Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

coolwwwsearch.homesearch [RESOLVED]

Started by burge1779 , Aug 23 2005 06:40 AM

This topic is locked

#1
burge1779

Posted 23 August 2005 - 06:40 AM

Member

Member
22 posts

Ihave tried every thing I can think of to get rid of homesearch. My computer will not allow Ewido security suite to run. I have run all of the programs that were suggested in the article that said "start here". Sometimes my comp. won't allow internet explorer to open. It gives me an error about add-ons and a .dll file name. After I disable that program ie opens fine, except for the homepage, pop-up, and extra favorite sites problem. If you can fix this problem you will be my hero!!!! It is driving me crazy.

Logfile of HijackThis v1.99.1
Scan saved at 7:29:24 AM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\HPINST~1\Pavilion\XPENABS4EN\plugin\bin\pchbutton.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\sprub.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sprub.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\sprub.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\sprub.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sprub.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\sprub.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {5E5CDAA5-6515-89C3-CE2C-CB7B0F711BBF} - C:\WINDOWS\system32\ipmg32.dll (file missing)
O2 - BHO: Class - {5E8BA5AA-42CF-368F-88E1-1CDF46D25744} - C:\WINDOWS\system32\ipsb32.dll (file missing)
O2 - BHO: Class - {6D4097E2-E32A-4E3E-A270-070E73AF19AC} - C:\WINDOWS\syspk.dll (file missing)
O2 - BHO: Class - {768510DB-4B3E-B9C1-962A-3FE96793A206} - C:\WINDOWS\system32\d3gm32.dll (file missing)
O2 - BHO: Class - {7EBCF226-F6E0-E97B-660E-93458B08BEE4} - C:\WINDOWS\addyh32.dll (file missing)
O2 - BHO: Class - {94FD197B-91F4-96F5-33A3-21A0B41E8BB2} - C:\WINDOWS\addtk.dll (file missing)
O2 - BHO: Class - {AF490C36-6A8D-7183-CFE9-1C64B1EF4B11} - C:\WINDOWS\ipoq32.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [netzm.exe] C:\WINDOWS\netzm.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunOnce: [netqd32.exe] C:\WINDOWS\system32\netqd32.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPENABS4EN\plugin\bin\pchbutton.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c282.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...5e012/enter.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolba...006_regular.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinn...jo/wordmojo.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp...her/MotUtil.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sysog32.exe" /s (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#2
Rawe

Posted 23 August 2005 - 07:08 AM

Visiting Staff

Member
4,746 posts

Hello and welcome!

Please print these instructions out, or write them down, as you can't read them during the fix.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster

Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
Click "OK" at the prompt with instructions.
Click "Update" and then "Check For Update" to begin the update process.
If any updates exist please download them by clicking "Download Update" then click the X to close that window.
Now close About:Buster

Update CWShredder

Open CWShredder and click I AGREE
Click Check For Update
Close CWShredder

Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:

Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
Click Yes to allow it to shutdown explorer.exe.
It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
Reboot your computer into safe mode again

Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Now run CleanUp! Click CleanUp and allow it to delete all the temporary files. REBOOT!!

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

- Rawe :tazz:

#3
burge1779

Posted 23 August 2005 - 05:50 PM

Member

Topic Starter
Member
22 posts

Well, I went through all of the steps you requested me to do. Everything went fine. When I went to set my homepage before open ie it had a bunch of symbols. I put in my page and it reset it after about 3 or 4 webpage clicks later. I had trouble with some things not opening in ie. I get "the page cannot be displayed" but there is junk links on it. I hate this thing!!! Here are my logs:

------------------------------------------------------------------------

(8/23/05 6:13:39 PM) SPSeHjFix started v1.1.2
(8/23/05 6:13:39 PM) OS: WinXP Service Pack 2 (5.1.2600)
(8/23/05 6:13:39 PM) Language: english
(8/23/05 6:13:39 PM) Win-Path: C:\WINDOWS
(8/23/05 6:13:39 PM) System-Path: C:\WINDOWS\system32
(8/23/05 6:13:39 PM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\

(8/23/05 6:30:04 PM) SPSeHjFix started v1.1.2
(8/23/05 6:30:04 PM) OS: WinXP Service Pack 2 (5.1.2600)
(8/23/05 6:30:04 PM) Language: english
(8/23/05 6:30:04 PM) Win-Path: C:\WINDOWS
(8/23/05 6:30:04 PM) System-Path: C:\WINDOWS\system32
(8/23/05 6:30:04 PM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(8/23/05 6:30:11 PM) Disinfection started
(8/23/05 6:30:11 PM) Bad-Dll(IEP): (not found)
(8/23/05 6:30:11 PM) Bad-Dll(IEP) in BHO: (not found)
(8/23/05 6:30:11 PM) UBF: 8 - UBB: 1 - UBR: 14
(8/23/05 6:30:11 PM) UBF: 8 - UBB: 1 - UBR: 14
(8/23/05 6:30:11 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL:
(8/23/05 6:30:11 PM) Stealth-String not found
(8/23/05 6:30:11 PM) Not infected->END

-----------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:29:24 AM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\HPINST~1\Pavilion\XPENABS4EN\plugin\bin\pchbutton.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\sprub.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sprub.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\sprub.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\sprub.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sprub.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\sprub.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {5E5CDAA5-6515-89C3-CE2C-CB7B0F711BBF} - C:\WINDOWS\system32\ipmg32.dll (file missing)
O2 - BHO: Class - {5E8BA5AA-42CF-368F-88E1-1CDF46D25744} - C:\WINDOWS\system32\ipsb32.dll (file missing)
O2 - BHO: Class - {6D4097E2-E32A-4E3E-A270-070E73AF19AC} - C:\WINDOWS\syspk.dll (file missing)
O2 - BHO: Class - {768510DB-4B3E-B9C1-962A-3FE96793A206} - C:\WINDOWS\system32\d3gm32.dll (file missing)
O2 - BHO: Class - {7EBCF226-F6E0-E97B-660E-93458B08BEE4} - C:\WINDOWS\addyh32.dll (file missing)
O2 - BHO: Class - {94FD197B-91F4-96F5-33A3-21A0B41E8BB2} - C:\WINDOWS\addtk.dll (file missing)
O2 - BHO: Class - {AF490C36-6A8D-7183-CFE9-1C64B1EF4B11} - C:\WINDOWS\ipoq32.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [netzm.exe] C:\WINDOWS\netzm.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunOnce: [netqd32.exe] C:\WINDOWS\system32\netqd32.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPENABS4EN\plugin\bin\pchbutton.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c282.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...5e012/enter.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolba...006_regular.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinn...jo/wordmojo.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp...her/MotUtil.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sysog32.exe" /s (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4
Rawe

Posted 23 August 2005 - 10:54 PM

Visiting Staff

Member
4,746 posts

Can you first update Ewido to the latest definitions.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Now open Ewido and do a scan of your system.

Click on scanner
Click on Complete System Scan and the scan will begin.
Clean anything it finds.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.

Close Ewido.

Reboot into normal mode and post the Ewido log.

- Rawe :tazz:

#5
burge1779

Posted 24 August 2005 - 04:27 PM

Member

Topic Starter
Member
22 posts

My computer will not allow ewido to run. As soon as it finds the first problem it close the whole program. But when I restarted my comp. the gaurd on ewido quarintined a bunch of files. I tried uninstalling ewido and reinstalling it but that did not work. i also tried uninstalling nortons but that didn't help either!

#6
Rawe

Posted 25 August 2005 - 04:50 AM

Visiting Staff

Member
4,746 posts

Can you disable Ewido guard first then try to do the scan in Safe Mode again please.

#7
burge1779

Posted 25 August 2005 - 06:21 AM

Member

Topic Starter
Member
22 posts

Still won't work. It only gets about 2.5% done before it shuts off. I tried to be quick and click the first message it brung up but it still shut off.

#8
Rawe

Posted 25 August 2005 - 06:39 AM

Visiting Staff

Member
4,746 posts

Can you try in normal mode.. If still won't work can you post a fresh HijackThis log.

#9
burge1779

Posted 25 August 2005 - 04:22 PM

Member

Topic Starter
Member
22 posts

still won't run!

Logfile of HijackThis v1.99.1
Scan saved at 5:21:36 PM, on 8/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\mfcpv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\HPINST~1\Pavilion\XPENABS4EN\plugin\bin\pchbutton.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qpccx.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qpccx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qpccx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qpccx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qpccx.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qpccx.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {7DD77B7C-9B84-72EE-BD55-4F770792CF55} - C:\WINDOWS\sdkal32.dll
O2 - BHO: Class - {C4321F79-4119-FC9A-FB04-062C3F916C8D} - C:\WINDOWS\winpx32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [winct.exe] C:\WINDOWS\system32\winct.exe
O4 - HKLM\..\Run: [mfcpv.exe] C:\WINDOWS\mfcpv.exe
O4 - HKLM\..\RunOnce: [netqd32.exe] C:\WINDOWS\system32\netqd32.exe
O4 - HKLM\..\RunOnce: [d3zi32.exe] C:\WINDOWS\d3zi32.exe
O4 - HKLM\..\RunOnce: [apptg.exe] C:\WINDOWS\apptg.exe
O4 - HKLM\..\RunOnce: [javabj32.exe] C:\WINDOWS\system32\javabj32.exe
O4 - HKLM\..\RunOnce: [apiol32.exe] C:\WINDOWS\system32\apiol32.exe
O4 - HKLM\..\RunOnce: [atlls32.exe] C:\WINDOWS\atlls32.exe
O4 - HKLM\..\RunOnce: [iequ.exe] C:\WINDOWS\system32\iequ.exe
O4 - HKLM\..\RunOnce: [addgc32.exe] C:\WINDOWS\system32\addgc32.exe
O4 - HKLM\..\RunOnce: [apiiw.exe] C:\WINDOWS\apiiw.exe
O4 - HKLM\..\RunOnce: [winoy32.exe] C:\WINDOWS\system32\winoy32.exe
O4 - HKLM\..\RunOnce: [sdkhr32.exe] C:\WINDOWS\sdkhr32.exe
O4 - HKLM\..\RunOnce: [mfcmm.exe] C:\WINDOWS\system32\mfcmm.exe
O4 - HKLM\..\RunOnce: [apisi32.exe] C:\WINDOWS\system32\apisi32.exe
O4 - HKLM\..\RunOnce: [sysfc.exe] C:\WINDOWS\sysfc.exe
O4 - HKLM\..\RunOnce: [mfcgf32.exe] C:\WINDOWS\mfcgf32.exe
O4 - HKLM\..\RunOnce: [sysmz.exe] C:\WINDOWS\system32\sysmz.exe
O4 - HKLM\..\RunOnce: [netgl.exe] C:\WINDOWS\system32\netgl.exe
O4 - HKLM\..\RunOnce: [addtn32.exe] C:\WINDOWS\addtn32.exe
O4 - HKLM\..\RunOnce: [crko32.exe] C:\WINDOWS\crko32.exe
O4 - HKLM\..\RunOnce: [atlfo.exe] C:\WINDOWS\atlfo.exe
O4 - HKLM\..\RunOnce: [netks32.exe] C:\WINDOWS\netks32.exe
O4 - HKLM\..\RunOnce: [msnc32.exe] C:\WINDOWS\system32\msnc32.exe
O4 - HKLM\..\RunOnce: [ipmr.exe] C:\WINDOWS\system32\ipmr.exe
O4 - HKLM\..\RunOnce: [javarw32.exe] C:\WINDOWS\javarw32.exe
O4 - HKLM\..\RunOnce: [addvf32.exe] C:\WINDOWS\addvf32.exe
O4 - HKLM\..\RunOnce: [mfcfg32.exe] C:\WINDOWS\system32\mfcfg32.exe
O4 - HKLM\..\RunOnce: [netkf.exe] C:\WINDOWS\netkf.exe
O4 - HKLM\..\RunOnce: [javayd32.exe] C:\WINDOWS\system32\javayd32.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPENABS4EN\plugin\bin\pchbutton.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c282.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...5e012/enter.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolba...006_regular.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinn...jo/wordmojo.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp...her/MotUtil.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\netqd32.exe" /s (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#10
Rawe

Posted 26 August 2005 - 07:59 AM

Visiting Staff

Member
4,746 posts

Ok.

Launch HiJackThis and go to "Misc tools Section". Click Open ADS Spy and scan. Save the log and post it here.. Don't remove anything yet. :tazz:

#11
burge1779

Posted 26 August 2005 - 06:19 PM

Member

Topic Starter
Member
22 posts

C:\WINDOWS\002873_.tmp : lgxfg (35310 bytes)
C:\WINDOWS\AC3API.INI : hjbrg (87855 bytes)
C:\WINDOWS\AC3API.INI : imulc (87855 bytes)
C:\WINDOWS\AC3API.INI : ocmyb (87855 bytes)
C:\WINDOWS\AC3API.INI : xrwhb (0 bytes)
C:\WINDOWS\AC3API.INI : xxygj (35081 bytes)
C:\WINDOWS\AC3API.INI : xydhz (35310 bytes)
C:\WINDOWS\Active Setup Log.txt : ahnme (87855 bytes)
C:\WINDOWS\Active Setup Log.txt : dfkqy (87855 bytes)
C:\WINDOWS\Active Setup Log.txt : ftcxl (87855 bytes)
C:\WINDOWS\Active Setup Log.txt : hbhit (89339 bytes)
C:\WINDOWS\Active Setup Log.txt : oklgb (35081 bytes)
C:\WINDOWS\Active Setup Log.txt : onvex (89339 bytes)
C:\WINDOWS\Active Setup Log.txt : oqtnfu (35081 bytes)
C:\WINDOWS\Active Setup Log.txt : rskij (35081 bytes)
C:\WINDOWS\Active Setup Log.txt : swwle (35081 bytes)
C:\WINDOWS\aixse.txt : bbndp (0 bytes)
C:\WINDOWS\aixse.txt : buzoo (89339 bytes)
C:\WINDOWS\aixse.txt : ilrzw (35081 bytes)
C:\WINDOWS\aixse.txt : jtyuy (87855 bytes)
C:\WINDOWS\aixse.txt : mhtnw (87855 bytes)
C:\WINDOWS\aixse.txt : oybqq (35081 bytes)
C:\WINDOWS\aixse.txt : wotfu (87855 bytes)
C:\WINDOWS\aucfg.ini : xgohi (0 bytes)
C:\WINDOWS\AuHCcup1.ini : yvkro (0 bytes)
C:\WINDOWS\auigv.log : bnnzwd (11537 bytes)
C:\WINDOWS\auigv.log : hodxd (35081 bytes)
C:\WINDOWS\auigv.log : knghs (35310 bytes)
C:\WINDOWS\awppu.txt : drysp (35081 bytes)
C:\WINDOWS\awppu.txt : hahsz (87855 bytes)
C:\WINDOWS\awppu.txt : wcuaa (35081 bytes)
C:\WINDOWS\awppu.txt : xsmyx (87855 bytes)
C:\WINDOWS\bkwuk.txt : sdstq (35310 bytes)
C:\WINDOWS\bkwuk.txt : twevm (89339 bytes)
C:\WINDOWS\bkwuk.txt : ypypt (35310 bytes)
C:\WINDOWS\Blue Lace 16.bmp : bqhhc (35081 bytes)
C:\WINDOWS\Blue Lace 16.bmp : fcznb (35081 bytes)
C:\WINDOWS\Blue Lace 16.bmp : jikqq (89339 bytes)
C:\WINDOWS\Blue Lace 16.bmp : lnuqe (87855 bytes)
C:\WINDOWS\Blue Lace 16.bmp : ltegr (87855 bytes)
C:\WINDOWS\Blue Lace 16.bmp : nejbm (35081 bytes)
C:\WINDOWS\Blue Lace 16.bmp : nojlp (87855 bytes)
C:\WINDOWS\Blue Lace 16.bmp : sfidx (35081 bytes)
C:\WINDOWS\Blue Lace 16.bmp : ulouf (87855 bytes)
C:\WINDOWS\Blue Lace 16.bmp : uvgio (35081 bytes)
C:\WINDOWS\Blue Lace 16.bmp : wzkrr (87855 bytes)
C:\WINDOWS\bmbuu.txt : cnqjr (87855 bytes)
C:\WINDOWS\bmbuu.txt : jmkci (89339 bytes)
C:\WINDOWS\bmbuu.txt : yoblg (87855 bytes)
C:\WINDOWS\bnrrx.log : cgyqg (87855 bytes)
C:\WINDOWS\bnrrx.log : ipefw (87855 bytes)
C:\WINDOWS\bnrrx.log : oyvau (35081 bytes)
C:\WINDOWS\bnrrx.log : tacss (89339 bytes)
C:\WINDOWS\bootstat.dat : hpwyq (35081 bytes)
C:\WINDOWS\bootstat.dat : mvjfv (35081 bytes)
C:\WINDOWS\bootstat.dat : myfvt (89339 bytes)
C:\WINDOWS\bootstat.dat : qxdno (35081 bytes)
C:\WINDOWS\bootstat.dat : toxey (87855 bytes)
C:\WINDOWS\bootstat.dat : toxeyf (35081 bytes)
C:\WINDOWS\bootstat.dat : wjext (35081 bytes)
C:\WINDOWS\bootstat.dat : zyfhl (35081 bytes)
C:\WINDOWS\borxg.log : kknkc (35081 bytes)
C:\WINDOWS\bouvi.txt : eyqgj (0 bytes)
C:\WINDOWS\bouvi.txt : japny (89339 bytes)
C:\WINDOWS\bouvi.txt : ktklv (35081 bytes)
C:\WINDOWS\bouvi.txt : odegt (89339 bytes)
C:\WINDOWS\cdplayer.ini : fhuqk (87855 bytes)
C:\WINDOWS\cdplayer.ini : iygzb (87855 bytes)
C:\WINDOWS\cdplayer.ini : muhbx (89339 bytes)
C:\WINDOWS\cdplayer.ini : mwkgk (35310 bytes)
C:\WINDOWS\cdplayer.ini : qmoqh (35081 bytes)
C:\WINDOWS\cdplayer.ini : uovvf (35310 bytes)
C:\WINDOWS\cdplayer.ini : xnaug (87855 bytes)
C:\WINDOWS\cfhsv.log : cruog (87855 bytes)
C:\WINDOWS\cfhsv.log : djrxa (35081 bytes)
C:\WINDOWS\cfhsv.log : ilpru (35081 bytes)
C:\WINDOWS\cfhsv.log : jhjyb (87855 bytes)
C:\WINDOWS\cfhsv.log : scekn (35081 bytes)
C:\WINDOWS\cfhsv.log : tfmrc (87855 bytes)
C:\WINDOWS\cfhsv.log : xvvbt (87855 bytes)
C:\WINDOWS\cfhsv.log : zhuat (87855 bytes)
C:\WINDOWS\cfqnd.log : ebfdp (35310 bytes)
C:\WINDOWS\cfqnd.log : gbnko (35081 bytes)
C:\WINDOWS\cfqnd.log : jbfjv (87855 bytes)
C:\WINDOWS\cfqnd.log : mknbe (0 bytes)
C:\WINDOWS\cfqnd.log : nvxql (87855 bytes)
C:\WINDOWS\cfqnd.log : spokct (197755 bytes)
C:\WINDOWS\cfqnd.log : tqhpt (35081 bytes)
C:\WINDOWS\cggte.log : jqmwd (35081 bytes)
C:\WINDOWS\cggte.log : qjehw (89410 bytes)
C:\WINDOWS\cggte.log : qpymg (89339 bytes)
C:\WINDOWS\cggte.log : wnhyn (35081 bytes)
C:\WINDOWS\cggte.log : xmgde (87855 bytes)
C:\WINDOWS\cggte.log : xsqnp (35310 bytes)
C:\WINDOWS\cjtbr.log : hykou (87855 bytes)
C:\WINDOWS\clock.avi : cfcwp (87855 bytes)
C:\WINDOWS\clock.avi : euvip (87855 bytes)
C:\WINDOWS\clock.avi : fmzfb (35081 bytes)
C:\WINDOWS\clock.avi : lyydge (11529 bytes)
C:\WINDOWS\clock.avi : nzbbd (35310 bytes)
C:\WINDOWS\clock.avi : smrfa (35081 bytes)
C:\WINDOWS\clock.avi : srwan (89339 bytes)
C:\WINDOWS\clock.avi : ubagu (35310 bytes)
C:\WINDOWS\clock.avi : whipv (35081 bytes)
C:\WINDOWS\clock.avi : woxaa (35081 bytes)
C:\WINDOWS\clock.avi : yhlhh (35081 bytes)
C:\WINDOWS\clock.avi : zxizp (35310 bytes)
C:\WINDOWS\cmsetacl.log : bivzh (87855 bytes)
C:\WINDOWS\cmsetacl.log : iglfc (35081 bytes)
C:\WINDOWS\cmsetacl.log : ijpnd (87855 bytes)
C:\WINDOWS\cmsetacl.log : tzrrx (35081 bytes)
C:\WINDOWS\Coffee Bean.bmp : eexrj (87855 bytes)
C:\WINDOWS\Coffee Bean.bmp : egpbr (35081 bytes)
C:\WINDOWS\Coffee Bean.bmp : ujmqp (35081 bytes)
C:\WINDOWS\Coffee Bean.bmp : yhcqzn (35310 bytes)
C:\WINDOWS\Coffee Bean.bmp : yimwm (35081 bytes)
C:\WINDOWS\Coffee Bean.bmp : zujrq (89339 bytes)
C:\WINDOWS\COM+.log : ebyav (89410 bytes)
C:\WINDOWS\COM+.log : eirri (87855 bytes)
C:\WINDOWS\COM+.log : nkyyc (35081 bytes)
C:\WINDOWS\COM+.log : ouvkm (87855 bytes)
C:\WINDOWS\COM+.log : xgjap (87855 bytes)
C:\WINDOWS\comsetup.log : bchss (35081 bytes)
C:\WINDOWS\comsetup.log : bibwd (35310 bytes)
C:\WINDOWS\comsetup.log : cmyof (87855 bytes)
C:\WINDOWS\comsetup.log : giinu (89339 bytes)
C:\WINDOWS\comsetup.log : hrhqw (87855 bytes)
C:\WINDOWS\comsetup.log : hzqkl (87855 bytes)
C:\WINDOWS\comsetup.log : mvtve (87855 bytes)
C:\WINDOWS\comsetup.log : ngzne (87855 bytes)
C:\WINDOWS\comsetup.log : tuyaf (87855 bytes)
C:\WINDOWS\comsetup.log : wvrqp (87855 bytes)
C:\WINDOWS\comsetup.log : xuclxc (11529 bytes)
C:\WINDOWS\comsetup.log : yeazu (35081 bytes)
C:\WINDOWS\comsetup.log : znnxi (89339 bytes)
C:\WINDOWS\control.ini : fnfjb (89339 bytes)
C:\WINDOWS\control.ini : oqznd (87855 bytes)
C:\WINDOWS\control.ini : qifjg (35081 bytes)
C:\WINDOWS\control.ini : qoczn (35310 bytes)
C:\WINDOWS\control.ini : sangr (35081 bytes)
C:\WINDOWS\control.ini : yxibh (35081 bytes)
C:\WINDOWS\CTDV10K1.CDF : dkzsj (35310 bytes)
C:\WINDOWS\CTDV10K1.CDF : eydet (87855 bytes)
C:\WINDOWS\CTDV10K1.CDF : haekh (89339 bytes)
C:\WINDOWS\CTDV10K1.CDF : mkyke (35081 bytes)
C:\WINDOWS\CTDV10K1.CDF : nynhm (35310 bytes)
C:\WINDOWS\CTDV10K1.CDF : pwybl (35081 bytes)
C:\WINDOWS\CTDV10K1.CDF : qqugw (87855 bytes)
C:\WINDOWS\CTDV10K1.CDF : rljst (87855 bytes)
C:\WINDOWS\CTDV10K1.CDF : snqmhm (35081 bytes)
C:\WINDOWS\CTDV10K1.CDF : tdayz (35081 bytes)
C:\WINDOWS\CTDV10K1.CDF : xtcsc (89410 bytes)
C:\WINDOWS\CTDV10K2.CDF : efmgp (35081 bytes)
C:\WINDOWS\CTDV10K2.CDF : glxex (35081 bytes)
C:\WINDOWS\CTDV10K2.CDF : hlcvw (35081 bytes)
C:\WINDOWS\CTDV10K2.CDF : koucm (35310 bytes)
C:\WINDOWS\CTDV10K2.CDF : mdkmg (87855 bytes)
C:\WINDOWS\CTDV10K2.CDF : quvzzn (35081 bytes)
C:\WINDOWS\CTDV10K2.CDF : zczhb (87855 bytes)
C:\WINDOWS\CTDVAUDY.CDF : bxocx (89339 bytes)
C:\WINDOWS\CTDVAUDY.CDF : qfukf (89339 bytes)
C:\WINDOWS\CTDVAUDY.CDF : tivru (35081 bytes)
C:\WINDOWS\CTDVAUDY.CDF : wqttg (87855 bytes)
C:\WINDOWS\dallt.log : iiutd (35081 bytes)
C:\WINDOWS\dallt.log : koqie (35310 bytes)
C:\WINDOWS\dallt.log : kwjrh (89339 bytes)
C:\WINDOWS\dallt.log : pgikf (35081 bytes)
C:\WINDOWS\dallt.log : pjccf (35081 bytes)
C:\WINDOWS\dallt.log : pujkk (35081 bytes)
C:\WINDOWS\dallt.log : uhjcp (89410 bytes)
C:\WINDOWS\dallt.log : zwyci (35081 bytes)
C:\WINDOWS\desktop.ini : euylvn (11529 bytes)
C:\WINDOWS\desktop.ini : jcnnn (87855 bytes)
C:\WINDOWS\desktop.ini : jvmrb (87855 bytes)
C:\WINDOWS\desktop.ini : nouuo (87855 bytes)
C:\WINDOWS\desktop.ini : ordvo (89339 bytes)
C:\WINDOWS\desktop.ini : qoitx (35310 bytes)
C:\WINDOWS\desktop.ini : rbmgq (35310 bytes)
C:\WINDOWS\desktop.ini : sbtcz (35081 bytes)
C:\WINDOWS\desktop.ini : sjgrd (89339 bytes)
C:\WINDOWS\desktop.ini : sxfri (87855 bytes)
C:\WINDOWS\desktop.ini : xxeoa (35081 bytes)
C:\WINDOWS\desktop.ini : yhcfa (35081 bytes)
C:\WINDOWS\desktop.ini : zvmci (87855 bytes)
C:\WINDOWS\DHCPUPG.LOG : etabz (89339 bytes)
C:\WINDOWS\DHCPUPG.LOG : houbl (35081 bytes)
C:\WINDOWS\DHCPUPG.LOG : mnjzt (35081 bytes)
C:\WINDOWS\DHCPUPG.LOG : ppard (87855 bytes)
C:\WINDOWS\DHCPUPG.LOG : sssil (35081 bytes)
C:\WINDOWS\DirectX.log : eojsb (35081 bytes)
C:\WINDOWS\DirectX.log : gbmqx (87855 bytes)
C:\WINDOWS\DirectX.log : ulvkg (87855 bytes)
C:\WINDOWS\DirectX.log : wqzuv (87855 bytes)
C:\WINDOWS\dmgni.txt : jksfg (87855 bytes)
C:\WINDOWS\dmgni.txt : junye (89410 bytes)
C:\WINDOWS\dmgni.txt : kthvd (35310 bytes)
C:\WINDOWS\dmgni.txt : lywaa (87855 bytes)
C:\WINDOWS\dmgni.txt : psgxq (35081 bytes)
C:\WINDOWS\dmgni.txt : psiuq (87855 bytes)
C:\WINDOWS\dmkdx.log : byycb (35310 bytes)
C:\WINDOWS\dmkdx.log : mzrmm (35310 bytes)
C:\WINDOWS\drmyg.txt : drkxjp (0 bytes)
C:\WINDOWS\DtcInstall.log : finml (35081 bytes)
C:\WINDOWS\DtcInstall.log : hvype (87855 bytes)
C:\WINDOWS\DtcInstall.log : rsgnl (0 bytes)
C:\WINDOWS\DtcInstall.log : vqmjd (35310 bytes)
C:\WINDOWS\DtcInstall.log : wvrqpq (35081 bytes)
C:\WINDOWS\dvkbp.dat : aetdj (89339 bytes)
C:\WINDOWS\dvkbp.dat : crdbv (87855 bytes)
C:\WINDOWS\dvkbp.dat : ddrka (0 bytes)
C:\WINDOWS\dvkbp.dat : puemv (35310 bytes)
C:\WINDOWS\dvkbp.dat : sjvxf (87855 bytes)
C:\WINDOWS\dvkbp.dat : vosbg (87855 bytes)
C:\WINDOWS\efolu.log : cgfge (87855 bytes)
C:\WINDOWS\efolu.log : evzda (89339 bytes)
C:\WINDOWS\efolu.log : kwpme (35081 bytes)
C:\WINDOWS\efolu.log : uwykx (35081 bytes)
C:\WINDOWS\eimve.log : aqljz (35081 bytes)
C:\WINDOWS\eimve.log : cweqz (89385 bytes)
C:\WINDOWS\eimve.log : hbmgzm (197753 bytes)
C:\WINDOWS\eimve.log : hskfr (35081 bytes)
C:\WINDOWS\eimve.log : iujsy (89385 bytes)
C:\WINDOWS\eimve.log : thaed (87855 bytes)
C:\WINDOWS\eimve.log : wbhio (89410 bytes)
C:\WINDOWS\eimve.log : ynurz (89339 bytes)
C:\WINDOWS\eljwv.txt : kuqfq (89339 bytes)
C:\WINDOWS\emdiv.txt : jcmva (89339 bytes)
C:\WINDOWS\emdiv.txt : vjfiy (89339 bytes)
C:\WINDOWS\exdfp.log : aulmm (35081 bytes)
C:\WINDOWS\exdfp.log : drmfn (89339 bytes)
C:\WINDOWS\exdfp.log : ilwre (87855 bytes)
C:\WINDOWS\exdfp.log : mnqra (35081 bytes)
C:\WINDOWS\exdfp.log : rcpit (35081 bytes)
C:\WINDOWS\explorer.scf : avaym (87855 bytes)
C:\WINDOWS\explorer.scf : ibzydl (35081 bytes)
C:\WINDOWS\explorer.scf : litrs (87855 bytes)
C:\WINDOWS\explorer.scf : nugnh (87855 bytes)
C:\WINDOWS\explorer.scf : udvxc (35081 bytes)
C:\WINDOWS\explorer.scf : wzzlw (35081 bytes)
C:\WINDOWS\explorer.scf : yhffk (35081 bytes)
C:\WINDOWS\FaxSetup.log : lgwof (0 bytes)
C:\WINDOWS\FaxSetup.log : mbzwh (87855 bytes)
C:\WINDOWS\FaxSetup.log : rbaai (35081 bytes)
C:\WINDOWS\FaxSetup.log : zzhvik (87855 bytes)
C:\WINDOWS\fbkgd.log : afirc (89339 bytes)
C:\WINDOWS\fbkgd.log : aqsat (87855 bytes)
C:\WINDOWS\fbkgd.log : ckyqb (35081 bytes)
C:\WINDOWS\fbkgd.log : joxbw (35310 bytes)
C:\WINDOWS\fbkgd.log : lzzkw (87855 bytes)
C:\WINDOWS\fbkgd.log : mthlr (35081 bytes)
C:\WINDOWS\fbkgd.log : pxcow (35310 bytes)
C:\WINDOWS\fbkgd.log : tdjyi (87855 bytes)
C:\WINDOWS\fbkgd.log : vzfcp (35081 bytes)
C:\WINDOWS\fbkgd.log : xsiar (87855 bytes)
C:\WINDOWS\fbkgd.log : yivmc (35081 bytes)
C:\WINDOWS\FeatherTexture.bmp : jebgs (87855 bytes)
C:\WINDOWS\FeatherTexture.bmp : niqza (35081 bytes)
C:\WINDOWS\FeatherTexture.bmp : pdcgge (197755 bytes)
C:\WINDOWS\FeatherTexture.bmp : qadti (87855 bytes)
C:\WINDOWS\FeatherTexture.bmp : udyfk (35081 bytes)
C:\WINDOWS\FeatherTexture.bmp : vwbqn (35310 bytes)
C:\WINDOWS\FeatherTexture.bmp : xbryl (89410 bytes)
C:\WINDOWS\Finding Nemo.scr : cjnuu (35081 bytes)
C:\WINDOWS\Finding Nemo.scr : hcsak (35081 bytes)
C:\WINDOWS\Finding Nemo.scr : tnndu (35081 bytes)
C:\WINDOWS\Finding Nemo.scr : ueqgo (35310 bytes)
C:\WINDOWS\fnpai.txt : anyjx (87855 bytes)
C:\WINDOWS\fnpai.txt : axvfd (87855 bytes)
C:\WINDOWS\fnpai.txt : glisu (35310 bytes)
C:\WINDOWS\fnpai.txt : glppb (35310 bytes)
C:\WINDOWS\fnpai.txt : hxedj (89385 bytes)
C:\WINDOWS\fnpai.txt : nxhbv (35081 bytes)
C:\WINDOWS\fnpai.txt : oyfrh (89385 bytes)
C:\WINDOWS\fnpai.txt : rgzea (87855 bytes)
C:\WINDOWS\fnpai.txt : rkkus (87855 bytes)
C:\WINDOWS\fnpai.txt : vbyzo (87855 bytes)
C:\WINDOWS\fnpai.txt : ybjwu (89339 bytes)
C:\WINDOWS\fnpai.txt : ysbsz (87855 bytes)
C:\WINDOWS\GEARInstall.log : aavls (87855 bytes)
C:\WINDOWS\GEARInstall.log : fmgdd (35081 bytes)
C:\WINDOWS\GEARInstall.log : fwtpb (87855 bytes)
C:\WINDOWS\GEARInstall.log : pbcpj (87855 bytes)
C:\WINDOWS\GEARInstall.log : sfzca (35081 bytes)
C:\WINDOWS\GEARInstall.log : wjwko (35081 bytes)
C:\WINDOWS\GEARInstall.log : ywrxd (35310 bytes)
C:\WINDOWS\GetServer.ini : jgngl (89339 bytes)
C:\WINDOWS\GetServer.ini : oehdx (89339 bytes)
C:\WINDOWS\gogbo.log : lhlky (35310 bytes)
C:\WINDOWS\gogbo.log : rahel (35310 bytes)
C:\WINDOWS\gogbo.log : ubjkb (89339 bytes)
C:\WINDOWS\Gone Fishing.bmp : confp (89385 bytes)
C:\WINDOWS\Gone Fishing.bmp : eiepa (35081 bytes)
C:\WINDOWS\Gone Fishing.bmp : mywpf (87855 bytes)
C:\WINDOWS\Gone Fishing.bmp : nhasj (89339 bytes)
C:\WINDOWS\Gone Fishing.bmp : pfijj (87855 bytes)
C:\WINDOWS\Gone Fishing.bmp : qzpxl (89339 bytes)
C:\WINDOWS\Gone Fishing.bmp : wyrerm (87855 bytes)
C:\WINDOWS\Gone Fishing.bmp : xslzj (87855 bytes)
C:\WINDOWS\Gone Fishing.bmp : yqrdl (87855 bytes)
C:\WINDOWS\gouyh.txt : aasqn (87855 bytes)
C:\WINDOWS\gouyh.txt : crqda (87855 bytes)
C:\WINDOWS\gouyh.txt : glrzh (89410 bytes)
C:\WINDOWS\gouyh.txt : iusjm (89385 bytes)
C:\WINDOWS\gouyh.txt : jcmpq (35310 bytes)
C:\WINDOWS\gouyh.txt : xccpe (35081 bytes)
C:\WINDOWS\Greenstone.bmp : bbgmf (35081 bytes)
C:\WINDOWS\Greenstone.bmp : dxmje (35081 bytes)
C:\WINDOWS\Greenstone.bmp : iullo (35081 bytes)
C:\WINDOWS\Greenstone.bmp : lsdkp (35081 bytes)
C:\WINDOWS\Greenstone.bmp : rglhj (89339 bytes)
C:\WINDOWS\Greenstone.bmp : rvflcg (11537 bytes)
C:\WINDOWS\Greenstone.bmp : sobia (35081 bytes)
C:\WINDOWS\Greenstone.bmp : stypn (89339 bytes)
C:\WINDOWS\Greenstone.bmp : tpgds (87855 bytes)
C:\WINDOWS\Greenstone.bmp : uxeqo (35081 bytes)
C:\WINDOWS\Greenstone.bmp : vtkds (35081 bytes)
C:\WINDOWS\Greenstone.bmp : wsxhq (87855 bytes)
C:\WINDOWS\Greenstone.bmp : xqudy (87855 bytes)
C:\WINDOWS\gydsd.log : aveqw (87855 bytes)
C:\WINDOWS\gydsd.log : bqlbq (89410 bytes)
C:\WINDOWS\gydsd.log : dqgpu (87855 bytes)
C:\WINDOWS\gydsd.log : dsehb (87855 bytes)
C:\WINDOWS\gydsd.log : hxrvg (87855 bytes)
C:\WINDOWS\gydsd.log : iduih (35081 bytes)
C:\WINDOWS\gydsd.log : zgsnt (35310 bytes)
C:\WINDOWS\hdupn.log : aifto (87855 bytes)
C:\WINDOWS\hdupn.log : cwdji (35081 bytes)
C:\WINDOWS\hdupn.log : itdqu (89339 bytes)
C:\WINDOWS\hdupn.log : jtnkw (35081 bytes)
C:\WINDOWS\hdupn.log : uhqzh (35310 bytes)
C:\WINDOWS\hdupn.log : wwpsx (87855 bytes)
C:\WINDOWS\hdupn.log : zvdpk (87855 bytes)
C:\WINDOWS\hhlqx.log : chkpw (35081 bytes)
C:\WINDOWS\hhlqx.log : clvnp (35081 bytes)
C:\WINDOWS\hhlqx.log : cugvo (35081 bytes)
C:\WINDOWS\hhlqx.log : deqkm (87855 bytes)
C:\WINDOWS\hhlqx.log : dmfzs (87855 bytes)
C:\WINDOWS\hhlqx.log : ehbks (89339 bytes)
C:\WINDOWS\hhlqx.log : gdbkl (35081 bytes)
C:\WINDOWS\hhlqx.log : kypwf (35081 bytes)
C:\WINDOWS\hhlqx.log : lpbtt (35081 bytes)
C:\WINDOWS\hhlqx.log : lyyya (35081 bytes)
C:\WINDOWS\hhlqx.log : tepay (89339 bytes)
C:\WINDOWS\hhlqx.log : vhmwe (87855 bytes)
C:\WINDOWS\hhlqx.log : vywbo (87855 bytes)
C:\WINDOWS\hmqnp.txt : apmofn (197753 bytes)
C:\WINDOWS\hmqnp.txt : fcmdx (35310 bytes)
C:\WINDOWS\hmqnp.txt : joqrwi (35081 bytes)
C:\WINDOWS\hmqnp.txt : ovjzu (89339 bytes)
C:\WINDOWS\hmqnp.txt : qqezx (35081 bytes)
C:\WINDOWS\hmqnp.txt : svfaf (35081 bytes)
C:\WINDOWS\hmqnp.txt : uvrur (87855 bytes)
C:\WINDOWS\hmqnp.txt : vdfle (87855 bytes)
C:\WINDOWS\hmqnp.txt : vvesp (87855 bytes)
C:\WINDOWS\hmqnp.txt : yidlg (35081 bytes)
C:\WINDOWS\hmqnp.txt : yzicd (35081 bytes)
C:\WINDOWS\hmssb.txt : ahltf (35081 bytes)
C:\WINDOWS\hmssb.txt : bbsih (35310 bytes)
C:\WINDOWS\hmssb.txt : gueer (87855 bytes)
C:\WINDOWS\hmssb.txt : lcvjj (35081 bytes)
C:\WINDOWS\hmssb.txt : ssgvh (87855 bytes)
C:\WINDOWS\hpdins01.dat : biorg (35310 bytes)
C:\WINDOWS\hpdins01.dat : ddpap (87855 bytes)
C:\WINDOWS\hpdins01.dat : epoov (87855 bytes)
C:\WINDOWS\hpdins01.dat : glyng (89339 bytes)
C:\WINDOWS\hpdins01.dat : gyxuz (87855 bytes)
C:\WINDOWS\hpdins01.dat : htism (35081 bytes)
C:\WINDOWS\hpdins01.dat : leegc (87855 bytes)
C:\WINDOWS\hpdins01.dat : npzxl (35081 bytes)
C:\WINDOWS\hpdins01.dat : rkoby (87855 bytes)
C:\WINDOWS\hpdins01.dat : tvvcj (35081 bytes)
C:\WINDOWS\hpdins01.dat : xszib (35081 bytes)
C:\WINDOWS\hpdins01.dat : zpwmt (87855 bytes)
C:\WINDOWS\HPHins01.dat : cldyl (87855 bytes)
C:\WINDOWS\HPHins01.dat : dvbaj (35310 bytes)
C:\WINDOWS\HPHins01.dat : hluhq (87855 bytes)
C:\WINDOWS\HPHins01.dat : jktta (89339 bytes)
C:\WINDOWS\HPHins01.dat : kyuoc (35081 bytes)
C:\WINDOWS\HPHins01.dat : lptxd (89339 bytes)
C:\WINDOWS\HPHins01.dat : lykjd (87855 bytes)
C:\WINDOWS\HPHins01.dat : mgsbz (87855 bytes)
C:\WINDOWS\HPHins01.dat : ntbow (35081 bytes)
C:\WINDOWS\HPHins01.dat : oflym (87855 bytes)
C:\WINDOWS\HPHins01.dat : osjiq (35081 bytes)
C:\WINDOWS\HPHins01.dat : pglmp (87855 bytes)
C:\WINDOWS\HPHins01.dat : reuse (35081 bytes)
C:\WINDOWS\HPHins01.dat : zwuji (87855 bytes)
C:\WINDOWS\hphmdl01.dat : ffjxc (87855 bytes)
C:\WINDOWS\hphmdl01.dat : hijuq (89339 bytes)
C:\WINDOWS\hphmdl01.dat : irfvv (35081 bytes)
C:\WINDOWS\hphmdl01.dat : jsunh (35081 bytes)
C:\WINDOWS\hphmdl01.dat : lopbs (35081 bytes)
C:\WINDOWS\hphmdl01.dat : qjgaq (87855 bytes)
C:\WINDOWS\hphmdl01.dat : tvgjq (35310 bytes)
C:\WINDOWS\hphmdl01.dat : ubtjy (87855 bytes)
C:\WINDOWS\hpiins01.dat : bmttt (87855 bytes)
C:\WINDOWS\hpiins01.dat : eqjwo (35081 bytes)
C:\WINDOWS\hpiins01.dat : foisp (35081 bytes)
C:\WINDOWS\hpiins01.dat : gzzul (35081 bytes)
C:\WINDOWS\hpiins01.dat : kjjel (35081 bytes)
C:\WINDOWS\hpiins01.dat : kohig (35081 bytes)
C:\WINDOWS\hpiins01.dat : msomm (35081 bytes)
C:\WINDOWS\hpiins01.dat : nzjgr (87855 bytes)
C:\WINDOWS\hpiins01.dat : ogtuj (35081 bytes)
C:\WINDOWS\hpiins01.dat : ouprx (35081 bytes)
C:\WINDOWS\hpiins01.dat : pxwits (197753 bytes)
C:\WINDOWS\hpiins01.dat : tbtqe (87855 bytes)
C:\WINDOWS\hpiins01.dat : wfatu (35310 bytes)
C:\WINDOWS\hpiins01.dat : xphtq (87855 bytes)
C:\WINDOWS\hpimdl01.dat : nbqrg (87855 bytes)
C:\WINDOWS\hpimdl01.dat : yixhb (35081 bytes)
C:\WINDOWS\hpimdl01.dat : yohll (35081 bytes)
C:\WINDOWS\hpimdl01.dat.temp : cpkqy (87855 bytes)
C:\WINDOWS\hpimdl01.dat.temp : deqfc (87855 bytes)
C:\WINDOWS\hpimdl01.dat.temp : dtroe (35081 bytes)
C:\WINDOWS\hpimdl01.dat.temp : fwcmg (35081 bytes)
C:\WINDOWS\hpimdl01.dat.temp : gwqdb (35081 bytes)
C:\WINDOWS\hpimdl01.dat.temp : hqalt (35081 bytes)
C:\WINDOWS\hpimdl01.dat.temp : itokf (35081 bytes)
C:\WINDOWS\hpimdl01.dat.temp : jkowua (13581 bytes)
C:\WINDOWS\hpimdl01.dat.temp : nfqig (89385 bytes)
C:\WINDOWS\hpimdl01.dat.temp : zxmkj (35310 bytes)
C:\WINDOWS\hpoins03.dat : crheq (35081 bytes)
C:\WINDOWS\hpoins03.dat : hxvxm (87855 bytes)
C:\WINDOWS\hpoins03.dat : rohoo (35081 bytes)
C:\WINDOWS\hpoins03.dat : rzbnv (35081 bytes)
C:\WINDOWS\hpomdl03.dat : dujsz (87855 bytes)
C:\WINDOWS\hpomdl03.dat : ibxir (35310 bytes)
C:\WINDOWS\hpomdl03.dat : ihmiu (89339 bytes)
C:\WINDOWS\hpomdl03.dat : ofssm (35081 bytes)
C:\WINDOWS\hpomdl03.dat : pqrgs (35081 bytes)
C:\WINDOWS\hpomdl03.dat : qkvas (87855 bytes)
C:\WINDOWS\hpomdl03.dat : rmbxd (35310 bytes)
C:\WINDOWS\hpomdl03.dat : umrlv (35081 bytes)
C:\WINDOWS\hpomdl03.dat : wgbmt (87855 bytes)
C:\WINDOWS\hpomdl03.dat : wgpzy (35081 bytes)
C:\WINDOWS\hpomdl03.dat : wreqa (35310 bytes)
C:\WINDOWS\hpomdl03.dat : xheuv (35081 bytes)
C:\WINDOWS\hpomdl03.dat : zhsfh (87855 bytes)
C:\WINDOWS\hpqins01.dat : ckhbwl (197755 bytes)
C:\WINDOWS\hpqins01.dat : cppcf (87855 bytes)
C:\WINDOWS\hpqins01.dat : eqwry (89339 bytes)
C:\WINDOWS\hpqins01.dat : fuwcu (35081 bytes)
C:\WINDOWS\hpqins01.dat : kxxuf (35081 bytes)
C:\WINDOWS\hpqins01.dat : mdwew (35310 bytes)
C:\WINDOWS\hpqins01.dat : nngrh (35081 bytes)
C:\WINDOWS\hpqins01.dat : oanca (35081 bytes)
C:\WINDOWS\hpqins01.dat : skmnm (35310 bytes)
C:\WINDOWS\hpqins01.dat : vgolx (87855 bytes)
C:\WINDOWS\hpqins01.dat : vgppe (87855 bytes)
C:\WINDOWS\hpqins01.dat : zdqmm (87855 bytes)
C:\WINDOWS\hpqins01.dat : zgoqj (35081 bytes)
C:\WINDOWS\hpzmdl01.dat : bdjle (35081 bytes)
C:\WINDOWS\hpzmdl01.dat : dceaa (35081 bytes)
C:\WINDOWS\hpzmdl01.dat : mlxwa (87855 bytes)
C:\WINDOWS\hpzmdl01.dat : qhuqy (35081 bytes)
C:\WINDOWS\hpzmdl01.dat : zrhys (87855 bytes)
C:\WINDOWS\hteto.log : itijv (89339 bytes)
C:\WINDOWS\hteto.log : udsoqv (3567 bytes)
C:\WINDOWS\hydys.dat : fdzdn (87855 bytes)
C:\WINDOWS\hydys.dat : fvxtk (87855 bytes)
C:\WINDOWS\hydys.dat : mnemp (35081 bytes)
C:\WINDOWS\hydys.dat : qxcev (87855 bytes)
C:\WINDOWS\hydys.dat : xeysb (87855 bytes)
C:\WINDOWS\hydys.dat : ytuzn (35081 bytes)
C:\WINDOWS\IE4 Error Log.txt : ayira (89339 bytes)
C:\WINDOWS\IE4 Error Log.txt : lixbq (35310 bytes)
C:\WINDOWS\Iedit.INI : eqyjrc (11529 bytes)
C:\WINDOWS\Iedit.INI : ghwmp (89339 bytes)
C:\WINDOWS\Iedit.INI : oytqz (35081 bytes)
C:\WINDOWS\Iedit.INI : qdrgn (87855 bytes)
C:\WINDOWS\Iedit.INI : qhttd (35081 bytes)
C:\WINDOWS\Iedit.INI : rwgkd (87855 bytes)
C:\WINDOWS\Iedit.INI : sqvfy (89385 bytes)
C:\WINDOWS\Iedit.INI : sqyqi (35081 bytes)
C:\WINDOWS\Iedit.INI : twuwh (87855 bytes)
C:\WINDOWS\Iedit.INI : wqvwr (87855 bytes)
C:\WINDOWS\Iedit.INI : yctjc (35081 bytes)
C:\WINDOWS\igjaw.txt : blyto (35081 bytes)
C:\WINDOWS\igjaw.txt : hzmwh (35081 bytes)
C:\WINDOWS\igjaw.txt : lptxd (87855 bytes)
C:\WINDOWS\igjaw.txt : nekusx (66560 bytes)
C:\WINDOWS\igjaw.txt : niayk (87855 bytes)
C:\WINDOWS\igjaw.txt : vbszi (89339 bytes)
C:\WINDOWS\iis6.log : coksjy (197753 bytes)
C:\WINDOWS\iis6.log : irgvig (11758 bytes)
C:\WINDOWS\iis6.log : nqvbv (35081 bytes)
C:\WINDOWS\iis6.log : pjacv (35310 bytes)
C:\WINDOWS\iis6.log : pjaxx (89410 bytes)
C:\WINDOWS\ImportClient.INI : fisvt (35081 bytes)
C:\WINDOWS\ImportClient.INI : ghret (35081 bytes)
C:\WINDOWS\ImportClient.INI : giaaa (35081 bytes)
C:\WINDOWS\ImportClient.INI : kfbfi (35081 bytes)
C:\WINDOWS\ImportClient.INI : kjdxd (35081 bytes)
C:\WINDOWS\ImportClient.INI : prxzra (35081 bytes)
C:\WINDOWS\ImportClient.INI : qbwhi (87855 bytes)
C:\WINDOWS\ImportClient.INI : unqqo (89385 bytes)
C:\WINDOWS\ImportClient.INI : vjefq (87855 bytes)
C:\WINDOWS\ImportClient.INI : wmcug (89410 bytes)
C:\WINDOWS\ImportClient.INI : ymebm (89339 bytes)
C:\WINDOWS\ImportClient.INI : zajpk (87855 bytes)
C:\WINDOWS\imsins.log : agfqz (89339 bytes)
C:\WINDOWS\imsins.log : akzicr (35310 bytes)
C:\WINDOWS\imsins.log : aordv (35081 bytes)
C:\WINDOWS\imsins.log : edbmn (87855 bytes)
C:\WINDOWS\imsins.log : jjzpt (35081 bytes)
C:\WINDOWS\imsins.log : kqxgw (89339 bytes)
C:\WINDOWS\imsins.log : pwfvi (87855 bytes)
C:\WINDOWS\imsins.log : sozzb (87855 bytes)
C:\WINDOWS\imsins.log : svkbs (87855 bytes)
C:\WINDOWS\imsins.log : vboao (87855 bytes)
C:\WINDOWS\inlxw.dat : bfwri (89339 bytes)
C:\WINDOWS\inlxw.dat : laljo (0 bytes)
C:\WINDOWS\ipyvl.log : dvhlf (89339 bytes)
C:\WINDOWS\ipyvl.log : ffcco (89339 bytes)
C:\WINDOWS\ipyvl.log : tutts (35310 bytes)
C:\WINDOWS\iqttj.txt : ardrt (89339 bytes)
C:\WINDOWS\iqttj.txt : bzuyt (89339 bytes)
C:\WINDOWS\iqttj.txt : fzcug (89339 bytes)
C:\WINDOWS\iqttj.txt : ubyvp (89339 bytes)
C:\WINDOWS\iskps.log : fvdse (0 bytes)
C:\WINDOWS\iskps.log : gkwhg (87855 bytes)
C:\WINDOWS\iskps.log : nlagw (89339 bytes)
C:\WINDOWS\iskps.log : tpdog (87855 bytes)
C:\WINDOWS\iskps.log : wreqa (35081 bytes)
C:\WINDOWS\iskps.log : xfpuh (87855 bytes)
C:\WINDOWS\iskps.log : yjdiz (35081 bytes)
C:\WINDOWS\itvpj.txt : rmedd (87855 bytes)
C:\WINDOWS\itvpj.txt : slept (35081 bytes)
C:\WINDOWS\ivrkk.log : bczrf (35081 bytes)
C:\WINDOWS\ivrkk.log : cwund (87855 bytes)
C:\WINDOWS\ivrkk.log : fptbk (35081 bytes)
C:\WINDOWS\ivrkk.log : gkpqn (35081 bytes)
C:\WINDOWS\ivrkk.log : jnhui (35310 bytes)
C:\WINDOWS\ivrkk.log : kcmzg (35081 bytes)
C:\WINDOWS\ivrkk.log : kfohr (89339 bytes)
C:\WINDOWS\ivrkk.log : lwddv (87855 bytes)
C:\WINDOWS\ivrkk.log : rxfqq (89339 bytes)
C:\WINDOWS\ivrkk.log : wyqux (35081 bytes)
C:\WINDOWS\ivrkk.log : zfffc (35081 bytes)
C:\WINDOWS\ivwsm.log : endcb (87855 bytes)
C:\WINDOWS\ivwsm.log : gcrtk (35081 bytes)
C:\WINDOWS\ivwsm.log : gcyxx (35081 bytes)
C:\WINDOWS\ivwsm.log : hsimeb (0 bytes)
C:\WINDOWS\ivwsm.log : jietk (87855 bytes)
C:\WINDOWS\ivwsm.log : ncwls (89339 bytes)
C:\WINDOWS\ivwsm.log : vkaqs (35310 bytes)
C:\WINDOWS\jelxj.dat : dlgkq (35310 bytes)
C:\WINDOWS\jelxj.dat : fcbgl (35310 bytes)
C:\WINDOWS\jelxj.dat : kxobt (89339 bytes)
C:\WINDOWS\jelxj.dat : nxkwt (35310 bytes)
C:\WINDOWS\jelxj.dat : qannc (35310 bytes)
C:\WINDOWS\jelxj.dat : qhnmk (35310 bytes)
C:\WINDOWS\jelxj.dat : ssadn (89339 bytes)
C:\WINDOWS\jepqp.log : mbyjp (35310 bytes)
C:\WINDOWS\jepqp.log : ztsrhm (0 bytes)
C:\WINDOWS\jhztx.txt : ayioe (35081 bytes)
C:\WINDOWS\jhztx.txt : bgxyd (87855 bytes)
C:\WINDOWS\jhztx.txt : dqcky (35081 bytes)
C:\WINDOWS\jhztx.txt : dxnmo (35081 bytes)
C:\WINDOWS\jhztx.txt : eekqe (35081 bytes)
C:\WINDOWS\jhztx.txt : kpfru (35081 bytes)
C:\WINDOWS\jhztx.txt : kzmxw (89339 bytes)
C:\WINDOWS\jhztx.txt : laiaw (0 bytes)
C:\WINDOWS\jhztx.txt : qndrs (0 bytes)
C:\WINDOWS\jjqwg.dat : ofoyk (89339 bytes)
C:\WINDOWS\jjqwg.dat : pfeej (35081 bytes)
C:\WINDOWS\jjqwg.dat : vysso (35310 bytes)
C:\WINDOWS\jpiee.log : czjjm (35310 bytes)
C:\WINDOWS\jpiee.log : qezvoh (35310 bytes)
C:\WINDOWS\jpzyy.dat : erggd (35081 bytes)
C:\WINDOWS\jpzyy.dat : jcqmm (87855 bytes)
C:\WINDOWS\jpzyy.dat : sllfbo (0 bytes)
C:\WINDOWS\jpzyy.dat : wmxfc (87855 bytes)
C:\WINDOWS\jpzyy.dat : xsmyxv (35081 bytes)
C:\WINDOWS\jtxag.dat : ehikf (35310 bytes)
C:\WINDOWS\jtxag.dat : xjyhg (89339 bytes)
C:\WINDOWS\jvahy.dat : alnfr (35081 bytes)
C:\WINDOWS\jvahy.dat : cldvk (35310 bytes)
C:\WINDOWS\jvahy.dat : ezdhk (89410 bytes)
C:\WINDOWS\jvahy.dat : gfeus (35081 bytes)
C:\WINDOWS\jvahy.dat : thqida (11529 bytes)
C:\WINDOWS\jvahy.dat : zulzm (89339 bytes)
C:\WINDOWS\jyrxp.log : pmvev (89339 bytes)
C:\WINDOWS\jyrxp.log : vyrmq (35310 bytes)
C:\WINDOWS\KB810217.log : atmje (87855 bytes)
C:\WINDOWS\KB810217.log : jynon (35081 bytes)
C:\WINDOWS\KB810217.log : phomx (35081 bytes)
C:\WINDOWS\KB810217.log : rvsjf (87855 bytes)
C:\WINDOWS\KB810217.log : vbpis (35310 bytes)
C:\WINDOWS\KB810217.log : wxgnr (35081 bytes)
C:\WINDOWS\KB821431.log : cyjds (35081 bytes)
C:\WINDOWS\KB821431.log : ezarz (35081 bytes)
C:\WINDOWS\KB821431.log : gwkyd (89339 bytes)
C:\WINDOWS\KB821431.log : hjgho (35081 bytes)
C:\WINDOWS\KB821431.log : ixlnr (87855 bytes)
C:\WINDOWS\KB821431.log : tbzsmq (197753 bytes)
C:\WINDOWS\KB821431.log : uogze (89339 bytes)
C:\WINDOWS\KB821431.log : zgrqy (35310 bytes)
C:\WINDOWS\KB823182.log : dibnfl (35081 bytes)
C:\WINDOWS\KB823182.log : jbpkj (87855 bytes)
C:\WINDOWS\KB823182.log : lmouk (87855 bytes)
C:\WINDOWS\KB823182.log : msrfm (87855 bytes)
C:\WINDOWS\KB823182.log : ndsgth (11758 bytes)
C:\WINDOWS\KB823182.log : pebwu (87855 bytes)
C:\WINDOWS\KB823182.log : qbchls (87855 bytes)
C:\WINDOWS\KB823182.log : uisaq (87855 bytes)
C:\WINDOWS\KB823182.log : uvbxi (35081 bytes)
C:\WINDOWS\KB823182.log : zfayy (35081 bytes)
C:\WINDOWS\KB823387.log : cceam (89385 bytes)
C:\WINDOWS\KB823387.log : ilbzd (35310 bytes)
C:\WINDOWS\KB823387.log : llsdx (87855 bytes)
C:\WINDOWS\KB824105.log : dxsxj (35081 bytes)
C:\WINDOWS\KB824105.log : dzmoe (35081 bytes)
C:\WINDOWS\KB824105.log : joorj (35081 bytes)
C:\WINDOWS\KB824105.log : mrxeu (89339 bytes)
C:\WINDOWS\KB824105.log : pbgrg (35081 bytes)
C:\WINDOWS\KB824105.log : pdbft (87855 bytes)
C:\WINDOWS\KB824105.log : qtohaf (11529 bytes)
C:\WINDOWS\KB824105.log : rhepn (35081 bytes)
C:\WINDOWS\KB824105.log : tdjpq (87855 bytes)
C:\WINDOWS\KB824105.log : tfned (35081 bytes)
C:\WINDOWS\KB824105.log : tzrpgr (197755 bytes)
C:\WINDOWS\KB824105.log : weogy (89339 bytes)
C:\WINDOWS\KB824105.log : wznha (87855 bytes)
C:\WINDOWS\KB824105.log : ylhon (87855 bytes)
C:\WINDOWS\KB824105.log : zjcrm (35081 bytes)
C:\WINDOWS\KB824105.log : zjoyf (87855 bytes)
C:\WINDOWS\KB824141.log : aedbk (87855 bytes)
C:\WINDOWS\KB824141.log : bfeyn (35081 bytes)
C:\WINDOWS\KB824141.log : lxjgg (89339 bytes)
C:\WINDOWS\KB824141.log : zccpw (87855 bytes)
C:\WINDOWS\KB824920.log : agruj (35081 bytes)
C:\WINDOWS\KB824920.log : aogor (35310 bytes)
C:\WINDOWS\KB824920.log : duxta (35081 bytes)
C:\WINDOWS\KB824920.log : hllrj (87855 bytes)
C:\WINDOWS\KB824920.log : jczfk (87855 bytes)
C:\WINDOWS\KB824920.log : oilsr (87855 bytes)
C:\WINDOWS\KB824920.log : qrbza (87855 bytes)
C:\WINDOWS\KB824920.log : tzhtu (89339 bytes)
C:\WINDOWS\KB824920.log : ussng (87855 bytes)
C:\WINDOWS\KB824920.log : voulg (87855 bytes)
C:\WINDOWS\KB824920.log : xqxmr (89385 bytes)
C:\WINDOWS\KB824920.log : xzgck (87855 bytes)
C:\WINDOWS\KB825119.log : cwvcb (35081 bytes)
C:\WINDOWS\KB825119.log : dbjsw (87855 bytes)
C:\WINDOWS\KB825119.log : egjih (89339 bytes)
C:\WINDOWS\KB825119.log : fqjsa (35310 bytes)
C:\WINDOWS\KB825119.log : jmymui (35081 bytes)
C:\WINDOWS\KB825119.log : ogdgv (89339 bytes)
C:\WINDOWS\KB825119.log : ujjpl (87855 bytes)
C:\WINDOWS\KB825119.log : xaflx (87855 bytes)
C:\WINDOWS\KB825119.log : zqjgoo (197755 bytes)
C:\WINDOWS\KB825119.log : zsvrm (87855 bytes)
C:\WINDOWS\KB826939.log : bbvcn (87855 bytes)
C:\WINDOWS\KB826939.log : fkdtm (35081 bytes)
C:\WINDOWS\KB826939.log : ivplo (87855 bytes)
C:\WINDOWS\KB826939.log : kzogn (35081 bytes)
C:\WINDOWS\KB826939.log : mtzpj (89339 bytes)
C:\WINDOWS\KB826939.log : offrd (87855 bytes)
C:\WINDOWS\KB826939.log : rqnqa (35310 bytes)
C:\WINDOWS\KB826939.log : sbdvx (87855 bytes)
C:\WINDOWS\KB826939.log : ssexg (89339 bytes)
C:\WINDOWS\KB826942.log : ishxs (87855 bytes)
C:\WINDOWS\KB826942.log : pluyi (35081 bytes)
C:\WINDOWS\KB826942.log : sgehq (35081 bytes)
C:\WINDOWS\KB826942.log : szlxc (87855 bytes)
C:\WINDOWS\KB826942.log : ucsug (35081 bytes)
C:\WINDOWS\KB826942.log : uwzys (87855 bytes)
C:\WINDOWS\KB826942.log : wfwvt (35081 bytes)
C:\WINDOWS\KB826942.log : wnzeh (35081 bytes)
C:\WINDOWS\KB826942.log : zfvib (89410 bytes)
C:\WINDOWS\KB828028.log : ewman (35081 bytes)
C:\WINDOWS\KB828028.log : gnpfn (89410 bytes)
C:\WINDOWS\KB828028.log : jpflb (87855 bytes)
C:\WINDOWS\KB828028.log : kczjb (35081 bytes)
C:\WINDOWS\KB828028.log : neplj (35081 bytes)
C:\WINDOWS\KB828028.log : ptqmb (35081 bytes)
C:\WINDOWS\KB828028.log : rkuyt (87855 bytes)
C:\WINDOWS\KB828028.log : vnoqww (0 bytes)
C:\WINDOWS\KB828028.log : xxnkf (89339 bytes)
C:\WINDOWS\KB828035.log : bzutr (87855 bytes)
C:\WINDOWS\KB828035.log : clqne (87855 bytes)
C:\WINDOWS\KB828035.log : dyhmh (35081 bytes)
C:\WINDOWS\KB828035.log : hsyrp (35081 bytes)
C:\WINDOWS\KB828035.log : kmxsmu (197753 bytes)
C:\WINDOWS\KB828035.log : psaxq (35310 bytes)
C:\WINDOWS\KB828035.log : syoqf (87855 bytes)
C:\WINDOWS\KB828035.log : ujiab (87855 bytes)
C:\WINDOWS\KB828741.log : dakdr (35310 bytes)
C:\WINDOWS\KB828741.log : ftdgu (35081 bytes)
C:\WINDOWS\KB828741.log : mqfzo (87855 bytes)
C:\WINDOWS\KB828741.log : ofvhk (87855 bytes)
C:\WINDOWS\KB828741.log : smpbg (35081 bytes)
C:\WINDOWS\KB828741.log : vcabrw (11758 bytes)
C:\WINDOWS\KB828741.log : wymrd (35310 bytes)
C:\WINDOWS\KB828741.log : xolyd (87855 bytes)
C:\WINDOWS\KB830786.log : abrng (35081 bytes)
C:\WINDOWS\KB830786.log : atekx (35081 bytes)
C:\WINDOWS\KB830786.log : dtduj (87855 bytes)
C:\WINDOWS\KB830786.log : fcuhi (35081 bytes)
C:\WINDOWS\KB830786.log : gpyeu (35081 bytes)
C:\WINDOWS\KB830786.log : ikiwn (35081 bytes)
C:\WINDOWS\KB830786.log : ktgca (35081 bytes)
C:\WINDOWS\KB830786.log : mdcyh (35081 bytes)
C:\WINDOWS\KB830786.log : ocmcs (35081 bytes)
C:\WINDOWS\KB830786.log : qwgnd (89339 bytes)
C:\WINDOWS\KB830786.log : sozzbx (35081 bytes)
C:\WINDOWS\KB830786.log : zhprj (35310 bytes)
C:\WINDOWS\KB830786.log : zjoko (35081 bytes)
C:\WINDOWS\KB832418.log : cgbtf (87855 bytes)
C:\WINDOWS\KB832418.log : cthhd (35310 bytes)
C:\WINDOWS\KB832418.log : dcggt (35081 bytes)
C:\WINDOWS\KB832418.log : ghutd (0 bytes)
C:\WINDOWS\KB832418.log : iuiet (35081 bytes)
C:\WINDOWS\KB832418.log : mdzvk (35081 bytes)
C:\WINDOWS\KB832418.log : tfxdr (35081 bytes)
C:\WINDOWS\KB832418.log : tpawl (35081 bytes)
C:\WINDOWS\KB832418.log : uhozx (89339 bytes)
C:\WINDOWS\KB832418.log : vaxge (87855 bytes)
C:\WINDOWS\KB832418.log : wvdhx (35310 bytes)
C:\WINDOWS\KB833407.log : fxcro (35081 bytes)
C:\WINDOWS\KB833407.log : hyffk (89339 bytes)
C:\WINDOWS\KB833407.log : mymyt (87855 bytes)
C:\WINDOWS\KB833407.log : sikev (87855 bytes)
C:\WINDOWS\KB833407.log : sosst (89339 bytes)
C:\WINDOWS\KB833407.log : tukqo (35081 bytes)
C:\WINDOWS\KB833407.log : uijjs (87855 bytes)
C:\WINDOWS\KB833407.log : vtoqz (35081 bytes)
C:\WINDOWS\KB833407.log : zyqcz (35081 bytes)
C:\WINDOWS\KB834707.log : cmxjq (35081 bytes)
C:\WINDOWS\KB834707.log : irqvc (35310 bytes)
C:\WINDOWS\KB834707.log : jdubg (87855 bytes)
C:\WINDOWS\KB834707.log : kzgbx (35081 bytes)
C:\WINDOWS\KB834707.log : ndsgth (35310 bytes)
C:\WINDOWS\KB834707.log : npzuc (87855 bytes)
C:\WINDOWS\KB834707.log : rgsxj (35081 bytes)
C:\WINDOWS\KB834707.log : urivx (35081 bytes)
C:\WINDOWS\KB835221.log : dzrib (35081 bytes)
C:\WINDOWS\KB835221.log : fctty (35310 bytes)
C:\WINDOWS\KB835221.log : hbgec (87855 bytes)
C:\WINDOWS\KB835221.log : liqrd (87855 bytes)
C:\WINDOWS\KB835221.log : mbxen (35081 bytes)
C:\WINDOWS\KB835732.log : nmbfa (35081 bytes)
C:\WINDOWS\KB835732.log : xrqrl (35081 bytes)
C:\WINDOWS\KB835732.log : ybqsw (87855 bytes)
C:\WINDOWS\KB835732.log : zhyah (35081 bytes)
C:\WINDOWS\KB838358.log : ctkbf (89339 bytes)
C:\WINDOWS\KB838358.log : ezmov (87855 bytes)
C:\WINDOWS\KB838358.log : fihct (89410 bytes)
C:\WINDOWS\KB838358.log : gvgfg (35081 bytes)
C:\WINDOWS\KB838358.log : iigoz (87855 bytes)
C:\WINDOWS\KB838358.log : iqoja (35081 bytes)
C:\WINDOWS\KB838358.log : rviph (87855 bytes)
C:\WINDOWS\KB838358.log : txjgz (35310 bytes)
C:\WINDOWS\KB842773.log : fkzpw (87855 bytes)
C:\WINDOWS\KB842773.log : gbazb (35081 bytes)
C:\WINDOWS\KB842773.log : lamapg (35081 bytes)
C:\WINDOWS\KB842773.log : pqkjm (87855 bytes)
C:\WINDOWS\KB842773.log : sprpp (87855 bytes)
C:\WINDOWS\KB842773.log : tdalu (87855 bytes)
C:\WINDOWS\KB842773.log : yvnia (87855 bytes)
C:\WINDOWS\KB867282.log : dpvkp (35310 bytes)
C:\WINDOWS\KB867282.log : fiemu (35081 bytes)
C:\WINDOWS\KB867282.log : fizkt (0 bytes)
C:\WINDOWS\KB867282.log : fjucp (35081 bytes)
C:\WINDOWS\KB867282.log : ghhzf (87855 bytes)
C:\WINDOWS\KB867282.log : gikupw (89339 bytes)
C:\WINDOWS\KB867282.log : hsads (87855 bytes)
C:\WINDOWS\KB867282.log : pjdkb (87855 bytes)
C:\WINDOWS\KB867282.log : pslqc (87855 bytes)
C:\WINDOWS\KB867282.log : sziqg (35310 bytes)
C:\WINDOWS\KB867282.log : tklvc (87855 bytes)
C:\WINDOWS\KB867282.log : wabcn (88965 bytes)
C:\WINDOWS\KB873333.log : ggdjq (87855 bytes)
C:\WINDOWS\KB873333.log : mnwoz (87855 bytes)
C:\WINDOWS\KB873333.log : ohcqk (87855 bytes)
C:\WINDOWS\KB873333.log : oqtbm (87855 bytes)
C:\WINDOWS\KB873333.log : wzxiq (35081 bytes)
C:\WINDOWS\KB873339.log : kstwn (89339 bytes)
C:\WINDOWS\KB873339.log : numqc (87855 bytes)
C:\WINDOWS\KB873339.log : omxci (89339 bytes)
C:\WINDOWS\KB873339.log : scstv (87855 bytes)
C:\WINDOWS\KB873339.log : texmc (35081 bytes)
C:\WINDOWS\KB873339.log : tindf (89339 bytes)
C:\WINDOWS\KB873339.log : ukkro (89339 bytes)
C:\WINDOWS\KB873339.log : vhmkr (87855 bytes)
C:\WINDOWS\KB873339.log : wjbkz (35081 bytes)
C:\WINDOWS\KB873339.log : xlrbg (87855 bytes)
C:\WINDOWS\KB873339.log : yfmcb (87855 bytes)
C:\WINDOWS\KB873339.log : yrkny (35081 bytes)
C:\WINDOWS\KB883939.log : jvbll (35310 bytes)
C:\WINDOWS\KB883939.log : sdjxz (35081 bytes)
C:\WINDOWS\KB883939.log : uanxg (87855 bytes)
C:\WINDOWS\KB883939.log : ueonq (87855 bytes)
C:\WINDOWS\KB883939.log : ufpdw (87855 bytes)
C:\WINDOWS\KB885250.log : cstga (89410 bytes)
C:\WINDOWS\KB885250.log : eisum (87855 bytes)
C:\WINDOWS\KB885250.log : gjesc (89339 bytes)
C:\WINDOWS\KB885250.log : joapq (89339 bytes)
C:\WINDOWS\KB885250.log : kabpw (87855 bytes)
C:\WINDOWS\KB885250.log : khrst (87855 bytes)
C:\WINDOWS\KB885250.log : lphtp (87855 bytes)
C:\WINDOWS\KB885250.log : nuvub (35081 bytes)
C:\WINDOWS\KB885250.log : pbxhs (35081 bytes)
C:\WINDOWS\KB885250.log : rhvxkz (35081 bytes)
C:\WINDOWS\KB885250.log : tjkzw (35081 bytes)
C:\WINDOWS\KB885250.log : xvvon (87855 bytes)
C:\WINDOWS\KB885835.log : ajnui (35081 bytes)
C:\WINDOWS\KB885835.log : dqcil (35081 bytes)
C:\WINDOWS\KB885835.log : ijsnp (35081 bytes)
C:\WINDOWS\KB885835.log : izwgx (87855 bytes)
C:\WINDOWS\KB885835.log : qwruj (87855 bytes)
C:\WINDOWS\KB885835.log : uplad (35081 bytes)
C:\WINDOWS\KB885835.log : wlzgd (89339 bytes)
C:\WINDOWS\KB885836.log : algdy (35081 bytes)
C:\WINDOWS\KB885836.log : atoaz (35081 bytes)
C:\WINDOWS\KB885836.log : bwybx (35081 bytes)
C:\WINDOWS\KB885836.log : eedeq (35081 bytes)
C:\WINDOWS\KB885836.log : hcenj (35081 bytes)
C:\WINDOWS\KB885836.log : ilcik (35081 bytes)
C:\WINDOWS\KB885836.log : lrqqh (87855 bytes)
C:\WINDOWS\KB885884.log : ceuwj (87855 bytes)
C:\WINDOWS\KB885884.log : jhgcn (35081 bytes)
C:\WINDOWS\KB885884.log : jiakk (89339 bytes)
C:\WINDOWS\KB885884.log : jsmra (89339 bytes)
C:\WINDOWS\KB885884.log : rikkb (35081 bytes)
C:\WINDOWS\KB885884.log : smdwp (35081 bytes)
C:\WINDOWS\KB885884.log : xoiyw (35081 bytes)
C:\WINDOWS\KB885884.log : zreui (35081 bytes)
C:\WINDOWS\KB886185.log : carfl (87855 bytes)
C:\WINDOWS\KB886185.log : ddddr (35081 bytes)
C:\WINDOWS\KB886185.log : dnfar (89339 bytes)
C:\WINDOWS\KB886185.log : ebyoc (35310 bytes)
C:\WINDOWS\KB886185.log : fmnjk (35310 bytes)
C:\WINDOWS\KB886185.log : gjydn (35081 bytes)
C:\WINDOWS\KB886185.log : imulc (35081 bytes)
C:\WINDOWS\KB886185.log : prehu (87855 bytes)
C:\WINDOWS\KB886185.log : vokzu (87855 bytes)
C:\WINDOWS\KB886185.log : yvpbz (35081 bytes)
C:\WINDOWS\KB886185.log : zifbg (35081 bytes)
C:\WINDOWS\KB886185.log : zojne (35310 bytes)
C:\WINDOWS\KB887472.log : fcqqd (35081 bytes)
C:\WINDOWS\KB887472.log : fgaco (87855 bytes)
C:\WINDOWS\KB887472.log : gyapi (87855 bytes)
C:\WINDOWS\KB887472.log : hnwgfc (11537 bytes)
C:\WINDOWS\KB887472.log : jgxux (35081 bytes)
C:\WINDOWS\KB887472.log : nuepj (35310 bytes)
C:\WINDOWS\KB887472.log : sfcxa (87855 bytes)
C:\WINDOWS\KB887472.log : uqwbb (87855 bytes)
C:\WINDOWS\KB887742.log : fxzgm (35081 bytes)
C:\WINDOWS\KB887742.log : hpkeq (89339 bytes)
C:\WINDOWS\KB887742.log : meqpn (87855 bytes)
C:\WINDOWS\KB887742.log : rlplq (35310 bytes)
C:\WINDOWS\KB887742.log : uqezm (35310 bytes)
C:\WINDOWS\KB887998.log : apvef (35081 bytes)
C:\WINDOWS\KB887998.log : fuwrw (35081 bytes)
C:\WINDOWS\KB887998.log : gmcrz (35310 bytes)
C:\WINDOWS\KB887998.log : ixyhk (35081 bytes)
C:\WINDOWS\KB887998.log : nhdrb (87855 bytes)
C:\WINDOWS\KB887998.log : odrvr (89410 bytes)
C:\WINDOWS\KB887998.log : pjdej (35081 bytes)
C:\WINDOWS\KB887998.log : scfpdg (87855 bytes)
C:\WINDOWS\KB887998.log : tshzt (35081 bytes)
C:\WINDOWS\KB887998.log : vivdq (35081 bytes)
C:\WINDOWS\KB887998.log : vtmas (35081 bytes)
C:\WINDOWS\KB887998.log : wjkdm (35081 bytes)
C:\WINDOWS\KB888113.log : gdadio (197753 bytes)
C:\WINDOWS\KB888113.log : hgnge (89385 bytes)
C:\WINDOWS\KB888113.log : hupes (35081 bytes)
C:\WINDOWS\KB888113.log : ipvud (35081 bytes)
C:\WINDOWS\KB888113.log : tqwoe (87855 bytes)
C:\WINDOWS\KB888302.log : fxygf (35081 bytes)
C:\WINDOWS\KB888302.log : ikljq (87855 bytes)
C:\WINDOWS\KB888302.log : oevuw (87855 bytes)
C:\WINDOWS\KB888302.log : sltab (89339 bytes)
C:\WINDOWS\KB888302.log : wkbjd (35081 bytes)
C:\WINDOWS\KB890046.log : awtci (87855 bytes)
C:\WINDOWS\KB890046.log : efteu (87855 bytes)
C:\WINDOWS\KB890046.log : ffntf (87855 bytes)
C:\WINDOWS\KB890046.log : hmwfv (87855 bytes)
C:\WINDOWS\KB890046.log : hqrmp (87855 bytes)
C:\WINDOWS\KB890046.log : nccxa (35081 bytes)
C:\WINDOWS\KB890046.log : ujlvg (35310 bytes)
C:\WINDOWS\KB890046.log : utxkw (35310 bytes)
C:\WINDOWS\KB890047.log : ashzr (35081 bytes)
C:\WINDOWS\KB890047.log : frzux (35081 bytes)
C:\WINDOWS\KB890047.log : gqorq (35081 bytes)
C:\WINDOWS\KB890047.log : hjzms (87855 bytes)
C:\WINDOWS\KB890047.log : nadhd (87855 bytes)
C:\WINDOWS\KB890047.log : nvfha (87855 bytes)
C:\WINDOWS\KB890047.log : qhlud (35081 bytes)
C:\WINDOWS\KB890047.log : qjrws (87855 bytes)
C:\WINDOWS\KB890047.log : rjcak (87855 bytes)
C:\WINDOWS\KB890047.log : vbjdo (87855 bytes)
C:\WINDOWS\KB890047.log : xkmmb (87855 bytes)
C:\WINDOWS\KB890175.log : oscld (87855 bytes)
C:\WINDOWS\KB890175.log : vgfio (35081 bytes)
C:\WINDOWS\KB890175.log : xoohw (89385 bytes)
C:\WINDOWS\KB890175.log : zgkepv (197755 bytes)
C:\WINDOWS\KB890859.log : cegmx (89339 bytes)
C:\WINDOWS\KB890859.log : pcpjp (89339 bytes)
C:\WINDOWS\KB890859.log : srvpn (0 bytes)
C:\WINDOWS\KB890859.log : xfthk (35081 bytes)
C:\WINDOWS\KB890859.log : yaoby (35081 bytes)
C:\WINDOWS\KB890859.log : ywuno (35081 bytes)
C:\WINDOWS\KB890859.log : zgsqb (87855 bytes)
C:\WINDOWS\KB890923.log : eexxb (87855 bytes)
C:\WINDOWS\KB890923.log : jnfus (89339 bytes)
C:\WINDOWS\KB890923.log : qdrgm (89410 bytes)
C:\WINDOWS\KB890923.log : siyrb (35081 bytes)
C:\WINDOWS\KB890923.log : wkzya (35081 bytes)
C:\WINDOWS\KB890923.log : ypbyi (35310 bytes)
C:\WINDOWS\KB891781.log : jzirl (87855 bytes)
C:\WINDOWS\KB891781.log : xzsjt (35081 bytes)
C:\WINDOWS\KB893066.log : dmelx (35310 bytes)
C:\WINDOWS\KB893066.log : finow (89410 bytes)
C:\WINDOWS\KB893066.log : hhepq (35081 bytes)
C:\WINDOWS\KB893066.log : lewbn (35081 bytes)
C:\WINDOWS\KB893066.log : lxwne (35081 bytes)
C:\WINDOWS\KB893066.log : sgays (35081 bytes)
C:\WINDOWS\KB893086.log : ahinc (89339 bytes)
C:\WINDOWS\KB893086.log : aluoo (35081 bytes)
C:\WINDOWS\KB893086.log : beksx (89339 bytes)
C:\WINDOWS\KB893086.log : bthvf (87855 bytes)
C:\WINDOWS\KB893086.log : fdtaa (89339 bytes)
C:\WINDOWS\KB893086.log : gdnvk (35081 bytes)
C:\WINDOWS\KB893086.log : geuni (87855 bytes)
C:\WINDOWS\KB893086.log : ilpey (35081 bytes)
C:\WINDOWS\KB893086.log : mkysi (87855 bytes)
C:\WINDOWS\KB893086.log : ozrnn (87855 bytes)
C:\WINDOWS\KB893086.log : qhyeb (35081 bytes)
C:\WINDOWS\KB893086.log : rkceo (35081 bytes)
C:\WINDOWS\KB893086.log : sscel (35081 bytes)
C:\WINDOWS\KB893086.log : yojaw (35081 bytes)
C:\WINDOWS\KB893756.log : mrikq (87855 bytes)
C:\WINDOWS\KB893756.log : reiajs (197755 bytes)
C:\WINDOWS\KB893756.log : ycgsz (35310 bytes)
C:\WINDOWS\KB893803.log : ckflg (35081 bytes)
C:\WINDOWS\KB893803.log : ipart (35081 bytes)
C:\WINDOWS\KB893803.log : suvsw (87855 bytes)
C:\WINDOWS\KB893803.log : ztnwa (35081 bytes)
C:\WINDOWS\KB893803v2.log : aetcm (35310 bytes)
C:\WINDOWS\KB893803v2.log : bxuzj (35081 bytes)
C:\WINDOWS\KB893803v2.log : fyjwt (35310 bytes)
C:\WINDOWS\KB893803v2.log : hizkm (89339 bytes)
C:\WINDOWS\KB893803v2.log : iacyi (87855 bytes)
C:\WINDOWS\KB893803v2.log : kavjx (35081 bytes)
C:\WINDOWS\KB893803v2.log : mzygn (87855 bytes)
C:\WINDOWS\KB893803v2.log : ohija (87855 bytes)
C:\WINDOWS\KB893803v2.log : uvoxr (87855 bytes)
C:\WINDOWS\KB894391.log : fuluw (89339 bytes)
C:\WINDOWS\KB894391.log : ubmjh (35081 bytes)
C:\WINDOWS\KB894391.log : ujkod (87855 bytes)
C:\WINDOWS\KB894391.log : uoinp (35310 bytes)
C:\WINDOWS\KB894391.log : yoloz (87855 bytes)
C:\WINDOWS\KB896358.log : dllfpm (35081 bytes)
C:\WINDOWS\KB896358.log : hojli (87855 bytes)
C:\WINDOWS\KB896358.log : hydys (87855 bytes)
C:\WINDOWS\KB896358.log : izymj (87855 bytes)
C:\WINDOWS\KB896358.log : rjhgz (87855 bytes)
C:\WINDOWS\KB896358.log : wahin (87855 bytes)
C:\WINDOWS\KB896358.log : wkbac (87855 bytes)
C:\WINDOWS\KB896358.log : yiyev (89339 bytes)
C:\WINDOWS\KB896422.log : ibqhs (35081 bytes)
C:\WINDOWS\KB896422.log : lilyy (35310 bytes)
C:\WINDOWS\KB896422.log : lqixc (89339 bytes)
C:\WINDOWS\KB896422.log : oillz (89339 bytes)
C:\WINDOWS\KB896422.log : pgiqy (35081 bytes)
C:\WINDOWS\KB896422.log : pygwb (87855 bytes)
C:\WINDOWS\KB896422.log : qewsx (35310 bytes)
C:\WINDOWS\KB896422.log : scmkn (87855 bytes)
C:\WINDOWS\KB896422.log : yauyk (35081 bytes)
C:\WINDOWS\KB896423.log : ahtyr (87855 bytes)
C:\WINDOWS\KB896423.log : bvrkv (87855 bytes)
C:\WINDOWS\KB896423.log : gwtab (89339 bytes)
C:\WINDOWS\KB896423.log : mfwct (35310 bytes)
C:\WINDOWS\KB896423.log : mwrfm (89339 bytes)
C:\WINDOWS\KB896423.log : xmble (35081 bytes)
C:\WINDOWS\KB896423.log : xslvm (35081 bytes)
C:\WINDOWS\KB896428.log : kmykn (89339 bytes)
C:\WINDOWS\KB896428.log : nuvaz (87855 bytes)
C:\WINDOWS\KB896428.log : nzsyx (89339 bytes)
C:\WINDOWS\KB896428.log : rklmn (89339 bytes)
C:\WINDOWS\KB896428.log : ropuid (197755 bytes)
C:\WINDOWS\KB896428.log : wxvmk (87855 bytes)
C:\WINDOWS\KB896727.log : dwyds (35081 bytes)
C:\WINDOWS\KB896727.log : rlwcb (87855 bytes)
C:\WINDOWS\KB896727.log : skkui (35310 bytes)
C:\WINDOWS\KB896727.log : susbm (89339 bytes)
C:\WINDOWS\KB896727.log : ziluw (35081 bytes)
C:\WINDOWS\KB896727.log : zyrpb (87855 bytes)
C:\WINDOWS\KB898458.log : fcnya (35081 bytes)
C:\WINDOWS\KB898458.log : forhn (35081 bytes)
C:\WINDOWS\KB898458.log : ilzkh (87855 bytes)
C:\WINDOWS\KB898458.log : irayj (87855 bytes)
C:\WINDOWS\KB898458.log : musob (35081 bytes)
C:\WINDOWS\KB898458.log : rffxe (35081 bytes)
C:\WINDOWS\KB898458.log : tcfqe (35081 bytes)
C:\WINDOWS\KB898458.log : woogk (89339 bytes)
C:\WINDOWS\KB898458.log : xabrb (35081 bytes)
C:\WINDOWS\KB898461.log : gjfob (87855 bytes)
C:\WINDOWS\KB898461.log : jhohw (35081 bytes)
C:\WINDOWS\KB898461.log : kiuve (35081 bytes)
C:\WINDOWS\KB898461.log : kmqnj (87855 bytes)
C:\WINDOWS\KB898461.log : nivoi (87855 bytes)
C:\WINDOWS\KB898461.log : qwoes (35310 bytes)
C:\WINDOWS\KB898461.log : qwoesy (35310 bytes)
C:\WINDOWS\KB898461.log : twcppz (11758 bytes)
C:\WINDOWS\KB898461.log : uksyv (35081 bytes)
C:\WINDOWS\KB899587.log : jkbpj (35310 bytes)
C:\WINDOWS\KB899587.log : ouack (89410 bytes)
C:\WINDOWS\KB899587.log : sajef (35081 bytes)
C:\WINDOWS\KB899587.log : wrtpy (0 bytes)
C:\WINDOWS\KB899587.log : xzhux (89410 bytes)
C:\WINDOWS\KB899587.log : yexfe (87855 bytes)
C:\WINDOWS\KB899587.log : zjwvv (35310 bytes)
C:\WINDOWS\KB899587.log : zlety (35081 bytes)
C:\WINDOWS\KB899588.log : azjpx (35081 bytes)
C:\WINDOWS\KB899588.log : cebds (87855 bytes)
C:\WINDOWS\KB899588.log : drjty (89339 bytes)
C:\WINDOWS\KB899588.log : dscvq (89410 bytes)
C:\WINDOWS\KB899588.log : gobgv (87855 bytes)
C:\WINDOWS\KB899588.log : qmwly (89410 bytes)
C:\WINDOWS\KB899591.log : bjdet (87855 bytes)
C:\WINDOWS\KB899591.log : gizcq (87855 bytes)
C:\WINDOWS\KB899591.log : lbwjn (35081 bytes)
C:\WINDOWS\KB899591.log : mxuvs (35310 bytes)
C:\WINDOWS\KB899591.log : mxuvsb (35310 bytes)
C:\WINDOWS\KB899591.log : ntgfv (87855 bytes)
C:\WINDOWS\KB899591.log : owagy (89339 bytes)
C:\WINDOWS\KB899591.log : rxesy (35310 bytes)
C:\WINDOWS\KB899591.log : vojuj (35310 bytes)
C:\WINDOWS\KB899591.log : xtdjt (35310 bytes)
C:\WINDOWS\KB899591.log : xxdyi (0 bytes)
C:\WINDOWS\KB901214.log : cnvui (35310 bytes)
C:\WINDOWS\KB901214.log : dnjie (89339 bytes)
C:\WINDOWS\KB901214.log : eoiisa (11819 bytes)
C:\WINDOWS\KB901214.log : iiaae (89385 bytes)
C:\WINDOWS\KB901214.log : kzcax (35081 bytes)
C:\WINDOWS\KB901214.log : uizlr (89339 bytes)
C:\WINDOWS\KB901214.log : uloej (35310 bytes)
C:\WINDOWS\KB901214.log : xvgtv (35081 bytes)
C:\WINDOWS\KB901214.log : zygfh (35081 bytes)
C:\WINDOWS\KB903235.log : cxvcu (87855 bytes)
C:\WINDOWS\KB903235.log : jatuv (87855 bytes)
C:\WINDOWS\KB903235.log : lwqhk (87855 bytes)
C:\WINDOWS\KB903235.log : neied (89410 bytes)
C:\WINDOWS\KB903235.log : ssgjgl (11529 bytes)
C:\WINDOWS\KB903235.log : ufzvx (35081 bytes)
C:\WINDOWS\kioit.log : gsgff (89339 bytes)
C:\WINDOWS\kioit.log : hqrqg (35310 bytes)
C:\WINDOWS\kioit.log : lsdqf (35081 bytes)
C:\WINDOWS\kioit.log : sktmd (87855 bytes)
C:\WINDOWS\kioit.log : tncce (35081 bytes)
C:\WINDOWS\kioit.log : zekxx (87855 bytes)
C:\WINDOWS\kjfld.log : tzjzv (89339 bytes)
C:\WINDOWS\kjfld.log : tzjzvk (12186 bytes)
C:\WINDOWS\knfcw.log : ackaf (87855 bytes)
C:\WINDOWS\knfcw.log : hbsft (35081 bytes)
C:\WINDOWS\knfcw.log : rkihx (35081 bytes)
C:\WINDOWS\knfcw.log : yjyhe (35081 bytes)
C:\WINDOWS\knfcw.log : ywcco (87855 bytes)
C:\WINDOWS\kusbb.txt : axbxn (87855 bytes)
C:\WINDOWS\kusbb.txt : bnzev (35081 bytes)
C:\WINDOWS\kusbb.txt : ddpdj (35081 bytes)
C:\WINDOWS\kusbb.txt : gm

#12
Rawe

Posted 27 August 2005 - 01:31 AM

Visiting Staff

Member
4,746 posts

Ok, let's run About:buster with the same instructions as earlier..

Download about:buster by RubbeRDuckY Here.

Save thi file somewhere you will remember like to the Desktop.

Update About:Buster

Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
Click "OK" at the prompt with instructions.
Click "Update" and then "Check For Update" to begin the update process.
If any updates exist please download them by clicking "Download Update" then click the X to close that window.
Now close About:Buster

Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
Click Yes to allow it to shutdown explorer.exe.
It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
Reboot your computer into safe mode again

Run about:buster again following the same instructions as above, this time without the restart at the end.

Reboot into normal mode and post the About:Buster log here along with a fresh HiJackThis log.

- Rawe :tazz:

#13
burge1779

Posted 27 August 2005 - 05:27 AM

Member

Topic Starter
Member
22 posts

AboutBuster 5.0 reference file 31
Scan started on [8/23/2005] at [6:23:02 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\aixse.txt:hbbsr
Removed Stream! C:\WINDOWS\auigv.log:lsemfl
Removed Stream! C:\WINDOWS\bootstat.dat:hnlagg
Removed Stream! C:\WINDOWS\cmsetacl.log:kqhqwd
Removed Stream! C:\WINDOWS\cnats.dat:vngjz
Removed Stream! C:\WINDOWS\COM+.log:ucitr
Removed Stream! C:\WINDOWS\CTDV10K2.CDF:ghjcv
Removed Stream! C:\WINDOWS\DHCPUPG.LOG:pbtawc
Removed Stream! C:\WINDOWS\DirectX.log:ricjx
Removed Stream! C:\WINDOWS\dvkbp.dat:sybrt
Removed Stream! C:\WINDOWS\exdfp.log:wkjtmu
Removed Stream! C:\WINDOWS\FaxSetup.log:iegfk
Removed Stream! C:\WINDOWS\Finding Nemo.scr:suflto
Removed Stream! C:\WINDOWS\GEARInstall.log:heulao
Removed Stream! C:\WINDOWS\GEARInstall.log:houblk
Removed Stream! C:\WINDOWS\Greenstone.bmp:refqcr
Removed Stream! C:\WINDOWS\hphmdl01.dat:sqxthx
Removed Stream! C:\WINDOWS\hpimdl01.dat:vtjbfw
Removed Stream! C:\WINDOWS\hpimdl01.dat.temp:krpzci
Removed Stream! C:\WINDOWS\hpoins03.dat:ixowvc
Removed Stream! C:\WINDOWS\hpqins01.dat:kosfgn
Removed Stream! C:\WINDOWS\hpqins01.dat:zioxl
Removed Stream! C:\WINDOWS\hpzmdl01.dat:scbiw
Removed Stream! C:\WINDOWS\hydys.dat:hrkmm
Removed Stream! C:\WINDOWS\Iedit.INI:qiwzpd
Removed Stream! C:\WINDOWS\Iedit.INI:sahkoi
Removed Stream! C:\WINDOWS\itvpj.txt:vckvkd
Removed Stream! C:\WINDOWS\jhztx.txt:makuib
Removed Stream! C:\WINDOWS\jtxag.dat:erdoxs
Removed Stream! C:\WINDOWS\jvahy.dat:eachcm
Removed Stream! C:\WINDOWS\jvahy.dat:ndcief
Removed Stream! C:\WINDOWS\KB810217.log:xsnbrc
Removed Stream! C:\WINDOWS\KB821431.log:byhjmg
Removed Stream! C:\WINDOWS\KB823182.log:nqodxl
Removed Stream! C:\WINDOWS\KB823387.log:ptghtn
Removed Stream! C:\WINDOWS\KB824105.log:lcsxgb
Removed Stream! C:\WINDOWS\KB824105.log:pqzaue
Removed Stream! C:\WINDOWS\KB826939.log:almmkj
Removed Stream! C:\WINDOWS\KB826939.log:ddccil
Removed Stream! C:\WINDOWS\KB828028.log:srclqr
Removed Stream! C:\WINDOWS\KB830786.log:ksvykb
Removed Stream! C:\WINDOWS\KB832418.log:cnpfgw
Removed Stream! C:\WINDOWS\KB835221.log:voikih
Removed Stream! C:\WINDOWS\KB885835.log:xwldzq
Removed Stream! C:\WINDOWS\KB885836.log:wtmlw
Removed Stream! C:\WINDOWS\KB887742.log:oeglsa
Removed Stream! C:\WINDOWS\KB888113.log:mgoqw
Removed Stream! C:\WINDOWS\KB891781.log:sgcjjx
Removed Stream! C:\WINDOWS\KB891781.log:zeyvph
Removed Stream! C:\WINDOWS\KB893803.log:khvolh
Removed Stream! C:\WINDOWS\KB894391.log:kfbglu
Removed Stream! C:\WINDOWS\KB896358.log:znxpnb
Removed Stream! C:\WINDOWS\KB896428.log:cgtlff
Removed Stream! C:\WINDOWS\KB898461.log:jpihcn
Removed Stream! C:\WINDOWS\KB899591.log:cisney
Removed Stream! C:\WINDOWS\kusbb.txt:scfpdg
Removed Stream! C:\WINDOWS\kvzrf.txt:xyxngw
Removed Stream! C:\WINDOWS\lnfnm.dat:hzjycj
Removed Stream! C:\WINDOWS\LUINSTALL.LOG:astdet
Removed Stream! C:\WINDOWS\lzsyz.log:wwbftd
Removed Stream! C:\WINDOWS\miqvk.log:yeifk
Removed Stream! C:\WINDOWS\msdfmap.ini:ghmpx
Removed Stream! C:\WINDOWS\msmqinst.log:skiusa
Removed Stream! C:\WINDOWS\npbam.log:gifrga
Removed Stream! C:\WINDOWS\nsw.log:vcheyk
Removed Stream! C:\WINDOWS\ntdtcsetup.log:zjpwal
Removed Stream! C:\WINDOWS\OEWABLog.txt:kkahwy
Removed Stream! C:\WINDOWS\pkbcn.txt:irmwv
Removed Stream! C:\WINDOWS\Q327979.log:zztjn
Removed Stream! C:\WINDOWS\Q329112.log:mzjdcu
Removed Stream! C:\WINDOWS\q329256.log:tuyafu
Removed Stream! C:\WINDOWS\Q331958.log:zsvmg
Removed Stream! C:\WINDOWS\Q811789.log:eojsbh
Removed Stream! C:\WINDOWS\Q814995.log:pcfbbs
Removed Stream! C:\WINDOWS\Q817287.log:xpuyws
Removed Stream! C:\WINDOWS\Q822688.log:icqgvc
Removed Stream! C:\WINDOWS\qlfdx.txt:ionnbg
Removed Stream! C:\WINDOWS\rbfmm.txt:lqqgxs
Removed Stream! C:\WINDOWS\revah.dat:eqjlrd
Removed Stream! C:\WINDOWS\SBWIN.INI:dqlnkq
Removed Stream! C:\WINDOWS\setuperr.log:oswfhd
Removed Stream! C:\WINDOWS\setuplog.txt:llfgl
Removed Stream! C:\WINDOWS\sntgl.txt:bvfrh
Removed Stream! C:\WINDOWS\svcpack.log:ufsimb
Removed Stream! C:\WINDOWS\SYMEVENT.LOG:ajlvll
Removed Stream! C:\WINDOWS\system.ini:uhncxx
Removed Stream! C:\WINDOWS\tniot.txt:fgvajo
Removed Stream! C:\WINDOWS\tniot.txt:rtynxi
Removed Stream! C:\WINDOWS\tsoc.log:fjqvuk
Removed Stream! C:\WINDOWS\tuyaf.dat:xhngdy
Removed Stream! C:\WINDOWS\uciwj.dat:yjjaov
Removed Stream! C:\WINDOWS\updspapi.log:cuqsas
Removed Stream! C:\WINDOWS\UPGRADE.TXT:lloozg
Removed Stream! C:\WINDOWS\vb.ini:jtnrfv
Removed Stream! C:\WINDOWS\vbaddin.ini:unbgud
Removed Stream! C:\WINDOWS\vjgqv.log:lsnkfp
Removed Stream! C:\WINDOWS\vmuninst.log:vbqvk
Removed Stream! C:\WINDOWS\vvqom.log:lgawup
Removed Stream! C:\WINDOWS\wiaservc.log:umzjbi
Removed Stream! C:\WINDOWS\win.ini:kxicld
Removed Stream! C:\WINDOWS\win.ini:ouiiwm
Removed Stream! C:\WINDOWS\WindowsUpdate.log:mlsgw
Removed Stream! C:\WINDOWS\WINNT32.LOG:vqtvhq
Removed Stream! C:\WINDOWS\winsx.inf:xtspp
Removed Stream! C:\WINDOWS\wmsetup10.log:greaba
Removed Stream! C:\WINDOWS\wsdu.log:hmynul
Removed Stream! C:\WINDOWS\xcozo.dat:qwnvwm
Removed Stream! C:\WINDOWS\xwnab.txt:coypqh
Removed Stream! C:\WINDOWS\Zapotec.bmp:snbgqy
------------------------------------------------
Removed File! : C:\Windows\bflsk.dat
Removed File! : C:\Windows\cnats.dat
Removed File! : C:\Windows\drpvo.dat
Removed File! : C:\Windows\hvzgv.dat
Removed File! : C:\Windows\inlxw.dat
Removed File! : C:\Windows\jtxag.dat
Removed File! : C:\Windows\karqr.dat
Removed File! : C:\Windows\nfuxs.dat
Removed File! : C:\Windows\ngkpi.dat
Removed File! : C:\Windows\qqkao.dat
Removed File! : C:\Windows\rnwdy.dat
Removed File! : C:\Windows\sprub.dll
Removed File! : C:\Windows\tuyaf.dat
Removed File! : C:\Windows\tykdn.dat
Removed File! : C:\Windows\udqfa.dat
Removed File! : C:\Windows\zccpw.dat
Removed File! : C:\Windows\zzkuc.dat
Removed File! : C:\Windows\System32\ahzzc.dat
Removed File! : C:\Windows\System32\aofmu.dat
Removed File! : C:\Windows\System32\bcqro.dat
Removed File! : C:\Windows\System32\byhjm.dat
Removed File! : C:\Windows\System32\ddqxq.dat
Removed File! : C:\Windows\System32\djndt.dat
Removed File! : C:\Windows\System32\dyhbq.dat
Removed File! : C:\Windows\System32\dzrem.dat
Removed File! : C:\Windows\System32\fknwp.dat
Removed File! : C:\Windows\System32\jsapw.dat
Removed File! : C:\Windows\System32\lwerk.dat
Removed File! : C:\Windows\System32\mldpm.dat
Removed File! : C:\Windows\System32\myhvz.dat
Removed File! : C:\Windows\System32\pggjd.dat
Removed File! : C:\Windows\System32\poskv.dat
Removed File! : C:\Windows\System32\puuzs.dat
Removed File! : C:\Windows\System32\svpps.dat
Removed File! : C:\Windows\System32\takdg.dat
Removed File! : C:\Windows\System32\uskfo.dat
Removed File! : C:\Windows\System32\vinzp.dat
Removed File! : C:\Windows\System32\yjfqm.dat
Removed File! : C:\Windows\System32\ytvtg.dat
Removed File! : C:\Windows\System32\yxoet.dat
Removed File! : C:\Windows\System32\zlfdb.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 6:24:13 PM

AboutBuster 5.0 reference file 31
Scan started on [8/23/2005] at [6:26:43 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\COM+.log:uqadzo
Removed Stream! C:\WINDOWS\KB885836.log:xvkjh
Removed Stream! C:\WINDOWS\sntgl.txt:htgljn
Removed Stream! C:\WINDOWS\UPGRADE.TXT:tfirrn
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 6:27:44 PM

AboutBuster 5.0 reference file 31
Scan started on [8/27/2005] at [6:16:55 AM]
------------------------------------------------
Removed Stream! C:\WINDOWS\AC3API.INI:xrwhb
Removed Stream! C:\WINDOWS\aixse.txt:bbndp
Removed Stream! C:\WINDOWS\aucfg.ini:xgohi
Removed Stream! C:\WINDOWS\AuHCcup1.ini:yvkro
Removed Stream! C:\WINDOWS\bouvi.txt:eyqgj
Removed Stream! C:\WINDOWS\bxexc.dat:uuenmc
Removed Stream! C:\WINDOWS\cfqnd.log:mknbe
Removed Stream! C:\WINDOWS\drmyg.txt:drkxjp
Removed Stream! C:\WINDOWS\DtcInstall.log:rsgnl
Removed Stream! C:\WINDOWS\dvkbp.dat:ddrka
Removed Stream! C:\WINDOWS\eimve.log:zgkzbu
Removed Stream! C:\WINDOWS\FaxSetup.log:lgwof
Removed Stream! C:\WINDOWS\GEARInstall.log:zzixgv
Removed Stream! C:\WINDOWS\hpdins01.dat:ytvxxh
Removed Stream! C:\WINDOWS\hpimdl01.dat.temp:jkowua
Removed Stream! C:\WINDOWS\hpomdl03.dat:juyhuu
Removed Stream! C:\WINDOWS\hrkuo.log:cnqnoe
Removed Stream! C:\WINDOWS\hteto.log:udsoqv
Removed Stream! C:\WINDOWS\igjaw.txt:nekusx
Removed Stream! C:\WINDOWS\inlxw.dat:laljo
Removed Stream! C:\WINDOWS\iskps.log:fvdse
Removed Stream! C:\WINDOWS\ivwsm.log:hsimeb
Removed Stream! C:\WINDOWS\izzsj.dat:lkdnpm
Removed Stream! C:\WINDOWS\jepqp.log:ztsrhm
Removed Stream! C:\WINDOWS\jhztx.txt:laiaw
Removed Stream! C:\WINDOWS\jpzyy.dat:sllfbo
Removed Stream! C:\WINDOWS\KB828028.log:vnoqww
Removed Stream! C:\WINDOWS\KB832418.log:ghutd
Removed Stream! C:\WINDOWS\KB867282.log:fizkt
Removed Stream! C:\WINDOWS\KB890859.log:srvpn
Removed Stream! C:\WINDOWS\KB896358.log:jyjyfj
Removed Stream! C:\WINDOWS\KB899587.log:wrtpy
Removed Stream! C:\WINDOWS\KB899591.log:xxdyi
Removed Stream! C:\WINDOWS\mozver.dat:ilwwe
Removed Stream! C:\WINDOWS\mzgft.log:iwldog
Removed Stream! C:\WINDOWS\nsw.log:mogop
Removed Stream! C:\WINDOWS\ODBC.INI:jjwfob
Removed Stream! C:\WINDOWS\orun32.ini:ilmag
Removed Stream! C:\WINDOWS\Q327979.log:ltulm
Removed Stream! C:\WINDOWS\Q329112.log:imnar
Removed Stream! C:\WINDOWS\rlxiv.dat:mthvl
Removed Stream! C:\WINDOWS\setuperr.log:joxkho
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:upaudb
Removed Stream! C:\WINDOWS\Sti_Trace.log:ztjnbu
Removed Stream! C:\WINDOWS\surmd.txt:mqtagm
Removed Stream! C:\WINDOWS\tabletoc.log:hazqkf
Removed Stream! C:\WINDOWS\tkrpz.dat:vlpaop
Removed Stream! C:\WINDOWS\tlvio.txt:ofzfi
Removed Stream! C:\WINDOWS\tniot.txt:ekqglo
Removed Stream! C:\WINDOWS\tpajl.dat:twowm
Removed Stream! C:\WINDOWS\vmuninst.log:tsdtjp
Removed Stream! C:\WINDOWS\vsypw.dat:ltwgms
Removed Stream! C:\WINDOWS\wininit.ini:qnpkv
Removed Stream! C:\WINDOWS\wmsetup.log:nkuui
Removed Stream! C:\WINDOWS\xcozo.dat:bfxio
Removed Stream! C:\WINDOWS\xfowb.txt:bbfzuf
Removed Stream! C:\WINDOWS\zcnpw.txt:dxqnj
------------------------------------------------
Removed File! : C:\Windows\apzcc.dll
Removed File! : C:\Windows\bxexc.dat
Removed File! : C:\Windows\cnssm.dll
Removed File! : C:\Windows\dhntn.dll
Removed File! : C:\Windows\ftghl.dll
Removed File! : C:\Windows\gnhaw.dll
Removed File! : C:\Windows\nitkb.dat
Removed File! : C:\Windows\nvtpv.dat
Removed File! : C:\Windows\qpccx.dll
Removed File! : C:\Windows\rdyeq.dat
Removed File! : C:\Windows\rsyit.dll
Removed File! : C:\Windows\snqmh.dat
Removed File! : C:\Windows\ujyql.dll
Removed File! : C:\Windows\vplkf.dat
Removed File! : C:\Windows\yjmyu.dat
Removed File! : C:\Windows\zjecn.dat
Removed File! : C:\Windows\System32\btmvj.dll
Removed File! : C:\Windows\System32\cxuya.dll
Removed File! : C:\Windows\System32\jqasg.dat
Removed File! : C:\Windows\System32\kpnkg.dll
Removed File! : C:\Windows\System32\ojihg.dll
Removed File! : C:\Windows\System32\oxkho.dll
Removed File! : C:\Windows\System32\qpyvp.dll
Removed File! : C:\Windows\System32\rtzto.dat
Removed File! : C:\Windows\System32\tmsji.dll
Removed File! : C:\Windows\System32\vdeyc.dll
Removed File! : C:\Windows\System32\wjdgr.dat
Removed File! : C:\Windows\System32\ztauq.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 6:18:20 AM

AboutBuster 5.0 reference file 31
Scan started on [8/27/2005] at [6:20:38 AM]
------------------------------------------------
Removed Stream! C:\WINDOWS\jhztx.txt:qndrs
Removed Stream! C:\WINDOWS\ODBC.INI:puwfe
Removed Stream! C:\WINDOWS\orun32.ini:nmbim
Removed Stream! C:\WINDOWS\Q327979.log:zinmd
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 6:21:55 AM

-----------------------------------------------------------------------------------------------
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
-----------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:25:30 AM, on 8/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\appew.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\intell32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nmrbp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nmrbp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nmrbp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nmrbp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nmrbp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nmrbp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {F831BBBD-4EFD-0AD2-5B57-0067ABE2F1DD} - C:\WINDOWS\system32\mfcao.dll
O2 - BHO: Class - {FEF22621-9874-CE5F-4F45-E119822E35B8} - C:\WINDOWS\javaxi32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [winct.exe] C:\WINDOWS\system32\winct.exe
O4 - HKLM\..\Run: [mfcpv.exe] C:\WINDOWS\mfcpv.exe
O4 - HKLM\..\Run: [d3np32.exe] C:\WINDOWS\system32\d3np32.exe
O4 - HKLM\..\Run: [sdktu.exe] C:\WINDOWS\sdktu.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [appew.exe] C:\WINDOWS\appew.exe
O4 - HKLM\..\RunOnce: [netqd32.exe] C:\WINDOWS\system32\netqd32.exe
O4 - HKLM\..\RunOnce: [crib32.exe] C:\WINDOWS\crib32.exe
O4 - HKLM\..\RunOnce: [sysho.exe] C:\WINDOWS\sysho.exe
O4 - HKLM\..\RunOnce: [cran32.exe] C:\WINDOWS\cran32.exe
O4 - HKLM\..\RunOnce: [javamb.exe] C:\WINDOWS\system32\javamb.exe
O4 - HKLM\..\RunOnce: [apifr32.exe] C:\WINDOWS\apifr32.exe
O4 - HKLM\..\RunOnce: [addre32.exe] C:\WINDOWS\system32\addre32.exe
O4 - HKLM\..\RunOnce: [ietx32.exe] C:\WINDOWS\system32\ietx32.exe
O4 - HKLM\..\RunOnce: [creb32.exe] C:\WINDOWS\creb32.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [sysrb.exe] C:\WINDOWS\system32\sysrb.exe
O4 - HKLM\..\RunOnce: [sysps.exe] C:\WINDOWS\sysps.exe
O4 - HKLM\..\RunOnce: [mfcyf.exe] C:\WINDOWS\mfcyf.exe
O4 - HKLM\..\RunOnce: [iexm32.exe] C:\WINDOWS\iexm32.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPENABS4EN\plugin\bin\pchbutton.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c282.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...5e012/enter.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolba...006_regular.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinn...jo/wordmojo.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp...her/MotUtil.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\netqd32.exe" /s (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#14
Rawe

Posted 30 August 2005 - 07:17 AM

Visiting Staff

Member
4,746 posts

Hi again!

REALLY sorry for the wait. I have been busy lately.. :tazz:

Let's get to the fix.

Now do this;

Click Start => Run => and type in;

services.msc

Click "OK".

In the services window find service; Workstation NetLogon Service

Right-click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then "Ok". Exit the Services utility.

Open HiJackThis
Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Click on "delete an NT service"
Copy and paste this in: 11Fßä#·ºÄÖ`I
It is IMPORTANT that there is a space in front of the FIRST number 1 or it WON'T work!
Click "ok", then reboot

After the reboot, locate the following file and delete if present:

C:\WINDOWS\system32\netqd32.exe

Empty recycle bin. Then post a fresh HiJackThis log.

#15
burge1779

Posted 30 August 2005 - 03:32 PM

Member

Topic Starter
Member
22 posts

I could not find the service you listed. I thought maybe I messed something up over the weekend. I went back to your last post and reran about buster. Here is my new logs. also, some of my favorites keep on getting removed.

Logfile of HijackThis v1.99.1
Scan saved at 4:27:16 PM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mswm.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\intell32.exe
C:\PROGRA~1\HPINST~1\Pavilion\XPENABS4EN\plugin\bin\pchbutton.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\szeja.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\szeja.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\szeja.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\szeja.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\szeja.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\szeja.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {146AFEBB-7120-BBED-61F3-F22CEAF0E120} - C:\WINDOWS\system32\crsw.dll
O2 - BHO: Class - {2367A009-1232-7647-791F-5FFB4D27E32C} - C:\WINDOWS\winpd32.dll
O2 - BHO: Class - {2B073C66-A72B-1166-86D6-0AD290B7868D} - C:\WINDOWS\system32\winnt32.dll
O2 - BHO: Class - {34F83EC0-9B84-1B2D-05F2-1DCBC9F8EACC} - C:\WINDOWS\crux.dll
O2 - BHO: Class - {833E964D-0405-6D34-83F1-6CF3B8219653} - C:\WINDOWS\system32\netjb.dll
O2 - BHO: Class - {8C5CCFEB-D80B-9087-AE97-C7343DA6EFDD} - C:\WINDOWS\system32\crwh32.dll
O2 - BHO: Class - {F18B8F19-2940-0876-54D4-FBE52283D28C} - C:\WINDOWS\system32\atlqo32.dll
O2 - BHO: Class - {FBF04123-7B6C-5A17-E393-11BC902B1B9B} - C:\WINDOWS\apihz.dll
O2 - BHO: Class - {FCB51F0E-2C0D-0B31-D324-1F2349F7433A} - C:\WINDOWS\addre32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [winct.exe] C:\WINDOWS\system32\winct.exe
O4 - HKLM\..\Run: [mfcpv.exe] C:\WINDOWS\mfcpv.exe
O4 - HKLM\..\Run: [d3np32.exe] C:\WINDOWS\system32\d3np32.exe
O4 - HKLM\..\Run: [sdktu.exe] C:\WINDOWS\sdktu.exe
O4 - HKLM\..\Run: [appew.exe] C:\WINDOWS\appew.exe
O4 - HKLM\..\Run: [iehb32.exe] C:\WINDOWS\system32\iehb32.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [appns.exe] C:\WINDOWS\appns.exe
O4 - HKLM\..\Run: [mswm.exe] C:\WINDOWS\system32\mswm.exe
O4 - HKLM\..\RunOnce: [netqd32.exe] C:\WINDOWS\system32\netqd32.exe
O4 - HKLM\..\RunOnce: [crib32.exe] C:\WINDOWS\crib32.exe
O4 - HKLM\..\RunOnce: [atlpv.exe] C:\WINDOWS\system32\atlpv.exe
O4 - HKLM\..\RunOnce: [addvp.exe] C:\WINDOWS\addvp.exe
O4 - HKLM\..\RunOnce: [sysfo.exe] C:\WINDOWS\system32\sysfo.exe
O4 - HKLM\..\RunOnce: [sdklq.exe] C:\WINDOWS\sdklq.exe
O4 - HKLM\..\RunOnce: [atljs32.exe] C:\WINDOWS\atljs32.exe
O4 - HKLM\..\RunOnce: [mspu.exe] C:\WINDOWS\mspu.exe
O4 - HKLM\..\RunOnce: [netow.exe] C:\WINDOWS\system32\netow.exe
O4 - HKLM\..\RunOnce: [wintq32.exe] C:\WINDOWS\system32\wintq32.exe
O4 - HKLM\..\RunOnce: [ipxi32.exe] C:\WINDOWS\system32\ipxi32.exe
O4 - HKLM\..\RunOnce: [ipcg32.exe] C:\WINDOWS\system32\ipcg32.exe
O4 - HKLM\..\RunOnce: [msrw.exe] C:\WINDOWS\msrw.exe
O4 - HKLM\..\RunOnce: [ntxq32.exe] C:\WINDOWS\system32\ntxq32.exe
O4 - HKLM\..\RunOnce: [msgr32.exe] C:\WINDOWS\system32\msgr32.exe
O4 - HKLM\..\RunOnce: [ipml32.exe] C:\WINDOWS\ipml32.exe
O4 - HKLM\..\RunOnce: [winmt.exe] C:\WINDOWS\system32\winmt.exe
O4 - HKLM\..\RunOnce: [javazn32.exe] C:\WINDOWS\system32\javazn32.exe
O4 - HKLM\..\RunOnce: [wintb.exe] C:\WINDOWS\system32\wintb.exe
O4 - HKLM\..\RunOnce: [appul32.exe] C:\WINDOWS\appul32.exe
O4 - HKLM\..\RunOnce: [msao32.exe] C:\WINDOWS\msao32.exe
O4 - HKLM\..\RunOnce: [atlrp32.exe] C:\WINDOWS\atlrp32.exe
O4 - HKLM\..\RunOnce: [winpx32.exe] C:\WINDOWS\winpx32.exe
O4 - HKLM\..\RunOnce: [apppd.exe] C:\WINDOWS\system32\apppd.exe
O4 - HKLM\..\RunOnce: [msux32.exe] C:\WINDOWS\msux32.exe
O4 - HKLM\..\RunOnce: [ipzb32.exe] C:\WINDOWS\ipzb32.exe
O4 - HKLM\..\RunOnce: [appev.exe] C:\WINDOWS\system32\appev.exe
O4 - HKLM\..\RunOnce: [appgh32.exe] C:\WINDOWS\system32\appgh32.exe
O4 - HKLM\..\RunOnce: [iecn32.exe] C:\WINDOWS\iecn32.exe
O4 - HKLM\..\RunOnce: [d3kh.exe] C:\WINDOWS\d3kh.exe
O4 - HKLM\..\RunOnce: [apimp32.exe] C:\WINDOWS\system32\apimp32.exe
O4 - HKLM\..\RunOnce: [atlsc32.exe] C:\WINDOWS\system32\atlsc32.exe
O4 - HKLM\..\RunOnce: [iexw.exe] C:\WINDOWS\system32\iexw.exe
O4 - HKLM\..\RunOnce: [mfcxz.exe] C:\WINDOWS\system32\mfcxz.exe
O4 - HKLM\..\RunOnce: [sysdt32.exe] C:\WINDOWS\system32\sysdt32.exe
O4 - HKLM\..\RunOnce: [ierq32.exe] C:\WINDOWS\system32\ierq32.exe
O4 - HKLM\..\RunOnce: [ntws.exe] C:\WINDOWS\system32\ntws.exe
O4 - HKLM\..\RunOnce: [d3zz32.exe] C:\WINDOWS\system32\d3zz32.exe
O4 - HKLM\..\RunOnce: [javauf32.exe] C:\WINDOWS\system32\javauf32.exe
O4 - HKLM\..\RunOnce: [addyu.exe] C:\WINDOWS\system32\addyu.exe
O4 - HKLM\..\RunOnce: [ieek32.exe] C:\WINDOWS\ieek32.exe
O4 - HKLM\..\RunOnce: [apimn32.exe] C:\WINDOWS\system32\apimn32.exe
O4 - HKLM\..\RunOnce: [ielm.exe] C:\WINDOWS\system32\ielm.exe
O4 - HKLM\..\RunOnce: [ntyj.exe] C:\WINDOWS\system32\ntyj.exe
O4 - HKLM\..\RunOnce: [appdf.exe] C:\WINDOWS\appdf.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPENABS4EN\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c282.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...5e012/enter.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinn...jo/wordmojo.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp...her/MotUtil.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\netqd32.exe" /s (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

-----------------------------------------------------------------------------------------------
____________________________________________________________________

-----------------------------------------------------------------------------------------------
AboutBuster 5.0 reference file 28
Scan started on [8/30/2005] at [4:16:22 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\lzsyz.log:dafbzj
Removed Stream! C:\WINDOWS\mddvu.log:wtyoul
------------------------------------------------
Removed File! : C:\Windows\cypiy.dll
Removed File! : C:\Windows\ieeje.dll
Removed File! : C:\Windows\ikpcu.dll
Removed File! : C:\Windows\ilulh.dll
Removed File! : C:\Windows\oypgw.dll
Removed File! : C:\Windows\plvrz.dll
Removed File! : C:\Windows\uwzvu.dll
Removed File! : C:\Windows\wjgcf.dll
Removed File! : C:\Windows\System32\bttgh.dat
Removed File! : C:\Windows\System32\gxucq.dll
Removed File! : C:\Windows\System32\iaruu.dll
Removed File! : C:\Windows\System32\igzhs.dll
Removed File! : C:\Windows\System32\mztcn.dll
Removed File! : C:\Windows\System32\rmsze.dll
Removed File! : C:\Windows\System32\xffpi.dat
Removed File! : C:\Windows\System32\zcqdo.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 4:17:38 PM

AboutBuster 5.0 reference file 28
Scan started on [8/30/2005] at [4:19:45 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 4:20:58 PM