <DIR> d-------- C:\Documents and Settings\ADMIN
2008-04-14 14:16 . 2008-04-14 14:16 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-14 14:15 . 2004-08-04 03:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-14 14:15 . 2004-08-04 03:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-14 13:47 . 2008-04-15 09:13 414 --ahs---- C:\WINDOWS\system32\oathjtgu.ini
2008-04-14 13:22 . 2008-04-14 13:22 294 --ahs---- C:\WINDOWS\system32\tuskgnle.ini
2008-04-14 12:22 . 2007-07-30 20:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-14 12:04 . 2008-04-14 12:04 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-14 11:31 . 2008-04-15 10:53 <DIR> d-------- C:\Program Files\IE Extensions
2008-04-14 11:30 . 2008-04-15 10:54 <DIR> d-------- C:\WINDOWS\system32\403445
2008-04-14 11:30 . 2008-04-14 11:47 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 11:29 . 2008-04-14 11:29 61,952 --a------ C:\icjamlp.exe
2008-04-14 11:29 . 2008-04-14 11:29 55,808 --a------ C:\WINDOWS\winsysxz.exe
2008-04-14 11:29 . 2008-04-14 11:29 55,218 --a------ C:\WINDOWS\qaszpurn.sys
2008-04-14 11:29 . 2008-04-14 11:29 35,336 --a------ C:\WINDOWS\antispl.exe
2008-04-14 11:29 . 2008-04-14 11:29 2 --a------ C:\1020091134
2008-04-14 11:08 . 2008-04-15 15:43 <DIR> d-------- C:\WINDOWS\system32\4847
2008-04-14 11:01 . 2004-08-04 02:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime
2008-04-14 11:01 . 2004-08-04 02:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime
2008-04-14 11:01 . 2004-08-04 02:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime
2008-04-14 11:01 . 2004-08-04 02:04 65,536 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime
2008-04-14 10:59 . 2003-07-16 12:17 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-04-14 10:58 . 2003-07-16 12:16 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-14 10:57 . 2001-08-17 23:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2008-04-14 10:49 . 2003-02-14 18:22 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-04-14 10:45 . 2008-04-14 10:45 299,552 --a------ C:\WINDOWS\WMSysPrx.prx
2008-04-14 10:45 . 2008-04-14 10:45 25,065 --a------ C:\WINDOWS\system32\wmpscheme.xml
2008-04-14 10:44 . 2008-04-14 10:44 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-14 10:42 . 2007-08-21 02:15 683,520 --a------ C:\WINDOWS\system32\inetcomm.dll
2008-04-14 10:40 . 2006-11-13 02:02 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll
2008-04-14 10:38 . 2004-08-04 02:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-04-14 10:38 . 2006-06-14 04:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-14 09:57 . 2004-08-04 01:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 09:54 . 2004-08-04 03:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-04-14 09:54 . 2004-08-04 03:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-04-14 09:53 . 2004-08-04 02:01 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2008-04-14 09:53 . 2004-08-04 04:01 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008-04-10 15:47 . 2008-04-10 15:47 <DIR> d-------- C:\WINDOWS\system32\3541
2008-04-10 15:46 . 2008-04-10 15:46 1,086,376 --a------ C:\Documents and Settings\jesse wool\Application Data\Install.dat
2008-04-10 15:46 . 2008-04-10 15:46 55,218 --a------ C:\WINDOWS\zeqbqwp.sys
2008-04-10 15:46 . 2008-04-10 15:46 25,088 --a------ C:\WINDOWS\gavurjjf.exe
2008-04-10 15:46 . 2008-04-10 15:46 25,088 --a------ C:\gavurjjf.exe
2008-04-10 15:44 . 2008-04-10 15:44 29 --a------ C:\WINDOWS\system32\yeqfhoai.tmp
2008-04-10 15:43 . 2008-04-15 07:33 31 --a------ C:\smp.bat
2008-04-10 12:33 . 2008-04-10 12:33 <DIR> d-------- C:\Documents and Settings\jesse wool\Application Data\Viewpoint
2008-03-28 12:44 . 2008-03-28 12:44 <DIR> d-------- C:\Program Files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 17:38 167,545 ------w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-04-15 14:54 --------- d-----w C:\Program Files\QuickTime
2008-04-15 14:53 --------- d-----w C:\Program Files\iTunes
2008-04-15 14:53 --------- d-----w C:\Program Files\Dell Support
2008-04-15 13:52 --------- d-----w C:\Documents and Settings\jesse wool\Application Data\AVG7
2008-04-15 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-14 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-04-14 15:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-09 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-28 16:56 --------- d-----w C:\Documents and Settings\jesse wool\Application Data\Apple Computer
2008-03-26 14:25 --------- d-----w C:\Program Files\WB06D2SE
2008-02-23 15:18 513 ----a-w C:\logfile.dat
2008-02-23 15:00 --------- d-----w C:\Program Files\DIFX
2008-02-23 14:58 --------- d-----w C:\Program Files\LeapFrog
2008-02-23 14:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Leapfrog
2008-02-20 13:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
.
<pre>
----a-w		   155,648 2007-12-23 16:45:45  C:\Program Files\Apoint\Apoint .exe
----a-w			81,920 2007-12-23 16:46:20  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w		   221,184 2007-12-23 16:46:16  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w			50,688 2007-12-23 16:46:34  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
----a-w		   290,816 2007-12-23 16:45:55  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w			68,856 2007-12-23 16:46:55  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		   579,072 2007-12-23 16:46:37  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w		   385,024 2007-12-23 16:45:51  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w		   267,048 2008-04-15 13:12:56  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		   669,000 2008-04-15 13:13:03  C:\Program Files\LeapFrog\FlyWorld\bin\FlyMonitor .exe
----a-w		 5,674,352 2007-12-23 16:47:15  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w		 8,699,904 2008-04-14 16:37:35  C:\Program Files\MySpace\IM\MySpaceIM .exe
----a-w		   122,959 2007-12-23 16:46:30  C:\Program Files\Novatel Wireless\SprintPort\SprintPortA .exe
----a-w		   385,024 2008-04-15 13:13:02  C:\Program Files\QuickTime\qttask .exe
----a-w		   158,208 2008-04-15 13:13:27  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w			15,360 2008-04-15 13:13:36  C:\WINDOWS\system32\ctfmon .exe
----a-w		   127,035 2007-12-23 16:46:04  C:\WINDOWS\system32\dla\tfswctrl .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-15 14:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 13:08 579584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-20 16:34 6725632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [ ]
"jdgf894jrghoiiskd"="C:\WINDOWS\TEMP\winlogan.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-15 09:17 219136]

C:\Documents and Settings\jesse wool\Start Menu\Programs\Startup\
Wireless Connection Manager Update.lnk - C:\Program Files\Novatel Wireless\WirelessConnectionManager\WiseUpdt.exe [2005-10-30 14:20:20 168349]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-09-26 15:38:19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"cKHI1O14Xz"= C:\Documents and Settings\All Users\Application Data\wdkbqdwn\wvezedol.exe
"3RDhGzmOOi"= C:\Documents and Settings\All Users\Application Data\wdkbqdwn\wvezedol.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-15 14:03 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqnkhe]
awtqnkhe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbba]
efccbba.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhiji]
mljhiji.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drivesystem]
C:\WINDOWS\System32\maxpaynowti1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-09-14 09:50 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-09-14 09:50 131072 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\myspaceim]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntuser]
C:\WINDOWS\system32\drivers\spools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon]
--a------ 2005-06-20 16:34 6725632 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-06-20 16:34 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-04-15 09:13 385024 C:\Program Files\QuickTime\qttask .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-09-26 15:53 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Rosetta Stone\\SMS v3.1.0hs\\server.exe"=
"C:\\Program Files\\Rosetta Stone\\SMS v3.1.0hs\\admin.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYWorld.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 nwlnknbb;nwlnknbb;C:\WINDOWS\system32\drivers\nwlnknbb.sys [2008-01-30 11:03]
R2 plugplayrpc;Plug and Play (RPC);C:\WINDOWS\winsysxz.exe service []
R2 SprintPort;SprintPort Serial Driver;C:\Program Files\Novatel Wireless\SprintPort\WINPORT.SYS [2002-05-07 17:35]
S1 SocketQuadSerial;Novatel Wireless CDMA 1.9GHz Modem driver;C:\WINDOWS\system32\DRIVERS\nvtlg2k.sys [2001-10-26 13:13]
S2 SMS_v3_1_0;SMS_v3_1_0;"C:\Program Files\Rosetta Stone\SMS v3.1.0hs\wrapper.exe" -s "C:\Program Files\Rosetta Stone\SMS v3.1.0hs\service\wrapper.conf" []
S3 FlyUsb;FLY Fusion;C:\WINDOWS\system32\DRIVERS\FlyUsb.sys [2007-09-05 16:26]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 23:31:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-01-26 11:59:27 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1161214978.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 15:43:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\drivers\Sdb18.sys 167936 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sdb18]

.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\winsysxz.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-04-15 15:49:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 19:49:31

Pre-Run: 59,150,639,104 bytes free
Post-Run: 59,054,768,128 bytes free
.
2008-04-15 08:39:35 --- E O F ---
  • 0

#20
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Good :), please run MBAM while I go through this log.
  • 0

#21
wadeb_21

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
Below is my MBAM log. Thanks again RatHat

Malwarebytes' Anti-Malware 1.11
Database version: 633

Scan type: Quick Scan
Objects scanned: 32719
Time elapsed: 7 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 45
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{06faccd2-c7bb-4612-88de-338120477578} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0bc37c25-432c-4ec4-95b4-0f860c1bdfe3} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{18c0c3dc-9b12-45c8-8243-11a32babc050} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{20b5789d-76b8-41c3-92d2-72b322d0d81d} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248c5ea6-af58-4a11-97a4-72b183232e58} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e8986d0-b571-4a3a-a831-0621cfcd7be1} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30073d4c-957a-4a2b-8dc7-ff57ea3d3dfb} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30576ee7-054c-4faf-801b-703845928839} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59fe90af-3bf6-489b-9181-b1ee2a6ce64a} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65f3c1a2-ec45-445f-b2e5-7fff05344ca0} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{78f4493f-42f4-4ef6-a417-042dd0a7e0af} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{818dd1ed-83b4-4ef0-99f9-e4a6d73e2456} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{853be7bd-f267-4750-b072-2b6b11d3d70c} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8eb10171-6058-4822-baf3-3da829caca4e} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{91a4a1c5-7fe7-41f1-9d23-cee9d3064175} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{91bd0deb-7196-46b1-9cd0-c26b7b3ab72e} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{93c9f61d-51b6-47ee-8fe5-36185021222b} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99bcd932-0d63-4f7e-8faa-dbd12b9f494c} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9b99e76d-9081-41c2-ae6e-e43cf752ac71} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9da1ffd9-3cd7-4cb5-8c0b-dcdea5663ae0} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{abe1716e-6f32-4d6f-8f3d-73425d396bdb} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ae4a9ec4-1dfe-425f-8fc7-501fb6cbf132} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c53fef45-3339-4d96-83c7-2f4bf389fa7b} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cd0ab90e-4a7f-4f0e-9cfa-5cc428649265} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0271652-93b4-4bc5-afc7-fb41e0d5004c} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e187f1a7-86bf-4df8-8d3c-33c1d1e50f3a} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e98f32d4-89dd-4e7d-96b8-e1b8d1c22eb2} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f3847cce-f74a-43ea-a323-3ac984c3443e} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ffe3c26d-fa6d-4884-bd7a-bc1d778eee94} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f4aaeb6d-3735-45aa-a22b-924cc4882d9c} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cf26fac0-7d4e-46d8-ae64-b277b11443ac} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d4a714f6-af40-4425-b708-ff03cbbc0a84} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{abbe25b1-be73-4744-b520-b1c73711c88c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ecf15ed5-d379-484f-9b33-356630682f1c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3c40e9cb-6ee3-4d48-8d73-1bdbf05a9683} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fd74a196-be7f-4a94-ba77-b75ddd098cb6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{23034122-fc83-4d09-9452-9840b6545abf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\iSecurity (Rouge.ISecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\icasServ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BndBlock4.DLL (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{41b15c1c-2c15-49e4-b6a4-c940f885290e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\omlbpkaw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pmsoarbf (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\403445 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\IE Extensions (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\icjamlp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\zeqbqwp.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\qaszpurn.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.
C:\Documents and Settings\jesse wool\Application Data\Install.dat (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0

#22
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\winhttp.dll
C:\WINDOWS\system32\oathjtgu.ini
C:\WINDOWS\system32\tuskgnle.ini
C:\icjamlp.exe
C:\WINDOWS\winsysxz.exe
C:\WINDOWS\qaszpurn.sys
C:\WINDOWS\antispl.exe
C:\WINDOWS\system32\xpsp1hfm.exe
C:\WINDOWS\zeqbqwp.sys
C:\WINDOWS\gavurjjf.exe
C:\gavurjjf.exe
C:\WINDOWS\system32\yeqfhoai.tmp
C:\smp.bat
C:\WINDOWS\System32\maxpaynowti1.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\drivers\nwlnknbb.sys

Folder::
C:\Documents and Settings\jesse wool\Application Data\Viewpoint

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"jdgf894jrghoiiskd"=-

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"cKHI1O14Xz"=-
"3RDhGzmOOi"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqnkhe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbba]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhiji]

RENV::
----a-w		   155,648 2007-12-23 16:45:45  C:\Program Files\Apoint\Apoint .exe
----a-w			81,920 2007-12-23 16:46:20  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w		   221,184 2007-12-23 16:46:16  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w			50,688 2007-12-23 16:46:34  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
----a-w		   290,816 2007-12-23 16:45:55  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w			68,856 2007-12-23 16:46:55  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		   579,072 2007-12-23 16:46:37  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w		   385,024 2007-12-23 16:45:51  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w		   267,048 2008-04-15 13:12:56  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		   669,000 2008-04-15 13:13:03  C:\Program Files\LeapFrog\FlyWorld\bin\FlyMonitor .exe
----a-w		 5,674,352 2007-12-23 16:47:15  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w		 8,699,904 2008-04-14 16:37:35  C:\Program Files\MySpace\IM\MySpaceIM .exe
----a-w		   122,959 2007-12-23 16:46:30  C:\Program Files\Novatel Wireless\SprintPort\SprintPortA .exe
----a-w		   385,024 2008-04-15 13:13:02  C:\Program Files\QuickTime\qttask .exe
----a-w		   158,208 2008-04-15 13:13:27  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w			15,360 2008-04-15 13:13:36  C:\WINDOWS\system32\ctfmon .exe
----a-w		   127,035 2007-12-23 16:46:04  C:\WINDOWS\system32\dla\tfswctrl .exe

FileLook::
C:\1020091134

DirLook::
C:\WINDOWS\system32\4847
C:\WINDOWS\system32\3541
C:\Program Files\WB06D2SE

Suspect::
C:\WINDOWS\system32\drivers\Sdb18.sys


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. Additonally, ComboFix will generate the following files on your desktop
  • A zipped file on your desktop called Submit [Date Time].zip
  • And another file named - CF-Submit.htm
6. ComboFix may need to reboot to finish its work. Let it.

6. When CF has finished running, it will generate the ComboFix.log which will appear on your screen.

7. If CF-Submit.htm is detected, ComboFix will generate this message box:

Posted Image

Clicking OK will cause the machine's browser to load CF-Submit.htm

Posted Image

8. Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.
  • Click on the file to Select it.
  • Submit the file by clicking "OK"
9. Once the file has been submitted, please DELETE both files on your desktop.

10. Post the following reports/logs into your next reply:
  • Combofix.txt
  • A new DSS log (run after ComboFix has finished its work.)

  • 0

#23
wadeb_21

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
RatHat I'm in the process of getting the last two logs you requested. I had to leave rather quickly yesterday so I wasn't able to finish. I will have the logs posted shortly. Thanks again.
  • 0

#24
wadeb_21

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
Rathat below is the Combofix.txt log. My next post will have the New DSS log

ComboFix 08-04-14.2 - jesse wool 2008-04-16 7:39:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.631 [GMT -4:00]
Running from: C:\Documents and Settings\jesse wool\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jesse wool\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\gavurjjf.exe
C:\icjamlp.exe
C:\smp.bat
C:\WINDOWS\antispl.exe
C:\WINDOWS\gavurjjf.exe
C:\WINDOWS\qaszpurn.sys
C:\WINDOWS\system32\drivers\nwlnknbb.sys
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\System32\maxpaynowti1.exe
C:\WINDOWS\system32\oathjtgu.ini
C:\WINDOWS\system32\tuskgnle.ini
C:\WINDOWS\system32\winhttp.dll
C:\WINDOWS\system32\xpsp1hfm.exe
C:\WINDOWS\system32\yeqfhoai.tmp
C:\WINDOWS\winsysxz.exe
C:\WINDOWS\zeqbqwp.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\jesse wool\Application Data\Viewpoint
C:\Documents and Settings\jesse wool\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\jesse wool\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\jesse wool\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\jesse wool\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
C:\Documents and Settings\jesse wool\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx
C:\gavurjjf.exe
C:\smp.bat
C:\temp\tn3
C:\WINDOWS\antispl.exe
C:\WINDOWS\gavurjjf.exe
C:\WINDOWS\system32\drivers\nwlnknbb.sys
C:\WINDOWS\system32\oathjtgu.ini
C:\WINDOWS\system32\tuskgnle.ini
C:\WINDOWS\system32\winhttp.dll
C:\WINDOWS\system32\xpsp1hfm.exe
C:\WINDOWS\system32\yeqfhoai.tmp
C:\WINDOWS\winsysxz.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_nwlnknbb
-------\Legacy_plugplayrpc
-------\nwlnknbb
-------\plugplayrpc


((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-16 09:00 . 2008-04-16 09:00 29 --a------ C:\WINDOWS\system32\qyioahfe.tmp
2008-04-15 15:59 . 2008-04-15 15:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-15 15:59 . 2008-04-15 15:59 <DIR> d-------- C:\Documents and Settings\jesse wool\Application Data\Malwarebytes
2008-04-15 15:59 . 2008-04-15 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-15 15:05 . 2008-04-15 11:39 <DIR> d-------- C:\SDFix
2008-04-15 14:06 . 2008-04-15 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-15 14:00 . 2008-04-15 14:00 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\AVG7
2008-04-15 13:53 . 2006-10-04 10:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-15 13:53 . 2006-10-04 10:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-15 13:53 . 2006-10-04 10:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-15 13:32 . 2008-03-01 09:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-15 13:32 . 2007-06-30 23:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-15 13:32 . 2007-06-30 23:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-15 13:32 . 2008-03-01 09:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-15 13:32 . 2008-03-01 09:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-15 13:32 . 2008-03-01 09:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-15 13:32 . 2008-04-15 13:32 114,688 --a------ C:\WINDOWS\system32\dahwhixe.exe
2008-04-15 13:32 . 2008-03-01 09:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-15 13:32 . 2008-03-01 09:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-15 13:32 . 2008-02-22 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-15 13:18 . 2008-04-15 13:51 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-15 13:17 . 2008-02-20 01:32 45,568 -----c--- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-04-15 13:14 . 2007-07-12 19:31 765,952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2008-04-15 13:14 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-15 12:38 . 2008-04-15 12:38 <DIR> d-------- C:\Deckard
2008-04-15 10:55 . 2008-04-15 14:03 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-15 10:55 . 2008-04-15 10:55 <DIR> d-------- C:\Documents and Settings\jesse wool\Application Data\SUPERAntiSpyware.com
2008-04-15 10:55 . 2008-04-15 10:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-15 09:17 . 2008-04-15 09:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-15 09:13 . 2008-04-15 09:13 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-04-15 08:26 . 2008-04-15 08:27 <DIR> d-------- C:\WINDOWS\system32\spool
2008-04-14 17:07 . 2008-04-14 17:07 <DIR> d-------- C:\Documents and Settings\jesse wool\Application Data\TmpRecentIcons
2008-04-14 16:38 . 2008-04-14 16:38 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-14 15:59 . 2002-04-15 22:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-04-14 15:59 . 2007-08-13 18:06 56,700 --a------ C:\WINDOWS\system32\ieuinit.inf
2008-04-14 15:59 . 2004-08-02 15:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-04-14 15:59 . 2004-08-02 15:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-04-14 15:24 . 2008-04-15 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\wdkbqdwn
2008-04-14 14:26 . 2008-04-14 14:26 <DIR> d--hs---- C:\Documents and Settings\ADMIN\UserData
2008-04-14 14:20 . 2005-09-26 15:50 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Jasc Software Inc
2008-04-14 14:20 . 2005-09-26 15:35 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Intel
2008-04-14 14:20 . 2005-09-26 15:59 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Gtek
2008-04-14 14:20 . 2008-04-15 10:53 <DIR> d-------- C:\Documents and Settings\ADMIN
2008-04-14 14:16 . 2008-04-14 14:16 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-14 14:15 . 2004-08-04 03:56 351,232 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
2008-04-14 14:15 . 2004-08-04 03:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-14 12:22 . 2007-07-30 20:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-14 12:04 . 2008-04-14 12:04 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-14 11:30 . 2008-04-14 11:47 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 11:29 . 2008-04-14 11:29 2 --a------ C:\1020091134
2008-04-14 11:08 . 2008-04-15 16:18 <DIR> d-------- C:\WINDOWS\system32\4847
2008-04-14 11:01 . 2004-08-04 02:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime
2008-04-14 11:01 . 2004-08-04 02:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime
2008-04-14 11:01 . 2004-08-04 02:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime
2008-04-14 11:01 . 2004-08-04 02:04 65,536 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime
2008-04-14 10:59 . 2003-07-16 12:17 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-04-14 10:58 . 2003-07-16 12:16 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-14 10:57 . 2001-08-17 23:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2008-04-14 10:45 . 2008-04-14 10:45 299,552 --a------ C:\WINDOWS\WMSysPrx.prx
2008-04-14 10:45 . 2008-04-14 10:45 25,065 --a------ C:\WINDOWS\system32\wmpscheme.xml
2008-04-14 10:44 . 2008-04-14 10:44 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-14 10:42 . 2007-08-21 02:15 683,520 --a------ C:\WINDOWS\system32\inetcomm.dll
2008-04-14 10:40 . 2006-11-13 02:02 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll
2008-04-14 10:38 . 2004-08-04 02:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-04-14 10:38 . 2006-06-14 04:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-14 09:57 . 2004-08-04 01:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 09:54 . 2004-08-04 03:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-04-14 09:54 . 2004-08-04 03:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-04-14 09:53 . 2004-08-04 02:01 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2008-04-14 09:53 . 2004-08-04 04:01 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008-04-10 15:47 . 2008-04-10 15:47 <DIR> d-------- C:\WINDOWS\system32\3541
2008-03-28 12:44 . 2008-03-28 12:44 <DIR> d-------- C:\Program Files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 13:05 --------- d-----w C:\Documents and Settings\jesse wool\Application Data\AVG7
2008-04-16 11:39 --------- d-----w C:\Program Files\QuickTime
2008-04-16 11:39 --------- d-----w C:\Program Files\MSN Messenger
2008-04-16 11:39 --------- d-----w C:\Program Files\iTunes
2008-04-16 11:39 --------- d-----w C:\Program Files\Apoint
2008-04-15 14:53 --------- d-----w C:\Program Files\Dell Support
2008-04-15 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-14 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-04-14 15:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-09 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-28 16:56 --------- d-----w C:\Documents and Settings\jesse wool\Application Data\Apple Computer
2008-03-26 14:25 --------- d-----w C:\Program Files\WB06D2SE
2008-02-23 15:18 513 ----a-w C:\logfile.dat
2008-02-23 15:00 --------- d-----w C:\Program Files\DIFX
2008-02-23 14:58 --------- d-----w C:\Program Files\LeapFrog
2008-02-23 14:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Leapfrog
2008-02-20 13:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

- Not a PE file.

---- Directory of C:\Program Files\WB06D2SE ----

2008-03-26 10:25 445 --a------ C:\Program Files\WB06D2SE\wb06d2se.ini
2008-03-26 10:25 2 --a------ C:\Program Files\WB06D2SE\Sticky.nte
2008-03-26 10:25 2 --a------ C:\Program Files\WB06D2SE\Hilite.dat
2008-02-18 19:38 25298944 --a------ C:\Program Files\WB06D2SE\wb06d2.mdb
2005-07-26 14:12 3649637 --a------ C:\Program Files\WB06D2SE\wb06d2se.exe
2005-07-26 14:09 811008 --a------ C:\Program Files\WB06D2SE\wb_res0.dll
2005-07-26 14:09 802816 --a------ C:\Program Files\WB06D2SE\Wizards\Timeline.exe
2005-07-26 14:09 614400 --a------ C:\Program Files\WB06D2SE\Wizards\TLViewer.exe
2005-07-26 14:09 1634304 --a------ C:\Program Files\WB06D2SE\wb_res2.dll
2005-07-26 14:09 1122304 --a------ C:\Program Files\WB06D2SE\wb_res1.dll
2005-07-26 14:08 802816 --a------ C:\Program Files\WB06D2SE\Wizards\ChartWiz.exe
2005-07-26 14:08 49260 --a------ C:\Program Files\WB06D2SE\Notepad.exe
2005-07-26 14:08 32875 --a------ C:\Program Files\WB06D2SE\info_dat\STA\STA.exe
2005-07-26 14:08 2453504 --a------ C:\Program Files\WB06D2SE\Wizards\webwiz.exe
2005-07-26 14:08 2183168 --a------ C:\Program Files\WB06D2SE\Wizards\quizwiz.exe
2005-07-26 14:08 1839104 --a------ C:\Program Files\WB06D2SE\Wizards\Report.exe
2005-07-25 20:33 577061 --a------ C:\Program Files\WB06D2SE\info_dat\DistCalc.dat
2005-07-25 20:33 2709 --a------ C:\Program Files\WB06D2SE\info_dat\map_loc.ndx
2005-07-25 20:33 1248 --a------ C:\Program Files\WB06D2SE\info_dat\DistCalc.ndx
2005-07-25 20:33 1118468 --a------ C:\Program Files\WB06D2SE\info_dat\map_loc.dat
2005-07-07 19:35 23998 --a------ C:\Program Files\WB06D2SE\Readme.txt
2005-07-07 15:31 1423249 --a------ C:\Program Files\WB06D2SE\WB06D2SE.HLP
2005-07-07 15:31 1213 --a------ C:\Program Files\WB06D2SE\Wb06d2se.cnt
2005-06-29 18:03 5718 --a------ C:\Program Files\WB06D2SE\jlookcd2.dat
2005-06-29 18:03 4629 --a------ C:\Program Files\WB06D2SE\jlshow.ndx
2005-06-29 18:03 455312 --a------ C:\Program Files\WB06D2SE\jlookcd1.dat
2005-06-29 18:03 24 --a------ C:\Program Files\WB06D2SE\jlookcd2.ndx
2005-06-29 18:03 1263287 --a------ C:\Program Files\WB06D2SE\jlshow.dat
2005-06-29 18:03 1151 --a------ C:\Program Files\WB06D2SE\jlookcd1.ndx
2005-06-29 17:50 716119 --a------ C:\Program Files\WB06D2SE\info_dat\rom_link.dat
2005-06-29 17:50 70208550 --a------ C:\Program Files\WB06D2SE\occurenc.lst
2005-06-29 17:50 2184192 --a------ C:\Program Files\WB06D2SE\info_dat\keyword.rev
2005-06-29 17:50 2184192 --a------ C:\Program Files\WB06D2SE\info_dat\keyword.lst
2005-06-29 17:50 12804 --a------ C:\Program Files\WB06D2SE\info_dat\revkwmst.ndx
2005-06-29 17:50 12804 --a------ C:\Program Files\WB06D2SE\info_dat\kwmst.ndx
2005-06-29 17:50 1158624 --a------ C:\Program Files\WB06D2SE\titlelnk.dat
2005-06-29 17:50 11526144 --a------ C:\Program Files\WB06D2SE\ssubject.ndx
2005-06-29 17:50 11256 --a------ C:\Program Files\WB06D2SE\info_dat\master.ndx
2005-06-29 17:23 45141291 --a------ C:\Program Files\WB06D2SE\info_dat\Articles.dat
2005-06-29 17:23 413400 --a------ C:\Program Files\WB06D2SE\info_dat\Articles.idx
2005-06-27 19:55 308196 --a------ C:\Program Files\WB06D2SE\info_dat\splash.bmp
2005-06-22 21:17 16825 --a------ C:\Program Files\WB06D2SE\Wizards\Db\TLINELOC.TXT
2005-06-17 20:39 885052 --a------ C:\Program Files\WB06D2SE\info_dat\sound\au008570.m4a
2005-06-17 20:39 627011 --a------ C:\Program Files\WB06D2SE\info_dat\sound\au008573.m4a
2005-06-17 20:39 511780 --a------ C:\Program Files\WB06D2SE\info_dat\sound\au008579.m4a
2005-06-17 20:39 488924 --a------ C:\Program Files\WB06D2SE\info_dat\sound\au008581.m4a
2005-06-17 20:39 470080 --a------ C:\Program Files\WB06D2SE\info_dat\sound\au008572.m4a
2005-06-17 20:39 329160 --a------ C:\Program Files\WB06D2SE\info_dat\sound\au008580.m4a
2005-06-17 20:39 290462 --a------ C:\Program Files\WB06D2SE\info_dat\sound\au008567.m4a
2005-06-17 20:39 251853 --a------ C:\Program Files\WB06D2SE\info_dat\sound\au008568.m4a
2005-06-17 20:39 186474 --a------ C:\Program Files\WB06D2SE\info_dat\sound\au008569.m4a
2005-06-17 20:39 159791 --a------ C:\Program Files\WB06D2SE\info_dat\sound\au008566.m4a
2005-06-17 20:39 1153063 --a------ C:\Program Files\WB06D2SE\info_dat\sound\au008564.m4a
2005-06-17 14:37 12447 --a------ C:\Program Files\WB06D2SE\info_dat\LICNENGL.TXT
2005-06-10 18:28 6263 --a------ C:\Program Files\WB06D2SE\info_dat\WB06CRD.HTM
2005-06-10 18:18 4668 --a------ C:\Program Files\WB06D2SE\info_dat\WB06ACK.HTM
2005-06-05 20:12 325166932 --a------ C:\Program Files\WB06D2SE\info_dat\Media1.dat
2005-06-05 20:12 154472 --a------ C:\Program Files\WB06D2SE\info_dat\Media1.idx
2005-05-13 00:48 15094 --a------ C:\Program Files\WB06D2SE\Download\YB206902.rcv
2005-05-13 00:48 14784 --a------ C:\Program Files\WB06D2SE\Download\YB206911.rcv
2005-05-13 00:48 14784 --a------ C:\Program Files\WB06D2SE\Download\YB205911.rcv
2005-05-13 00:48 14103 --a------ C:\Program Files\WB06D2SE\Download\YB206906.rcv
2005-05-13 00:48 14065 --a------ C:\Program Files\WB06D2SE\Download\YB206901.rcv
2005-05-13 00:48 13723 --a------ C:\Program Files\WB06D2SE\Download\YB206909.rcv
2005-05-13 00:48 13723 --a------ C:\Program Files\WB06D2SE\Download\YB205909.rcv
2005-05-13 00:48 13398 --a------ C:\Program Files\WB06D2SE\Download\YB206912.rcv
2005-05-13 00:48 13396 --a------ C:\Program Files\WB06D2SE\Download\YB205912.rcv
2005-05-13 00:48 13340 --a------ C:\Program Files\WB06D2SE\Download\YB206908.rcv
2005-05-13 00:48 13340 --a------ C:\Program Files\WB06D2SE\Download\YB205908.rcv
2005-05-13 00:48 13042 --a------ C:\Program Files\WB06D2SE\Download\YB205907.rcv
2005-05-13 00:48 13019 --a------ C:\Program Files\WB06D2SE\Download\YB206907.rcv
2005-05-13 00:48 12482 --a------ C:\Program Files\WB06D2SE\Download\YB205910.rcv
2005-05-13 00:48 12481 --a------ C:\Program Files\WB06D2SE\Download\YB206910.rcv
2005-05-13 00:48 12028 --a------ C:\Program Files\WB06D2SE\Download\YB206905.rcv
2005-05-13 00:48 12022 --a------ C:\Program Files\WB06D2SE\Download\YB206904.rcv
2005-05-13 00:48 11468 --a------ C:\Program Files\WB06D2SE\Download\YB206903.rcv
2004-09-16 20:55 98402 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008290.m4a
2004-09-16 20:55 94411 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008288.m4a
2004-09-16 20:55 90829 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008297.m4a
2004-09-16 20:55 87138 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008291.m4a
2004-09-16 20:55 86763 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008293.m4a
2004-09-16 20:55 85174 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008289.m4a
2004-09-16 20:55 82242 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008294.m4a
2004-09-16 20:55 73061 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008292.m4a
2004-09-16 20:55 71240 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008295.m4a
2004-09-16 20:55 126230 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008287.m4a
2004-09-16 20:55 113112 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008296.m4a
2004-09-16 20:55 111879 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008299.m4a
2004-09-16 20:55 105069 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008298.m4a
2004-09-16 20:54 95238 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008283.m4a
2004-09-16 20:54 91015 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008277.m4a
2004-09-16 20:54 86653 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008286.m4a
2004-09-16 20:54 82879 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008282.m4a
2004-09-16 20:54 68967 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008280.m4a
2004-09-16 20:54 122333 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008281.m4a
2004-09-16 20:54 111059 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008278.m4a
2004-09-16 20:54 107182 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008285.m4a
2004-09-16 20:54 104176 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008279.m4a
2004-09-16 20:54 103057 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008284.m4a
2004-09-16 20:53 96382 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008265.m4a
2004-09-16 20:53 95709 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008270.m4a
2004-09-16 20:53 94319 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008274.m4a
2004-09-16 20:53 92767 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008268.m4a
2004-09-16 20:53 90976 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008266.m4a
2004-09-16 20:53 89744 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008267.m4a
2004-09-16 20:53 85224 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008272.m4a
2004-09-16 20:53 81997 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008276.m4a
2004-09-16 20:53 117993 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008269.m4a
2004-09-16 20:53 105842 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008264.m4a
2004-09-16 20:53 105185 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008275.m4a
2004-09-16 20:53 104171 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008273.m4a
2004-09-16 20:53 101247 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008271.m4a
2004-09-16 20:52 97826 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008262.m4a
2004-09-16 20:52 93393 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008259.m4a
2004-09-16 20:52 92900 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008261.m4a
2004-09-16 20:52 90234 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008257.m4a
2004-09-16 20:52 79223 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008258.m4a
2004-09-16 20:52 71972 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008263.m4a
2004-09-16 20:52 115467 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008260.m4a
2004-09-16 20:52 108546 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008256.m4a
2004-09-16 20:51 94095 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008247.m4a
2004-09-16 20:51 92430 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008244.m4a
2004-09-16 20:51 75167 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008250.m4a
2004-09-16 20:51 71557 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008254.m4a
2004-09-16 20:51 138306 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008252.m4a
2004-09-16 20:51 131700 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008249.m4a
2004-09-16 20:51 110000 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008248.m4a
2004-09-16 20:51 105445 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008245.m4a
2004-09-16 20:51 103826 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008255.m4a
2004-09-16 20:51 103414 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008253.m4a
2004-09-16 20:51 101067 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008251.m4a
2004-09-16 20:51 100655 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008246.m4a
2004-09-16 20:50 95835 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008237.m4a
2004-09-16 20:50 93597 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008232.m4a
2004-09-16 20:50 90939 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008243.m4a
2004-09-16 20:50 83776 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008239.m4a
2004-09-16 20:50 83276 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008230.m4a
2004-09-16 20:50 83158 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008236.m4a
2004-09-16 20:50 83119 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008235.m4a
2004-09-16 20:50 79021 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008229.m4a
2004-09-16 20:50 58945 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008240.m4a
2004-09-16 20:50 124644 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008238.m4a
2004-09-16 20:50 120854 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008241.m4a
2004-09-16 20:50 115758 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008231.m4a
2004-09-16 20:50 111492 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008234.m4a
2004-09-16 20:50 104706 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008233.m4a
2004-09-16 20:50 103789 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008242.m4a
2004-09-16 20:49 99415 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008215.m4a
2004-09-16 20:49 97624 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008225.m4a
2004-09-16 20:49 95438 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008217.m4a
2004-09-16 20:49 90725 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008221.m4a
2004-09-16 20:49 90020 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008223.m4a
2004-09-16 20:49 89864 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008227.m4a
2004-09-16 20:49 86938 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008219.m4a
2004-09-16 20:49 84665 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008220.m4a
2004-09-16 20:49 75193 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008222.m4a
2004-09-16 20:49 70668 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008218.m4a
2004-09-16 20:49 68824 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008226.m4a
2004-09-16 20:49 68409 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008216.m4a
2004-09-16 20:49 61075 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008228.m4a
2004-09-16 20:48 96427 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008209.m4a
2004-09-16 20:48 90834 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008212.m4a
2004-09-16 20:48 84551 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008210.m4a
2004-09-16 20:48 78483 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008208.m4a
2004-09-16 20:48 78407 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008214.m4a
2004-09-16 20:48 72339 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008207.m4a
2004-09-16 20:48 66098 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008213.m4a
2004-09-16 20:48 61600 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008211.m4a
2004-09-16 20:47 95447 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008205.m4a
2004-09-16 20:47 87721 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008203.m4a
2004-09-16 20:47 80935 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008206.m4a
2004-09-16 20:47 78556 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008200.m4a
2004-09-16 20:47 60655 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008201.m4a
2004-09-16 20:47 57779 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008202.m4a
2004-09-16 20:47 109480 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008204.m4a
2004-09-16 20:42 632882 --a------ C:\Program Files\WB06D2SE\info_dat\sound\au008565.m4a
2004-09-16 20:41 338825 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008556.m4a
2004-09-16 20:41 254658 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008562.m4a
2004-09-16 20:41 177152 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008559.m4a
2004-09-16 20:41 145983 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008558.m4a
2004-09-16 20:41 138077 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008561.m4a
2004-09-16 20:41 125823 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008560.m4a
2004-09-16 20:40 439134 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008555.m4a
2004-09-16 20:40 345349 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008553.m4a
2004-09-16 20:40 195443 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008554.m4a
2004-09-16 20:39 687255 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008551.m4a
2004-09-16 20:39 429897 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008552.m4a
2004-09-16 20:39 355999 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008549.m4a
2004-09-16 20:39 127097 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008550.m4a
2004-09-16 20:38 42667 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008542.m4a
2004-09-16 20:38 35700 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008545.m4a
2004-09-16 20:38 317373 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008547.m4a
2004-09-16 20:38 301479 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008548.m4a
2004-09-16 20:38 27000 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008543.m4a
2004-09-16 20:38 168380 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008544.m4a
2004-09-16 20:38 166038 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008546.m4a
2004-09-16 20:37 583430 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008537.m4a
2004-09-16 20:37 422510 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008541.m4a
2004-09-16 20:37 325445 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008538.m4a
2004-09-16 20:37 155318 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008539.m4a
2004-09-16 20:36 412735 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008535.m4a
2004-09-16 20:36 406209 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008533.m4a
2004-09-16 20:36 389430 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008536.m4a
2004-09-16 20:36 386383 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008534.m4a
2004-09-16 20:35 51405 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008520.m4a
2004-09-16 20:35 48087 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008521.m4a
2004-09-16 20:35 44925 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008530.m4a
2004-09-16 20:35 44698 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008523.m4a
2004-09-16 20:35 37982 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008531.m4a
2004-09-16 20:35 30967 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008522.m4a
2004-09-16 20:35 203319 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008532.m4a
2004-09-16 20:35 151278 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008529.m4a
2004-09-16 20:35 144045 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008519.m4a
2004-09-16 20:34 97514 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008506.m4a
2004-09-16 20:34 94711 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008504.m4a
2004-09-16 20:34 85553 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008500.m4a
2004-09-16 20:34 63022 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008501.m4a
2004-09-16 20:34 59546 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008503.m4a
2004-09-16 20:34 51966 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008508.m4a
2004-09-16 20:34 38376 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008516.m4a
2004-09-16 20:34 35712 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008507.m4a
2004-09-16 20:34 31606 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008502.m4a
2004-09-16 20:34 205624 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008514.m4a
2004-09-16 20:34 198175 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008517.m4a
2004-09-16 20:31 74302 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008496.m4a
2004-09-16 20:31 62768 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008498.m4a
2004-09-16 20:31 49542 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008499.m4a
2004-09-16 20:31 191428 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008489.m4a
2004-09-16 20:31 191093 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008497.m4a
2004-09-16 20:30 98067 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008474.m4a
2004-09-16 20:30 71104 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008477.m4a
2004-09-16 20:30 56438 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008476.m4a
2004-09-16 20:30 51961 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008480.m4a
2004-09-16 20:30 49379 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008488.m4a
2004-09-16 20:30 48416 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008481.m4a
2004-09-16 20:30 44803 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008475.m4a
2004-09-16 20:30 43685 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008473.m4a
2004-09-16 20:30 38041 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008478.m4a
2004-09-16 20:30 28688 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008482.m4a
2004-09-16 20:30 185225 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008479.m4a
2004-09-16 20:30 172876 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008483.m4a
2004-09-16 20:29 59974 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008470.m4a
2004-09-16 20:29 59891 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008438.m4a
2004-09-16 20:29 58196 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008472.m4a
2004-09-16 20:29 55733 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008436.m4a
2004-09-16 20:29 53069 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008437.m4a
2004-09-16 20:29 50161 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008471.m4a
2004-09-16 20:29 38269 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008463.m4a
2004-09-16 20:29 31999 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008445.m4a
2004-09-16 20:29 213604 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008465.m4a
2004-09-16 20:29 147784 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008468.m4a
2004-09-16 20:29 134139 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008466.m4a
2004-09-16 20:29 110572 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008467.m4a
2004-09-16 20:28 92356 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008428.m4a
2004-09-16 20:28 66798 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008431.m4a
2004-09-16 20:28 65882 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008418.m4a
2004-09-16 20:28 45282 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008426.m4a
2004-09-16 20:28 43821 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008432.m4a
2004-09-16 20:28 42749 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008424.m4a
2004-09-16 20:28 41926 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008420.m4a
2004-09-16 20:28 38978 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008422.m4a
2004-09-16 20:28 38113 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008421.m4a
2004-09-16 20:28 37984 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008433.m4a
2004-09-16 20:28 37325 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008425.m4a
2004-09-16 20:28 35541 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008434.m4a
2004-09-16 20:28 30853 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008430.m4a
2004-09-16 20:28 29621 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008429.m4a
2004-09-16 20:28 28829 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008423.m4a
2004-09-16 20:28 28286 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008435.m4a
2004-09-16 20:28 14912 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008427.m4a
2004-09-16 20:27 86767 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008392.m4a
2004-09-16 20:27 81829 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008391.m4a
2004-09-16 20:27 7432 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008403.m4a
2004-09-16 20:27 63135 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008397.m4a
2004-09-16 20:27 60334 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008407.m4a
2004-09-16 20:27 55485 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008393.m4a
2004-09-16 20:27 50204 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008417.m4a
2004-09-16 20:27 47589 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008405.m4a
2004-09-16 20:27 40351 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008414.m4a
2004-09-16 20:27 37480 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008400.m4a
2004-09-16 20:27 36091 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008401.m4a
2004-09-16 20:27 33270 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008411.m4a
2004-09-16 20:27 31229 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008395.m4a
2004-09-16 20:27 28852 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008396.m4a
2004-09-16 20:27 22501 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008410.m4a
2004-09-16 20:27 16564 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008408.m4a
2004-09-16 20:27 15612 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008409.m4a
2004-09-16 20:27 15282 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008412.m4a
2004-09-16 20:27 12813 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008406.m4a
2004-09-16 20:27 11051 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008402.m4a
2004-09-16 20:27 100867 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008394.m4a
2004-09-16 20:26 99837 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008380.m4a
2004-09-16 20:26 97229 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008384.m4a
2004-09-16 20:26 95294 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008382.m4a
2004-09-16 20:26 94538 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008379.m4a
2004-09-16 20:26 93969 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008390.m4a
2004-09-16 20:26 93028 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008388.m4a
2004-09-16 20:26 92551 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008385.m4a
2004-09-16 20:26 91738 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008386.m4a
2004-09-16 20:26 91407 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008381.m4a
2004-09-16 20:26 88247 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008378.m4a
2004-09-16 20:26 81834 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008383.m4a
2004-09-16 20:26 81362 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008389.m4a
2004-09-16 20:26 81304 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008387.m4a
2004-09-16 20:25 93086 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008372.m4a
2004-09-16 20:25 92543 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008368.m4a
2004-09-16 20:25 91000 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008377.m4a
2004-09-16 20:25 89932 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008371.m4a
2004-09-16 20:25 80293 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008366.m4a
2004-09-16 20:25 76333 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008369.m4a
2004-09-16 20:25 124489 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008374.m4a
2004-09-16 20:25 122808 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008370.m4a
2004-09-16 20:25 120431 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008373.m4a
2004-09-16 20:25 109597 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008375.m4a
2004-09-16 20:25 108564 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008376.m4a
2004-09-16 20:25 106702 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008365.m4a
2004-09-16 20:25 100934 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008367.m4a
2004-09-16 20:24 98336 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008357.m4a
2004-09-16 20:24 97696 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008358.m4a
2004-09-16 20:24 97290 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008351.m4a
2004-09-16 20:24 96450 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008362.m4a
2004-09-16 20:24 94331 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008356.m4a
2004-09-16 20:24 92894 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008355.m4a
2004-09-16 20:24 92159 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008361.m4a
2004-09-16 20:24 91913 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008353.m4a
2004-09-16 20:24 90837 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008360.m4a
2004-09-16 20:24 83812 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008359.m4a
2004-09-16 20:24 76331 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008350.m4a
2004-09-16 20:24 72322 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008354.m4a
2004-09-16 20:24 129523 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008364.m4a
2004-09-16 20:24 113925 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008352.m4a
2004-09-16 20:24 106345 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008363.m4a
2004-09-16 20:23 98274 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008348.m4a
2004-09-16 20:23 95519 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008336.m4a
2004-09-16 20:23 94285 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008347.m4a
2004-09-16 20:23 92612 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008342.m4a
2004-09-16 20:23 91531 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008343.m4a
2004-09-16 20:23 88212 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008337.m4a
2004-09-16 20:23 86869 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008335.m4a
2004-09-16 20:23 85305 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008349.m4a
2004-09-16 20:23 84054 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008340.m4a
2004-09-16 20:23 83723 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008339.m4a
2004-09-16 20:23 81688 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008346.m4a
2004-09-16 20:23 81583 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008341.m4a
2004-09-16 20:23 78480 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008334.m4a
2004-09-16 20:23 76722 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008345.m4a
2004-09-16 20:23 71271 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008344.m4a
2004-09-16 20:23 110744 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008338.m4a
2004-09-16 20:22 99715 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008322.m4a
2004-09-16 20:22 91030 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008329.m4a
2004-09-16 20:22 86713 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008330.m4a
2004-09-16 20:22 85530 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008332.m4a
2004-09-16 20:22 79306 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008333.m4a
2004-09-16 20:22 58508 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008331.m4a
2004-09-16 20:22 123969 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008327.m4a
2004-09-16 20:22 122986 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008323.m4a
2004-09-16 20:22 122327 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008328.m4a
2004-09-16 20:22 120024 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008325.m4a
2004-09-16 20:22 107488 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008324.m4a
2004-09-16 20:22 100661 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008326.m4a
2004-09-16 20:21 97951 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008316.m4a
2004-09-16 20:21 95784 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008310.m4a
2004-09-16 20:21 94865 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008314.m4a
2004-09-16 20:21 93270 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008313.m4a
2004-09-16 20:21 79434 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008319.m4a
2004-09-16 20:21 68599 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008321.m4a
2004-09-16 20:21 67384 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008318.m4a
2004-09-16 20:21 164335 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008311.m4a
2004-09-16 20:21 126939 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008312.m4a
2004-09-16 20:21 118223 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008309.m4a
2004-09-16 20:21 116536 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008320.m4a
2004-09-16 20:21 107661 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008315.m4a
2004-09-16 20:21 104455 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008317.m4a
2004-09-16 20:20 98678 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008308.m4a
2004-09-16 20:20 98650 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008301.m4a
2004-09-16 20:20 85465 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008305.m4a
2004-09-16 20:20 77236 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008302.m4a
2004-09-16 20:20 64734 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008304.m4a
2004-09-16 20:20 125891 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008307.m4a
2004-09-16 20:20 110718 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008303.m4a
2004-09-16 20:20 105690 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008300.m4a
2004-09-16 20:20 100047 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008306.m4a
2004-09-16 20:18 62473 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008199.m4a
2004-09-16 20:17 95420 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008198.m4a
2004-09-16 20:17 94856 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008194.m4a
2004-09-16 20:17 90856 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008189.m4a
2004-09-16 20:17 77743 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008196.m4a
2004-09-16 20:17 76956 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008192.m4a
2004-09-16 20:17 75315 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008190.m4a
2004-09-16 20:17 70052 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008193.m4a
2004-09-16 20:17 66175 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008191.m4a
2004-09-16 20:17 59966 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008195.m4a
2004-09-16 20:17 107093 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008197.m4a
2004-09-16 20:16 91015 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008187.m4a
2004-09-16 20:16 86349 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008179.m4a
2004-09-16 20:16 79231 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008181.m4a
2004-09-16 20:16 78604 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008178.m4a
2004-09-16 20:16 78461 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008186.m4a
2004-09-16 20:16 73808 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008184.m4a
2004-09-16 20:16 73082 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008180.m4a
2004-09-16 20:16 70784 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008185.m4a
2004-09-16 20:16 69146 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008188.m4a
2004-09-16 20:16 62060 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008182.m4a
2004-09-16 20:16 30393 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008183.m4a
2004-09-16 20:15 88960 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008170.m4a
2004-09-16 20:15 85418 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008176.m4a
2004-09-16 20:15 79229 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008175.m4a
2004-09-16 20:15 78518 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008171.m4a
2004-09-16 20:15 72433 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008172.m4a
2004-09-16 20:15 71500 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008177.m4a
2004-09-16 20:15 49752 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008174.m4a
2004-09-16 20:15 115959 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008166.m4a
2004-09-16 20:15 106783 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008169.m4a
2004-09-16 20:15 104156 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008168.m4a
2004-09-16 20:15 102245 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008167.m4a
2004-09-16 20:14 99692 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008160.m4a
2004-09-16 20:14 92910 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008157.m4a
2004-09-16 20:14 80547 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008164.m4a
2004-09-16 20:14 76015 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008158.m4a
2004-09-16 20:14 75507 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008163.m4a
2004-09-16 20:14 66935 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008156.m4a
2004-09-16 20:14 112506 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008165.m4a
2004-09-16 20:14 112025 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008162.m4a
2004-09-16 20:14 110573 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008161.m4a
2004-09-16 20:14 108622 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008159.m4a
2004-09-16 20:13 95241 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008149.m4a
2004-09-16 20:13 88844 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008145.m4a
2004-09-16 20:13 88501 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008147.m4a
2004-09-16 20:13 86704 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008155.m4a
2004-09-16 20:13 75437 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008152.m4a
2004-09-16 20:13 70765 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008151.m4a
2004-09-16 20:13 62092 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008154.m4a
2004-09-16 20:13 129920 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008150.m4a
2004-09-16 20:13 119054 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008144.m4a
2004-09-16 20:13 110996 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008153.m4a
2004-09-16 20:13 102268 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008146.m4a
2004-09-16 20:12 98768 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008142.m4a
2004-09-16 20:12 97506 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008131.m4a
2004-09-16 20:12 96896 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008134.m4a
2004-09-16 20:12 95751 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008136.m4a
2004-09-16 20:12 94401 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008137.m4a
2004-09-16 20:12 91622 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008139.m4a
2004-09-16 20:12 89983 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008130.m4a
2004-09-16 20:12 84391 --a------ C:\Program Files\WB06D2SE\info_dat\sound\AU008132.m4a
2004-09-16 20:12 82953 --a------ C:\Program Files\WB06D2SE\info_dat\soun
  • 0

#25
wadeb_21

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
RatHat here is the New DSS log you wanted me to post.


Deckard's System Scanner v20071014.68
Run by jesse wool on 2008-04-16 09:16:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as jesse wool.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:38 AM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\jesse wool\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jesse wool.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [cKHI1O14Xz] C:\Documents and Settings\All Users\Application Data\wdkbqdwn\wvezedol.exe
O4 - HKLM\..\Policies\Explorer\Run: [3RDhGzmOOi] C:\Documents and Settings\All Users\Application Data\wdkbqdwn\wvezedol.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Wireless Connection Manager Update.lnk = C:\Program Files\Novatel Wireless\WirelessConnectionManager\WiseUpdt.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O11 - Options group: [searching] Search from the Address bar
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...5.44/ttinst.cab
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: VwuteM - {3CCD5AFF-9667-F055-8394-A32E67FCB051} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (avg7alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (avg7updsvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (avgems) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SMS_v3_1_0 - Unknown owner - C:\Program Files\Rosetta Stone\SMS v3.1.0hs\wrapper.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8344 bytes

-- Files created between 2008-03-16 and 2008-04-16 -----------------------------

2008-04-16 09:16:26 0 d-------- C:\Program Files\Trend Micro
2008-04-15 15:59:06 0 d-------- C:\Documents and Settings\jesse wool\Application Data\Malwarebytes
2008-04-15 15:59:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-15 15:59:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-15 15:43:02 0 d-------- C:\WINDOWS\Prefetch
2008-04-15 15:38:55 68096 --a------ C:\WINDOWS\zip.exe
2008-04-15 15:38:55 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-15 15:38:55 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-15 15:38:55 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-15 15:38:55 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-15 15:38:55 98816 --a------ C:\WINDOWS\sed.exe
2008-04-15 15:38:55 80412 --a------ C:\WINDOWS\grep.exe
2008-04-15 15:38:55 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-15 14:06:20 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-15 14:00:08 0 d-------- C:\Documents and Settings\ADMIN\Application Data\AVG7
2008-04-15 13:32:15 114688 --a------ C:\WINDOWS\system32\dahwhixe.exe
2008-04-15 12:36:26 0 dr-h----- C:\Documents and Settings\jesse wool\Recent
2008-04-15 10:55:36 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-15 10:55:21 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-15 10:55:21 0 d-------- C:\Documents and Settings\jesse wool\Application Data\SUPERAntiSpyware.com
2008-04-15 09:17:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-15 08:26:34 0 d-------- C:\WINDOWS\system32\spool
2008-04-14 17:07:00 0 d-------- C:\Documents and Settings\jesse wool\Application Data\TmpRecentIcons
2008-04-14 16:38:47 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-14 15:24:50 0 d-------- C:\Documents and Settings\All Users\Application Data\wdkbqdwn
2008-04-14 15:23:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-14 15:23:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-14 14:27:34 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Macromedia
2008-04-14 14:26:27 0 d--hs---- C:\Documents and Settings\ADMIN\UserData
2008-04-14 14:25:53 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Adobe
2008-04-14 14:20:36 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Identities
2008-04-14 14:20:36 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Gtek
2008-04-14 14:20:35 0 d--h----- C:\Documents and Settings\ADMIN\Templates
2008-04-14 14:20:35 0 dr------- C:\Documents and Settings\ADMIN\Start Menu
2008-04-14 14:20:35 0 dr-h----- C:\Documents and Settings\ADMIN\SendTo
2008-04-14 14:20:35 0 dr-h----- C:\Documents and Settings\ADMIN\Recent
2008-04-14 14:20:35 0 d--h----- C:\Documents and Settings\ADMIN\PrintHood
2008-04-14 14:20:35 1048576 --ah----- C:\Documents and Settings\ADMIN\NTUSER.DAT
2008-04-14 14:20:35 0 d--h----- C:\Documents and Settings\ADMIN\NetHood
2008-04-14 14:20:35 0 dr------- C:\Documents and Settings\ADMIN\My Documents
2008-04-14 14:20:35 0 d--h----- C:\Documents and Settings\ADMIN\Local Settings
2008-04-14 14:20:35 0 dr------- C:\Documents and Settings\ADMIN\Favorites
2008-04-14 14:20:35 0 dr------- C:\Documents and Settings\ADMIN\Desktop
2008-04-14 14:20:35 0 d--hs---- C:\Documents and Settings\ADMIN\Cookies
2008-04-14 14:20:35 0 dr-h----- C:\Documents and Settings\ADMIN\Application Data
2008-04-14 14:20:35 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Sun
2008-04-14 14:20:35 0 d---s---- C:\Documents and Settings\ADMIN\Application Data\Microsoft
2008-04-14 14:20:35 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Jasc Software Inc
2008-04-14 14:20:35 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Intel
2008-04-14 14:16:42 0 d-------- C:\WINDOWS\system32\bits
2008-04-14 12:04:35 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-14 11:30:30 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 11:29:55 2 --a------ C:\1020091134
2008-04-14 11:08:05 0 d-------- C:\WINDOWS\system32\4847
2008-04-10 15:47:16 0 d-------- C:\WINDOWS\system32\3541
2008-03-28 12:44:06 0 d-------- C:\Program Files\Bonjour


-- Find3M Report ---------------------------------------------------------------

2008-04-16 09:05:12 0 d-------- C:\Documents and Settings\jesse wool\Application Data\AVG7
2008-04-16 07:39:14 0 d-------- C:\Program Files\QuickTime
2008-04-16 07:39:14 0 d-------- C:\Program Files\MSN Messenger
2008-04-16 07:39:14 0 d-------- C:\Program Files\iTunes
2008-04-16 07:39:11 0 d-------- C:\Program Files\Apoint
2008-04-15 14:30:42 0 d-------- C:\Program Files\Common Files
2008-04-15 14:06:24 23268 --a------ C:\WINDOWS\system32\nvModes.dat
2008-04-15 10:53:57 0 d-------- C:\Program Files\Dell Support
2008-04-14 16:37:51 0 d-------- C:\Program Files\Movie Maker
2008-04-14 16:37:35 0 d-------- C:\Program Files\Windows NT
2008-04-14 12:22:54 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-14 11:45:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 10:41:35 23428 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-28 12:56:49 0 d-------- C:\Documents and Settings\jesse wool\Application Data\Apple Computer
2008-03-26 10:25:14 0 d-------- C:\Program Files\WB06D2SE
2008-02-23 11:18:26 513 --a------ C:\logfile.dat
2008-02-23 11:00:04 0 d-------- C:\Program Files\DIFX
2008-02-23 10:58:46 0 d-------- C:\Program Files\LeapFrog


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/23/2007 12:46 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/20/2005 04:34 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [12/23/2007 12:45 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/15/2008 09:13 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [04/15/2008 02:03 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\jesse wool\Start Menu\Programs\Startup\
Wireless Connection Manager Update.lnk - C:\Program Files\Novatel Wireless\WirelessConnectionManager\WiseUpdt.exe [10/30/2005 2:20:20 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [9/26/2005 3:38:19 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"cKHI1O14Xz"=C:\Documents and Settings\All Users\Application Data\wdkbqdwn\wvezedol.exe
"3RDhGzmOOi"=C:\Documents and Settings\All Users\Application Data\wdkbqdwn\wvezedol.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 04/15/2008 02:03 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 05:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533c5b84-ec70-11d2-9505-00c04f79deaf}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drivesystem]
C:\WINDOWS\System32\maxpaynowti1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\myspaceim]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntuser]
C:\WINDOWS\system32\drivers\spools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask .exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet




-- End of Deckard's System Scanner: finished at 2008-04-16 09:17:00 ------------
  • 0

Advertisements


#26
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
The Combofix log is incomplete, could you attach it for me please;

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#27
wadeb_21

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
Sorry about that heres the Combofix log.

Attached File  combofix.txt   447.38KB   83 downloads
  • 0

#28
wadeb_21

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
Rathat I hate to bother you again but I just wanted to say I actually just tried to boot in safe mode to see if it was working now and its still stopping at the same place it was before. Do you know how to fix that as well, or can you point me in the right direction where I can find info on how to fix it? Thanks again.
  • 0

#29
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

We'll come back to getting into safe mode when we have got rid of the malware that is affecting it.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\qyioahfe.tmp
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\dahwhixe.exe
C:\WINDOWS\system32\qmgrprxy.dll
C:\Documents and Settings\All Users\Application Data\wdkbqdwn\wvezedol.exe
C:\WINDOWS\System32\maxpaynowti1.exe

Folder::
C:\WINDOWS\system32\3541
C:\WINDOWS\system32\4847

Driver::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"cKHI1O14Xz"=-
"3RDhGzmOOi"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drivesystem]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new DSS log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop as Kaspersky.txt.
  • Copy and paste that information in your next post.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now you may need to reinstall Quicktime, you can download this when you update iTunes. Let me know if you need help doing this. Also let me know how your computer is behaving now.

Regards,
RatHat
  • 0

#30
wadeb_21

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
Here is the new Combo Fix Log

Attached File  Newcomfixlog.txt   17.28KB   61 downloads
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP