Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Xp Home Sp2 Freezing Intermittently


  • Please log in to reply
25 replies to this topic

#1 BigVoice

BigVoice

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 07 August 2007 - 03:05 PM

My PC is 'freezing' 5-6 times a day and the only way to clear it is to switch off and back on again at the mains.

I'm running Windows XP Home SP2. I've checked the event logs and there is nothing obvious. I have seen a number of winmds processes running in Taskmgr, and have read other posts relating to winmds, but not sure they are relevant to my issue. Generally, the fault occurs when I have multiple IE windows open. This is my Hijackthis report

Logfile of HijackThis v1.99.1
Scan saved at 21:03:23, on 07/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\ComputerFix\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8bec1d077a9e40f59a968ea75cd25aa6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8bec1d077a9e40f59a968ea75cd25aa6
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148 212.67.96.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

I would really appreciate it if anyone could offer any advice.

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 08 August 2007 - 06:41 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum BigVoice :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 BigVoice

BigVoice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 08 August 2007 - 02:18 PM

Hello Richie we have followed your instruction but my computer is still freezing intermittently!


SDFix: Version 1.96

Run by Owner on 08/08/2007 at 14:00

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\Owner\LOCALS~1\Temp\abc123.pid - Deleted
C:\WINDOWS\system32\lsasss.exe - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1180811662[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1180811662[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1180910403[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1180910403[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\W5IZKLYN\\drf1181033579[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\W5IZKLYN\\drf1181033579[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1181120700[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1181120700[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181209693[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181209693[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1181308246[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1181308246[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1181412747[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1181412747[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181502440[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181502440[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\GX6NO5MV\\drf1181611306[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\GX6NO5MV\\drf1181611306[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1181719685[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1181719685[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\ECL9Z3BN\\drf1181848604[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\ECL9Z3BN\\drf1181848604[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181941634[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181941634[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\Q9HUB25S\\drf1182035709[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\Q9HUB25S\\drf1182035709[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\YTCHML2L\\drf1182139330[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\YTCHML2L\\drf1182139330[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\XWB63Z5B\\drf1182245605[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\XWB63Z5B\\drf1182245605[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\TPS2O35V\\drf1182347356[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\TPS2O35V\\drf1182347356[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1182459534[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1182459534[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1182561649[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1182561649[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1182666294[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1182666294[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\XWB63Z5B\\drf1182765097[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\XWB63Z5B\\drf1182765097[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\7O1X34G8\\drf1182891273[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\7O1X34G8\\drf1182891273[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1183006180[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1183006180[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1183115301[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1183115301[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\B60ZNDC1\\drf1183219013[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\B60ZNDC1\\drf1183219013[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\GRYRAZ0P\\drf1183306233[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\GRYRAZ0P\\drf1183306233[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U1Q3U1GD\\drf1183404959[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U1Q3U1GD\\drf1183404959[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\WTMNCPQR\\drf1183545784[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\WTMNCPQR\\drf1183545784[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1183654664[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1183654664[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\YB8T2J0D\\drf1183822753[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\YB8T2J0D\\drf1183822753[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1183915712[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1183915712[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1184005166[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1184005166[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\7O1X34G8\\drf1184095514[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\7O1X34G8\\drf1184095514[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\Q9HUB25S\\drf1184188037[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\Q9HUB25S\\drf1184188037[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184291733[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184291733[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1184380274[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1184380274[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1184483795[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1184483795[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184612887[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184612887[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1184716144[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1184716144[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184863721[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184863721[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\291YNE54\\drf1185057687[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\291YNE54\\drf1185057687[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0TYZGTIN\\drf1185183879[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0TYZGTIN\\drf1185183879[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OPN6KP1B\\drf1185423428[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OPN6KP1B\\drf1185423428[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OH8VGNK1\\drf1185827092[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OH8VGNK1\\drf1185827092[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\N1FYFYU5\\drf1185944097[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\N1FYFYU5\\drf1185944097[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\WXI7G9YB\\drf1186051830[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\WXI7G9YB\\drf1186051830[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\IVSPET6Z\\drf1186166742[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\IVSPET6Z\\drf1186166742[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\HSHCBRLC\\drf1186256151[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\HSHCBRLC\\drf1186256151[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\VQH6P7KI\\drf1186364465[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\VQH6P7KI\\drf1186364465[1].htm.exe:*:Enabled:UK Provider"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\R4EL1ZXJ\\drf1186467784[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\R4EL1ZXJ\\drf1186467784[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\67ERSZCP\\drf1186571941[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\67ERSZCP\\drf1186571941[1].htm.exe:*:Enabled:UK Provider"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Owner\My Documents\~WRL1594.tmp
C:\Documents and Settings\Owner\My Documents\~WRL3403.tmp

Finished

SDFix: Version 1.96

Run by Owner on 08/08/2007 at 14:00

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\Owner\LOCALS~1\Temp\abc123.pid - Deleted
C:\WINDOWS\system32\lsasss.exe - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1180811662[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1180811662[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1180910403[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1180910403[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\W5IZKLYN\\drf1181033579[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\W5IZKLYN\\drf1181033579[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1181120700[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1181120700[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181209693[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181209693[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1181308246[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1181308246[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1181412747[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1181412747[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181502440[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181502440[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\GX6NO5MV\\drf1181611306[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\GX6NO5MV\\drf1181611306[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1181719685[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1181719685[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\ECL9Z3BN\\drf1181848604[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\ECL9Z3BN\\drf1181848604[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181941634[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181941634[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\Q9HUB25S\\drf1182035709[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\Q9HUB25S\\drf1182035709[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\YTCHML2L\\drf1182139330[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\YTCHML2L\\drf1182139330[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\XWB63Z5B\\drf1182245605[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\XWB63Z5B\\drf1182245605[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\TPS2O35V\\drf1182347356[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\TPS2O35V\\drf1182347356[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1182459534[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1182459534[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1182561649[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1182561649[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1182666294[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1182666294[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\XWB63Z5B\\drf1182765097[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\XWB63Z5B\\drf1182765097[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\7O1X34G8\\drf1182891273[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\7O1X34G8\\drf1182891273[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1183006180[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1183006180[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1183115301[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1183115301[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\B60ZNDC1\\drf1183219013[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\B60ZNDC1\\drf1183219013[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\GRYRAZ0P\\drf1183306233[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\GRYRAZ0P\\drf1183306233[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U1Q3U1GD\\drf1183404959[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U1Q3U1GD\\drf1183404959[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\WTMNCPQR\\drf1183545784[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\WTMNCPQR\\drf1183545784[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1183654664[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1183654664[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\YB8T2J0D\\drf1183822753[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\YB8T2J0D\\drf1183822753[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1183915712[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1183915712[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1184005166[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1184005166[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\7O1X34G8\\drf1184095514[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\7O1X34G8\\drf1184095514[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\Q9HUB25S\\drf1184188037[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\Q9HUB25S\\drf1184188037[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184291733[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184291733[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1184380274[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1184380274[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1184483795[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1184483795[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184612887[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184612887[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1184716144[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1184716144[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184863721[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184863721[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\291YNE54\\drf1185057687[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\291YNE54\\drf1185057687[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0TYZGTIN\\drf1185183879[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0TYZGTIN\\drf1185183879[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OPN6KP1B\\drf1185423428[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OPN6KP1B\\drf1185423428[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OH8VGNK1\\drf1185827092[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OH8VGNK1\\drf1185827092[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\N1FYFYU5\\drf1185944097[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\N1FYFYU5\\drf1185944097[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\WXI7G9YB\\drf1186051830[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\WXI7G9YB\\drf1186051830[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\IVSPET6Z\\drf1186166742[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\IVSPET6Z\\drf1186166742[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\HSHCBRLC\\drf1186256151[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\HSHCBRLC\\drf1186256151[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\VQH6P7KI\\drf1186364465[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\VQH6P7KI\\drf1186364465[1].htm.exe:*:Enabled:UK Provider"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\R4EL1ZXJ\\drf1186467784[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\R4EL1ZXJ\\drf1186467784[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\67ERSZCP\\drf1186571941[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\67ERSZCP\\drf1186571941[1].htm.exe:*:Enabled:UK Provider"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Owner\My Documents\~WRL1594.tmp
C:\Documents and Settings\Owner\My Documents\~WRL3403.tmp

Finished

SDFix: Version 1.96

Run by Owner on 08/08/2007 at 14:00

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\Owner\LOCALS~1\Temp\abc123.pid - Deleted
C:\WINDOWS\system32\lsasss.exe - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1180811662[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1180811662[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1180910403[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1180910403[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\W5IZKLYN\\drf1181033579[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\W5IZKLYN\\drf1181033579[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1181120700[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1181120700[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181209693[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181209693[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1181308246[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1181308246[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1181412747[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1181412747[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181502440[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181502440[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\GX6NO5MV\\drf1181611306[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\GX6NO5MV\\drf1181611306[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1181719685[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1181719685[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\ECL9Z3BN\\drf1181848604[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\ECL9Z3BN\\drf1181848604[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181941634[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1181941634[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\Q9HUB25S\\drf1182035709[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\Q9HUB25S\\drf1182035709[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\YTCHML2L\\drf1182139330[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\YTCHML2L\\drf1182139330[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\XWB63Z5B\\drf1182245605[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\XWB63Z5B\\drf1182245605[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\TPS2O35V\\drf1182347356[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\TPS2O35V\\drf1182347356[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1182459534[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1182459534[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1182561649[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1182561649[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1182666294[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1182666294[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\XWB63Z5B\\drf1182765097[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\XWB63Z5B\\drf1182765097[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\7O1X34G8\\drf1182891273[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\7O1X34G8\\drf1182891273[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1183006180[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1183006180[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1183115301[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1183115301[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\B60ZNDC1\\drf1183219013[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\B60ZNDC1\\drf1183219013[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\GRYRAZ0P\\drf1183306233[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\GRYRAZ0P\\drf1183306233[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U1Q3U1GD\\drf1183404959[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U1Q3U1GD\\drf1183404959[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\WTMNCPQR\\drf1183545784[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\WTMNCPQR\\drf1183545784[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1183654664[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1183654664[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\YB8T2J0D\\drf1183822753[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\YB8T2J0D\\drf1183822753[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1183915712[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\U9Q1AZG1\\drf1183915712[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1184005166[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OL2VGRAD\\drf1184005166[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\7O1X34G8\\drf1184095514[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\7O1X34G8\\drf1184095514[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\Q9HUB25S\\drf1184188037[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\Q9HUB25S\\drf1184188037[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184291733[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184291733[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1184380274[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\8Z432Z4V\\drf1184380274[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1184483795[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\6H2761KV\\drf1184483795[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184612887[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184612887[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1184716144[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VHFUMJ5\\drf1184716144[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184863721[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\1JVBXHSE\\drf1184863721[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\291YNE54\\drf1185057687[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\291YNE54\\drf1185057687[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0TYZGTIN\\drf1185183879[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\0TYZGTIN\\drf1185183879[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OPN6KP1B\\drf1185423428[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OPN6KP1B\\drf1185423428[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OH8VGNK1\\drf1185827092[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\OH8VGNK1\\drf1185827092[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\N1FYFYU5\\drf1185944097[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\N1FYFYU5\\drf1185944097[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\WXI7G9YB\\drf1186051830[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\WXI7G9YB\\drf1186051830[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\IVSPET6Z\\drf1186166742[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\IVSPET6Z\\drf1186166742[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\HSHCBRLC\\drf1186256151[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\HSHCBRLC\\drf1186256151[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\VQH6P7KI\\drf1186364465[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\VQH6P7KI\\drf1186364465[1].htm.exe:*:Enabled:UK Provider"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\R4EL1ZXJ\\drf1186467784[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\R4EL1ZXJ\\drf1186467784[1].htm.exe:*:Enabled:UK Provider"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\67ERSZCP\\drf1186571941[1].htm.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\67ERSZCP\\drf1186571941[1].htm.exe:*:Enabled:UK Provider"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Owner\My Documents\~WRL1594.tmp
C:\Documents and Settings\Owner\My Documents\~WRL3403.tmp

Finished

#4 BigVoice

BigVoice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 08 August 2007 - 02:44 PM

Hello Richie I am not sure how much info has been posted but here is the Hijack data! :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 20:39:04, on 08/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\program files\internet explorer\iexplore.exe
C:\ComputerFix\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8bec1d077a9e40f59a968ea75cd25aa6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8bec1d077a9e40f59a968ea75cd25aa6
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148
O17 - HKLM\System\CS1\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148
O17 - HKLM\System\CS2\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148 212.67.96.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


Thanks for all your help! :flowers:

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 09 August 2007 - 03:57 AM

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log.
Posted Image
Posted Image

#6 BigVoice

BigVoice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 09 August 2007 - 08:51 AM

Good Afternoon Richie, I have followed your instruction about CombFix and am sending the Logfile-Notepad.

ComboFix 07-08-07.5 - "Owner" 2007-08-09 12:49:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.204 [GMT 1:00]


((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))


2007-08-08 14:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-08 13:59 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-07 20:27 <DIR> d-------- C:\ComputerFix
2007-08-07 16:10 <DIR> d-------- C:\New Folder (2)
2007-08-07 16:09 <DIR> d-------- C:\New Folder
2007-08-04 05:14 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-08-04 05:14 <DIR> d-------- C:\Program Files\YouSendIt
2007-07-26 05:24 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-07-18 15:13 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-07-18 15:13 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-07-18 15:13 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-07-18 15:13 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-07-18 15:13 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-07-18 15:13 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-07-18 15:13 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-07-18 15:13 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-07-18 15:13 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2007-07-15 19:39 15,950 --a------ C:\WINDOWS\system32\winmds.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-09 12:31 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-08-07 04:11 --------- d-------- C:\Program Files\MSN Messenger
2007-08-04 05:15 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-28 13:00 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Help
2007-06-28 12:58 --------- d-------- C:\Program Files\LexmarkX84-X85
2007-06-22 03:45 --------- d-------- C:\Program Files\QuickTime
2007-05-16 16:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-04-11 23:51]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-04-11 23:51]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-04-11 23:51]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2007-04-11 23:51]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-11 23:51]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-04-11 23:51]
"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 13:36]
"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 09:36]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2007-04-11 23:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-04-11 23:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

R1 Tcpip6;Microsoft IPv6 Protocol Driver;C:\WINDOWS\system32\DRIVERS\tcpip6.sys
R2 6to4;IPv6 Helper Service;C:\WINDOWS\system32\svchost.exe -k netsvcs
R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 SiS300i;SiS300i;C:\WINDOWS\system32\DRIVERS\sis300ip.sys
R3 SiS7018;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\ac97sis.sys
R3 tunmp;Microsoft Tun Miniport Adapter Driver;C:\WINDOWS\system32\DRIVERS\tunmp.sys
S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys


Contents of the 'Scheduled Tasks' folder
2007-08-06 00:10:52 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:35:36 C:\WINDOWS\Tasks\At10.job
2007-08-08 02:39:22 C:\WINDOWS\Tasks\At100.job
2007-08-08 15:50:50 C:\WINDOWS\Tasks\At1000.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:31 C:\WINDOWS\Tasks\At1001.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:32:41 C:\WINDOWS\Tasks\At1002.job
2007-08-08 17:31:11 C:\WINDOWS\Tasks\At1003.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:27 C:\WINDOWS\Tasks\At1004.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:17 C:\WINDOWS\Tasks\At1005.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:42 C:\WINDOWS\Tasks\At1006.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:31 C:\WINDOWS\Tasks\At1007.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:36 C:\WINDOWS\Tasks\At1008.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 01:34:02 C:\WINDOWS\Tasks\At1009.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:31:57 C:\WINDOWS\Tasks\At101.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 01:34:02 C:\WINDOWS\Tasks\At1010.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:01 C:\WINDOWS\Tasks\At1011.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:24 C:\WINDOWS\Tasks\At1012.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:31:58 C:\WINDOWS\Tasks\At1013.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:14 C:\WINDOWS\Tasks\At1014.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 01:34:02 C:\WINDOWS\Tasks\At1015.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 01:34:02 C:\WINDOWS\Tasks\At1016.job
2007-08-08 09:15:51 C:\WINDOWS\Tasks\At1017.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 01:34:02 C:\WINDOWS\Tasks\At1018.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 01:34:02 C:\WINDOWS\Tasks\At1019.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:16 C:\WINDOWS\Tasks\At102.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:37 C:\WINDOWS\Tasks\At1020.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:11 C:\WINDOWS\Tasks\At1021.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:27 C:\WINDOWS\Tasks\At1022.job
2007-08-07 01:34:02 C:\WINDOWS\Tasks\At1023.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:50:56 C:\WINDOWS\Tasks\At1024.job
2007-08-07 15:33:42 C:\WINDOWS\Tasks\At1025.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:32:50 C:\WINDOWS\Tasks\At1026.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:23 C:\WINDOWS\Tasks\At1027.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:38 C:\WINDOWS\Tasks\At1028.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:28 C:\WINDOWS\Tasks\At1029.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:25:38 C:\WINDOWS\Tasks\At103.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:55 C:\WINDOWS\Tasks\At1030.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:49 C:\WINDOWS\Tasks\At1031.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:53 C:\WINDOWS\Tasks\At1032.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 13:39:01 C:\WINDOWS\Tasks\At1033.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 13:39:01 C:\WINDOWS\Tasks\At1034.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:13 C:\WINDOWS\Tasks\At1035.job
2007-08-08 02:39:36 C:\WINDOWS\Tasks\At1036.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:12 C:\WINDOWS\Tasks\At1037.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:24 C:\WINDOWS\Tasks\At1038.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 13:39:01 C:\WINDOWS\Tasks\At1039.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:26 C:\WINDOWS\Tasks\At104.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 13:39:01 C:\WINDOWS\Tasks\At1040.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:06 C:\WINDOWS\Tasks\At1041.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 13:39:01 C:\WINDOWS\Tasks\At1042.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 13:39:01 C:\WINDOWS\Tasks\At1043.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At1044.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At1045.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:37 C:\WINDOWS\Tasks\At1046.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 13:39:01 C:\WINDOWS\Tasks\At1047.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:07 C:\WINDOWS\Tasks\At1048.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:48 C:\WINDOWS\Tasks\At1049.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:06 C:\WINDOWS\Tasks\At105.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:32:57 C:\WINDOWS\Tasks\At1050.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:25 C:\WINDOWS\Tasks\At1051.job
2007-08-08 18:36:39 C:\WINDOWS\Tasks\At1052.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:28 C:\WINDOWS\Tasks\At1053.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:56 C:\WINDOWS\Tasks\At1054.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:50 C:\WINDOWS\Tasks\At1055.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:53 C:\WINDOWS\Tasks\At1056.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 20:43:42 C:\WINDOWS\Tasks\At1057.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 20:43:42 C:\WINDOWS\Tasks\At1058.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:14 C:\WINDOWS\Tasks\At1059.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:35:36 C:\WINDOWS\Tasks\At106.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:37 C:\WINDOWS\Tasks\At1060.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:13 C:\WINDOWS\Tasks\At1061.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:25 C:\WINDOWS\Tasks\At1062.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 20:43:43 C:\WINDOWS\Tasks\At1063.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 20:43:43 C:\WINDOWS\Tasks\At1064.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:07 C:\WINDOWS\Tasks\At1065.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 20:43:43 C:\WINDOWS\Tasks\At1066.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 20:43:43 C:\WINDOWS\Tasks\At1067.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At1068.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At1069.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:23:46 C:\WINDOWS\Tasks\At107.job
2007-08-08 12:32:39 C:\WINDOWS\Tasks\At1070.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 20:43:45 C:\WINDOWS\Tasks\At1071.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:08 C:\WINDOWS\Tasks\At1072.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 20:43:46 C:\WINDOWS\Tasks\At1073.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:32:59 C:\WINDOWS\Tasks\At1074.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:25 C:\WINDOWS\Tasks\At1075.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:39 C:\WINDOWS\Tasks\At1076.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:29 C:\WINDOWS\Tasks\At1077.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:56 C:\WINDOWS\Tasks\At1078.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:50 C:\WINDOWS\Tasks\At1079.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At108.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:54 C:\WINDOWS\Tasks\At1080.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:43:47 C:\WINDOWS\Tasks\At1081.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:43:47 C:\WINDOWS\Tasks\At1082.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:43:47 C:\WINDOWS\Tasks\At1083.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:43:47 C:\WINDOWS\Tasks\At1084.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:14 C:\WINDOWS\Tasks\At1085.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:25 C:\WINDOWS\Tasks\At1086.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:43:47 C:\WINDOWS\Tasks\At1087.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:43:47 C:\WINDOWS\Tasks\At1088.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:07 C:\WINDOWS\Tasks\At1089.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At109.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:43:47 C:\WINDOWS\Tasks\At1090.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:43:47 C:\WINDOWS\Tasks\At1091.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At1092.job
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At1093.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:40 C:\WINDOWS\Tasks\At1094.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:43:47 C:\WINDOWS\Tasks\At1095.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:08 C:\WINDOWS\Tasks\At1096.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:43:47 C:\WINDOWS\Tasks\At1097.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:32:59 C:\WINDOWS\Tasks\At1098.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:25 C:\WINDOWS\Tasks\At1099.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:23:46 C:\WINDOWS\Tasks\At11.job
2007-08-08 12:32:41 C:\WINDOWS\Tasks\At110.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:39 C:\WINDOWS\Tasks\At1100.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:29 C:\WINDOWS\Tasks\At1101.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:56 C:\WINDOWS\Tasks\At1102.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:43:48 C:\WINDOWS\Tasks\At1103.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:54 C:\WINDOWS\Tasks\At1104.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:22:24 C:\WINDOWS\Tasks\At1105.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:22:24 C:\WINDOWS\Tasks\At1106.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:22:24 C:\WINDOWS\Tasks\At1107.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:22:24 C:\WINDOWS\Tasks\At1108.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:14 C:\WINDOWS\Tasks\At1109.job
2007-08-05 13:39:02 C:\WINDOWS\Tasks\At111.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:25 C:\WINDOWS\Tasks\At1110.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:22:24 C:\WINDOWS\Tasks\At1111.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:22:24 C:\WINDOWS\Tasks\At1112.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:22:24 C:\WINDOWS\Tasks\At1113.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:22:24 C:\WINDOWS\Tasks\At1114.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:22:24 C:\WINDOWS\Tasks\At1115.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At1116.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At1117.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:41 C:\WINDOWS\Tasks\At1118.job
2007-08-08 09:22:25 C:\WINDOWS\Tasks\At1119.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:08 C:\WINDOWS\Tasks\At112.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:08 C:\WINDOWS\Tasks\At1120.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:22:25 C:\WINDOWS\Tasks\At1121.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:00 C:\WINDOWS\Tasks\At1122.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:25 C:\WINDOWS\Tasks\At1123.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:40 C:\WINDOWS\Tasks\At1124.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:29 C:\WINDOWS\Tasks\At1125.job
2007-08-08 21:08:56 C:\WINDOWS\Tasks\At1126.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:22:25 C:\WINDOWS\Tasks\At1127.job
2007-08-09 02:52:54 C:\WINDOWS\Tasks\At1128.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:57:33 C:\WINDOWS\Tasks\At1129.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:48 C:\WINDOWS\Tasks\At113.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:57:33 C:\WINDOWS\Tasks\At1130.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:57:33 C:\WINDOWS\Tasks\At1131.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:57:33 C:\WINDOWS\Tasks\At1132.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:15 C:\WINDOWS\Tasks\At1133.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:25 C:\WINDOWS\Tasks\At1134.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:57:34 C:\WINDOWS\Tasks\At1135.job
2007-08-08 15:57:34 C:\WINDOWS\Tasks\At1136.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:57:34 C:\WINDOWS\Tasks\At1137.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:57:34 C:\WINDOWS\Tasks\At1138.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:57:34 C:\WINDOWS\Tasks\At1139.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:00 C:\WINDOWS\Tasks\At114.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At1140.job
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At1141.job
2007-08-08 15:57:34 C:\WINDOWS\Tasks\At1142.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:57:34 C:\WINDOWS\Tasks\At1143.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:57:34 C:\WINDOWS\Tasks\At1144.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:57:34 C:\WINDOWS\Tasks\At1145.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:00 C:\WINDOWS\Tasks\At1146.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:25 C:\WINDOWS\Tasks\At1147.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:42 C:\WINDOWS\Tasks\At1148.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:29 C:\WINDOWS\Tasks\At1149.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:25 C:\WINDOWS\Tasks\At115.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:57 C:\WINDOWS\Tasks\At1150.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:57:34 C:\WINDOWS\Tasks\At1151.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:54 C:\WINDOWS\Tasks\At1152.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1153.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1154.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1155.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1156.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:16 C:\WINDOWS\Tasks\At1157.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:25 C:\WINDOWS\Tasks\At1158.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1159.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:42 C:\WINDOWS\Tasks\At116.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1160.job
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1161.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1162.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1163.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At1164.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At1165.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1166.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1167.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1168.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1169.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:29 C:\WINDOWS\Tasks\At117.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1170.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1171.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1172.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1173.job
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1174.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1175.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1176.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1177.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1178.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1179.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:57 C:\WINDOWS\Tasks\At118.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1180.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1181.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1182.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1183.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1184.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1185.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1186.job
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1187.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At1188.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At1189.job
2007-08-08 00:26:50 C:\WINDOWS\Tasks\At119.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1190.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1191.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1192.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1193.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1194.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1195.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1196.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1197.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1198.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1199.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:54 C:\WINDOWS\Tasks\At120.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1200.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:10:52 C:\WINDOWS\Tasks\At121.job - C:\WINDOWS\system32\winmds.exe
2007-07-18 02:24:09 C:\WINDOWS\Tasks\At122.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:16 C:\WINDOWS\Tasks\At123.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:39 C:\WINDOWS\Tasks\At124.job
2007-08-09 03:32:16 C:\WINDOWS\Tasks\At125.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:26 C:\WINDOWS\Tasks\At126.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:25:39 C:\WINDOWS\Tasks\At127.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:37 C:\WINDOWS\Tasks\At128.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:07 C:\WINDOWS\Tasks\At129.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:35:37 C:\WINDOWS\Tasks\At130.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:23:47 C:\WINDOWS\Tasks\At131.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At132.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At133.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:41 C:\WINDOWS\Tasks\At134.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:04 C:\WINDOWS\Tasks\At135.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:08 C:\WINDOWS\Tasks\At136.job
2007-08-07 15:33:49 C:\WINDOWS\Tasks\At137.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:01 C:\WINDOWS\Tasks\At138.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:25 C:\WINDOWS\Tasks\At139.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:41 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:42 C:\WINDOWS\Tasks\At140.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:29 C:\WINDOWS\Tasks\At141.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:57 C:\WINDOWS\Tasks\At142.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:50 C:\WINDOWS\Tasks\At143.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:54 C:\WINDOWS\Tasks\At144.job
2007-08-06 00:10:53 C:\WINDOWS\Tasks\At145.job - C:\WINDOWS\system32\winmds.exe
2007-07-18 10:29:54 C:\WINDOWS\Tasks\At146.job
2007-08-08 01:39:16 C:\WINDOWS\Tasks\At147.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:39 C:\WINDOWS\Tasks\At148.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:16 C:\WINDOWS\Tasks\At149.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:04 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:26 C:\WINDOWS\Tasks\At150.job
2007-08-05 08:25:40 C:\WINDOWS\Tasks\At151.job
2007-08-04 06:40:37 C:\WINDOWS\Tasks\At152.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:07 C:\WINDOWS\Tasks\At153.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:35:38 C:\WINDOWS\Tasks\At154.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:23:48 C:\WINDOWS\Tasks\At155.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At156.job
2007-08-09 11:31:20 C:\WINDOWS\Tasks\At157.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:42 C:\WINDOWS\Tasks\At158.job
2007-08-05 13:39:04 C:\WINDOWS\Tasks\At159.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:08 C:\WINDOWS\Tasks\At16.job
2007-08-08 15:51:08 C:\WINDOWS\Tasks\At160.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:49 C:\WINDOWS\Tasks\At161.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:02 C:\WINDOWS\Tasks\At162.job
2007-08-08 17:31:25 C:\WINDOWS\Tasks\At163.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:42 C:\WINDOWS\Tasks\At164.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:29 C:\WINDOWS\Tasks\At165.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:57 C:\WINDOWS\Tasks\At166.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:51 C:\WINDOWS\Tasks\At167.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:54 C:\WINDOWS\Tasks\At168.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:10:55 C:\WINDOWS\Tasks\At169.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:49 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\winmds.exe
2007-07-18 18:24:28 C:\WINDOWS\Tasks\At170.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:16 C:\WINDOWS\Tasks\At171.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:40 C:\WINDOWS\Tasks\At172.job
2007-08-09 03:32:16 C:\WINDOWS\Tasks\At173.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:26 C:\WINDOWS\Tasks\At174.job
2007-08-05 08:25:42 C:\WINDOWS\Tasks\At175.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:38 C:\WINDOWS\Tasks\At176.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:07 C:\WINDOWS\Tasks\At177.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:35:40 C:\WINDOWS\Tasks\At178.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:23:49 C:\WINDOWS\Tasks\At179.job
2007-08-08 16:33:03 C:\WINDOWS\Tasks\At18.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At180.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:20 C:\WINDOWS\Tasks\At181.job
2007-08-08 12:32:42 C:\WINDOWS\Tasks\At182.job
2007-08-05 13:39:06 C:\WINDOWS\Tasks\At183.job
2007-08-08 15:51:09 C:\WINDOWS\Tasks\At184.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:49 C:\WINDOWS\Tasks\At185.job
2007-08-08 16:33:03 C:\WINDOWS\Tasks\At186.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:25 C:\WINDOWS\Tasks\At187.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:42 C:\WINDOWS\Tasks\At188.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:29 C:\WINDOWS\Tasks\At189.job
2007-08-08 17:31:26 C:\WINDOWS\Tasks\At19.job
2007-08-08 21:08:57 C:\WINDOWS\Tasks\At190.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:51 C:\WINDOWS\Tasks\At191.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:54 C:\WINDOWS\Tasks\At192.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:10:56 C:\WINDOWS\Tasks\At193.job - C:\WINDOWS\system32\winmds.exe
2007-07-19 04:25:55 C:\WINDOWS\Tasks\At194.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:16 C:\WINDOWS\Tasks\At195.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:40 C:\WINDOWS\Tasks\At196.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:17 C:\WINDOWS\Tasks\At197.job
2007-08-09 04:33:27 C:\WINDOWS\Tasks\At198.job
2007-08-05 08:25:44 C:\WINDOWS\Tasks\At199.job - C:\WINDOWS\system32\winmds.exe
2007-07-18 02:24:11 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:43 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:38 C:\WINDOWS\Tasks\At200.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:07 C:\WINDOWS\Tasks\At201.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:35:42 C:\WINDOWS\Tasks\At202.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:23:51 C:\WINDOWS\Tasks\At203.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At204.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:20 C:\WINDOWS\Tasks\At205.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:42 C:\WINDOWS\Tasks\At206.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:08 C:\WINDOWS\Tasks\At207.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:09 C:\WINDOWS\Tasks\At208.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:49 C:\WINDOWS\Tasks\At209.job
2007-08-08 19:35:30 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:03 C:\WINDOWS\Tasks\At210.job
2007-08-08 17:31:26 C:\WINDOWS\Tasks\At211.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:43 C:\WINDOWS\Tasks\At212.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:30 C:\WINDOWS\Tasks\At213.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:57 C:\WINDOWS\Tasks\At214.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:51 C:\WINDOWS\Tasks\At215.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:55 C:\WINDOWS\Tasks\At216.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:10:58 C:\WINDOWS\Tasks\At217.job
2007-07-19 14:56:51 C:\WINDOWS\Tasks\At218.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:17 C:\WINDOWS\Tasks\At219.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:57 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:40 C:\WINDOWS\Tasks\At220.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:17 C:\WINDOWS\Tasks\At221.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:27 C:\WINDOWS\Tasks\At222.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:25:44 C:\WINDOWS\Tasks\At223.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:38 C:\WINDOWS\Tasks\At224.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:07 C:\WINDOWS\Tasks\At225.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:35:42 C:\WINDOWS\Tasks\At226.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:23:52 C:\WINDOWS\Tasks\At227.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At228.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:20 C:\WINDOWS\Tasks\At229.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:51 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:42 C:\WINDOWS\Tasks\At230.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:08 C:\WINDOWS\Tasks\At231.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:09 C:\WINDOWS\Tasks\At232.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:49 C:\WINDOWS\Tasks\At233.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:05 C:\WINDOWS\Tasks\At234.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:26 C:\WINDOWS\Tasks\At235.job
2007-08-08 18:36:43 C:\WINDOWS\Tasks\At236.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:30 C:\WINDOWS\Tasks\At237.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:57 C:\WINDOWS\Tasks\At238.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:51 C:\WINDOWS\Tasks\At239.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:55 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:55 C:\WINDOWS\Tasks\At240.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:10:58 C:\WINDOWS\Tasks\At241.job
2007-07-19 21:27:14 C:\WINDOWS\Tasks\At242.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:17 C:\WINDOWS\Tasks\At243.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:40 C:\WINDOWS\Tasks\At244.job
2007-08-09 03:32:17 C:\WINDOWS\Tasks\At245.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:27 C:\WINDOWS\Tasks\At246.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:25:45 C:\WINDOWS\Tasks\At247.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:38 C:\WINDOWS\Tasks\At248.job
2007-08-08 09:16:08 C:\WINDOWS\Tasks\At249.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:10:59 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:35:43 C:\WINDOWS\Tasks\At250.job
2007-08-06 13:23:52 C:\WINDOWS\Tasks\At251.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At252.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:21 C:\WINDOWS\Tasks\At253.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:42 C:\WINDOWS\Tasks\At254.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:09 C:\WINDOWS\Tasks\At255.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:09 C:\WINDOWS\Tasks\At256.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:49 C:\WINDOWS\Tasks\At257.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:05 C:\WINDOWS\Tasks\At258.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:26 C:\WINDOWS\Tasks\At259.job - C:\WINDOWS\system32\winmds.exe
2007-07-18 02:24:11 C:\WINDOWS\Tasks\At26.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:43 C:\WINDOWS\Tasks\At260.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:30 C:\WINDOWS\Tasks\At261.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:57 C:\WINDOWS\Tasks\At262.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:51 C:\WINDOWS\Tasks\At263.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:55 C:\WINDOWS\Tasks\At264.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:02 C:\WINDOWS\Tasks\At265.job - C:\WINDOWS\system32\winmds.exe
2007-07-20 04:43:13 C:\WINDOWS\Tasks\At266.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:17 C:\WINDOWS\Tasks\At267.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:41 C:\WINDOWS\Tasks\At268.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:17 C:\WINDOWS\Tasks\At269.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:17 C:\WINDOWS\Tasks\At27.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:27 C:\WINDOWS\Tasks\At270.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:25:53 C:\WINDOWS\Tasks\At271.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:38 C:\WINDOWS\Tasks\At272.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:08 C:\WINDOWS\Tasks\At273.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:35:52 C:\WINDOWS\Tasks\At274.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:06 C:\WINDOWS\Tasks\At275.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At276.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:21 C:\WINDOWS\Tasks\At277.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:43 C:\WINDOWS\Tasks\At278.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:17 C:\WINDOWS\Tasks\At279.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:41 C:\WINDOWS\Tasks\At28.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:09 C:\WINDOWS\Tasks\At280.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:49 C:\WINDOWS\Tasks\At281.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:05 C:\WINDOWS\Tasks\At282.job
2007-08-08 17:31:26 C:\WINDOWS\Tasks\At283.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:43 C:\WINDOWS\Tasks\At284.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:30 C:\WINDOWS\Tasks\At285.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:58 C:\WINDOWS\Tasks\At286.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:51 C:\WINDOWS\Tasks\At287.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:55 C:\WINDOWS\Tasks\At288.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:08 C:\WINDOWS\Tasks\At289.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:18 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\winmds.exe
2007-07-20 12:56:50 C:\WINDOWS\Tasks\At290.job
2007-08-08 01:39:17 C:\WINDOWS\Tasks\At291.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:41 C:\WINDOWS\Tasks\At292.job
2007-08-09 03:32:18 C:\WINDOWS\Tasks\At293.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:27 C:\WINDOWS\Tasks\At294.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:12 C:\WINDOWS\Tasks\At295.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:38 C:\WINDOWS\Tasks\At296.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:08 C:\WINDOWS\Tasks\At297.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:02 C:\WINDOWS\Tasks\At298.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:07 C:\WINDOWS\Tasks\At299.job
2007-08-08 01:39:17 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:27 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At300.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:21 C:\WINDOWS\Tasks\At301.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:43 C:\WINDOWS\Tasks\At302.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:28 C:\WINDOWS\Tasks\At303.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:09 C:\WINDOWS\Tasks\At304.job
2007-08-07 15:33:50 C:\WINDOWS\Tasks\At305.job
2007-08-08 16:33:05 C:\WINDOWS\Tasks\At306.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:26 C:\WINDOWS\Tasks\At307.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:43 C:\WINDOWS\Tasks\At308.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:30 C:\WINDOWS\Tasks\At309.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:12 C:\WINDOWS\Tasks\At31.job
2007-08-08 21:08:58 C:\WINDOWS\Tasks\At310.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At311.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:55 C:\WINDOWS\Tasks\At312.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:21 C:\WINDOWS\Tasks\At313.job - C:\WINDOWS\system32\winmds.exe
2007-07-21 03:25:30 C:\WINDOWS\Tasks\At314.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:17 C:\WINDOWS\Tasks\At315.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:41 C:\WINDOWS\Tasks\At316.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:18 C:\WINDOWS\Tasks\At317.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:27 C:\WINDOWS\Tasks\At318.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:12 C:\WINDOWS\Tasks\At319.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:38 C:\WINDOWS\Tasks\At32.job
2007-08-04 06:40:38 C:\WINDOWS\Tasks\At320.job
2007-08-08 09:16:08 C:\WINDOWS\Tasks\At321.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:03 C:\WINDOWS\Tasks\At322.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:09 C:\WINDOWS\Tasks\At323.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At324.job
2007-08-09 11:31:21 C:\WINDOWS\Tasks\At325.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:43 C:\WINDOWS\Tasks\At326.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:35 C:\WINDOWS\Tasks\At327.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:09 C:\WINDOWS\Tasks\At328.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:50 C:\WINDOWS\Tasks\At329.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:08 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:05 C:\WINDOWS\Tasks\At330.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:26 C:\WINDOWS\Tasks\At331.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:43 C:\WINDOWS\Tasks\At332.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:30 C:\WINDOWS\Tasks\At333.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:58 C:\WINDOWS\Tasks\At334.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At335.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:55 C:\WINDOWS\Tasks\At336.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:22 C:\WINDOWS\Tasks\At337.job - C:\WINDOWS\system32\winmds.exe
2007-07-21 11:24:37 C:\WINDOWS\Tasks\At338.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:17 C:\WINDOWS\Tasks\At339.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:04 C:\WINDOWS\Tasks\At34.job
2007-08-08 02:39:41 C:\WINDOWS\Tasks\At340.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:18 C:\WINDOWS\Tasks\At341.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:27 C:\WINDOWS\Tasks\At342.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:12 C:\WINDOWS\Tasks\At343.job
2007-08-04 06:40:39 C:\WINDOWS\Tasks\At344.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:08 C:\WINDOWS\Tasks\At345.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:05 C:\WINDOWS\Tasks\At346.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:09 C:\WINDOWS\Tasks\At347.job
2007-08-09 10:35:48 C:\WINDOWS\Tasks\At348.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:21 C:\WINDOWS\Tasks\At349.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:09 C:\WINDOWS\Tasks\At35.job
2007-08-08 12:32:43 C:\WINDOWS\Tasks\At350.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:41 C:\WINDOWS\Tasks\At351.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:09 C:\WINDOWS\Tasks\At352.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:50 C:\WINDOWS\Tasks\At353.job
2007-08-08 16:33:05 C:\WINDOWS\Tasks\At354.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:26 C:\WINDOWS\Tasks\At355.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:43 C:\WINDOWS\Tasks\At356.job
2007-08-08 19:35:30 C:\WINDOWS\Tasks\At357.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:58 C:\WINDOWS\Tasks\At358.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At359.job
2007-08-09 10:35:48 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:55 C:\WINDOWS\Tasks\At360.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:22 C:\WINDOWS\Tasks\At361.job - C:\WINDOWS\system32\winmds.exe
2007-07-21 18:42:44 C:\WINDOWS\Tasks\At362.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:18 C:\WINDOWS\Tasks\At363.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:41 C:\WINDOWS\Tasks\At364.job
2007-08-09 03:32:18 C:\WINDOWS\Tasks\At365.job
2007-08-09 04:33:28 C:\WINDOWS\Tasks\At366.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:12 C:\WINDOWS\Tasks\At367.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:39 C:\WINDOWS\Tasks\At368.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:08 C:\WINDOWS\Tasks\At369.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:21 C:\WINDOWS\Tasks\At37.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:06 C:\WINDOWS\Tasks\At370.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:09 C:\WINDOWS\Tasks\At371.job
2007-08-09 10:35:48 C:\WINDOWS\Tasks\At372.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:21 C:\WINDOWS\Tasks\At373.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:43 C:\WINDOWS\Tasks\At374.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:45 C:\WINDOWS\Tasks\At375.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:10 C:\WINDOWS\Tasks\At376.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:50 C:\WINDOWS\Tasks\At377.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:06 C:\WINDOWS\Tasks\At378.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:27 C:\WINDOWS\Tasks\At379.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:43 C:\WINDOWS\Tasks\At38.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:44 C:\WINDOWS\Tasks\At380.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:31 C:\WINDOWS\Tasks\At381.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:58 C:\WINDOWS\Tasks\At382.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At383.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:55 C:\WINDOWS\Tasks\At384.job
2007-08-06 00:11:22 C:\WINDOWS\Tasks\At385.job
2007-07-22 03:31:19 C:\WINDOWS\Tasks\At386.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:18 C:\WINDOWS\Tasks\At387.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:42 C:\WINDOWS\Tasks\At388.job
2007-08-09 03:32:18 C:\WINDOWS\Tasks\At389.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:45 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:28 C:\WINDOWS\Tasks\At390.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:14 C:\WINDOWS\Tasks\At391.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:39 C:\WINDOWS\Tasks\At392.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:08 C:\WINDOWS\Tasks\At393.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:07 C:\WINDOWS\Tasks\At394.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:10 C:\WINDOWS\Tasks\At395.job
2007-08-09 10:35:48 C:\WINDOWS\Tasks\At396.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At397.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:44 C:\WINDOWS\Tasks\At398.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:46 C:\WINDOWS\Tasks\At399.job
2007-08-08 02:39:42 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:10 C:\WINDOWS\Tasks\At40.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:10 C:\WINDOWS\Tasks\At400.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:50 C:\WINDOWS\Tasks\At401.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:06 C:\WINDOWS\Tasks\At402.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:27 C:\WINDOWS\Tasks\At403.job
2007-08-08 18:36:44 C:\WINDOWS\Tasks\At404.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:31 C:\WINDOWS\Tasks\At405.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:58 C:\WINDOWS\Tasks\At406.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At407.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:56 C:\WINDOWS\Tasks\At408.job
2007-08-06 00:11:22 C:\WINDOWS\Tasks\At409.job
2007-08-07 15:33:50 C:\WINDOWS\Tasks\At41.job
2007-07-22 13:44:50 C:\WINDOWS\Tasks\At410.job
2007-08-08 01:39:18 C:\WINDOWS\Tasks\At411.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:42 C:\WINDOWS\Tasks\At412.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:18 C:\WINDOWS\Tasks\At413.job
2007-08-09 04:33:28 C:\WINDOWS\Tasks\At414.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:15 C:\WINDOWS\Tasks\At415.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:39 C:\WINDOWS\Tasks\At416.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:08 C:\WINDOWS\Tasks\At417.job
2007-08-06 08:36:11 C:\WINDOWS\Tasks\At418.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:10 C:\WINDOWS\Tasks\At419.job
2007-08-08 16:33:06 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:48 C:\WINDOWS\Tasks\At420.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At421.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:44 C:\WINDOWS\Tasks\At422.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:47 C:\WINDOWS\Tasks\At423.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:10 C:\WINDOWS\Tasks\At424.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:50 C:\WINDOWS\Tasks\At425.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:06 C:\WINDOWS\Tasks\At426.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:27 C:\WINDOWS\Tasks\At427.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:44 C:\WINDOWS\Tasks\At428.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:31 C:\WINDOWS\Tasks\At429.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:27 C:\WINDOWS\Tasks\At43.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:58 C:\WINDOWS\Tasks\At430.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At431.job
2007-08-09 02:52:56 C:\WINDOWS\Tasks\At432.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:22 C:\WINDOWS\Tasks\At433.job - C:\WINDOWS\system32\winmds.exe
2007-07-22 22:21:40 C:\WINDOWS\Tasks\At434.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:18 C:\WINDOWS\Tasks\At435.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:42 C:\WINDOWS\Tasks\At436.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:19 C:\WINDOWS\Tasks\At437.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:28 C:\WINDOWS\Tasks\At438.job
2007-08-05 08:26:16 C:\WINDOWS\Tasks\At439.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:44 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:39 C:\WINDOWS\Tasks\At440.job
2007-08-08 09:16:09 C:\WINDOWS\Tasks\At441.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:12 C:\WINDOWS\Tasks\At442.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:10 C:\WINDOWS\Tasks\At443.job
2007-08-09 10:35:48 C:\WINDOWS\Tasks\At444.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At445.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:44 C:\WINDOWS\Tasks\At446.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:48 C:\WINDOWS\Tasks\At447.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:10 C:\WINDOWS\Tasks\At448.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:51 C:\WINDOWS\Tasks\At449.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:31 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:06 C:\WINDOWS\Tasks\At450.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:27 C:\WINDOWS\Tasks\At451.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:45 C:\WINDOWS\Tasks\At452.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:31 C:\WINDOWS\Tasks\At453.job
2007-08-08 21:08:59 C:\WINDOWS\Tasks\At454.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At455.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:56 C:\WINDOWS\Tasks\At456.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:22 C:\WINDOWS\Tasks\At457.job
2007-07-23 06:21:20 C:\WINDOWS\Tasks\At458.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:18 C:\WINDOWS\Tasks\At459.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:08:59 C:\WINDOWS\Tasks\At46.job
2007-08-08 02:39:43 C:\WINDOWS\Tasks\At460.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:19 C:\WINDOWS\Tasks\At461.job
2007-08-09 04:33:28 C:\WINDOWS\Tasks\At462.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:17 C:\WINDOWS\Tasks\At463.job
2007-08-04 06:40:40 C:\WINDOWS\Tasks\At464.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:09 C:\WINDOWS\Tasks\At465.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:12 C:\WINDOWS\Tasks\At466.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:10 C:\WINDOWS\Tasks\At467.job
2007-08-09 10:35:48 C:\WINDOWS\Tasks\At468.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At469.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At47.job
2007-08-08 12:32:44 C:\WINDOWS\Tasks\At470.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:49 C:\WINDOWS\Tasks\At471.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:10 C:\WINDOWS\Tasks\At472.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:51 C:\WINDOWS\Tasks\At473.job
2007-08-08 16:33:06 C:\WINDOWS\Tasks\At474.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:27 C:\WINDOWS\Tasks\At475.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:45 C:\WINDOWS\Tasks\At476.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:31 C:\WINDOWS\Tasks\At477.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:01 C:\WINDOWS\Tasks\At478.job
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At479.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:56 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:56 C:\WINDOWS\Tasks\At480.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:22 C:\WINDOWS\Tasks\At481.job - C:\WINDOWS\system32\winmds.exe
2007-07-25 17:12:13 C:\WINDOWS\Tasks\At482.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:18 C:\WINDOWS\Tasks\At483.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:43 C:\WINDOWS\Tasks\At484.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:19 C:\WINDOWS\Tasks\At485.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:28 C:\WINDOWS\Tasks\At486.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:18 C:\WINDOWS\Tasks\At487.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:40 C:\WINDOWS\Tasks\At488.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:09 C:\WINDOWS\Tasks\At489.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:22 C:\WINDOWS\Tasks\At49.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:12 C:\WINDOWS\Tasks\At490.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:11 C:\WINDOWS\Tasks\At491.job
2007-08-09 10:35:48 C:\WINDOWS\Tasks\At492.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At493.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:44 C:\WINDOWS\Tasks\At494.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:50 C:\WINDOWS\Tasks\At495.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:10 C:\WINDOWS\Tasks\At496.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:51 C:\WINDOWS\Tasks\At497.job
2007-08-08 16:33:06 C:\WINDOWS\Tasks\At498.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:27 C:\WINDOWS\Tasks\At499.job
2007-08-09 03:32:19 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\winmds.exe
2007-07-18 02:24:12 C:\WINDOWS\Tasks\At50.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:48 C:\WINDOWS\Tasks\At500.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:31 C:\WINDOWS\Tasks\At501.job
2007-08-08 21:09:03 C:\WINDOWS\Tasks\At502.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:53 C:\WINDOWS\Tasks\At503.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:56 C:\WINDOWS\Tasks\At504.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:23 C:\WINDOWS\Tasks\At505.job - C:\WINDOWS\system32\winmds.exe
2007-07-26 02:09:31 C:\WINDOWS\Tasks\At506.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:19 C:\WINDOWS\Tasks\At507.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:44 C:\WINDOWS\Tasks\At508.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:19 C:\WINDOWS\Tasks\At509.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:19 C:\WINDOWS\Tasks\At51.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:33 C:\WINDOWS\Tasks\At510.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:22 C:\WINDOWS\Tasks\At511.job
2007-08-04 06:40:40 C:\WINDOWS\Tasks\At512.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:09 C:\WINDOWS\Tasks\At513.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:12 C:\WINDOWS\Tasks\At514.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:12 C:\WINDOWS\Tasks\At515.job
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At516.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At517.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:44 C:\WINDOWS\Tasks\At518.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:50 C:\WINDOWS\Tasks\At519.job
2007-08-08 02:39:44 C:\WINDOWS\Tasks\At52.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:10 C:\WINDOWS\Tasks\At520.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:51 C:\WINDOWS\Tasks\At521.job
2007-08-08 16:33:07 C:\WINDOWS\Tasks\At522.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:27 C:\WINDOWS\Tasks\At523.job
2007-08-08 18:36:52 C:\WINDOWS\Tasks\At524.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:31 C:\WINDOWS\Tasks\At525.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:04 C:\WINDOWS\Tasks\At526.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:53 C:\WINDOWS\Tasks\At527.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:56 C:\WINDOWS\Tasks\At528.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:23 C:\WINDOWS\Tasks\At529.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:19 C:\WINDOWS\Tasks\At53.job - C:\WINDOWS\system32\winmds.exe
2007-07-26 09:19:13 C:\WINDOWS\Tasks\At530.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:19 C:\WINDOWS\Tasks\At531.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:44 C:\WINDOWS\Tasks\At532.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:19 C:\WINDOWS\Tasks\At533.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:34 C:\WINDOWS\Tasks\At534.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:22 C:\WINDOWS\Tasks\At535.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:40 C:\WINDOWS\Tasks\At536.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:09 C:\WINDOWS\Tasks\At537.job
2007-08-06 08:36:12 C:\WINDOWS\Tasks\At538.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:13 C:\WINDOWS\Tasks\At539.job
2007-08-09 04:33:34 C:\WINDOWS\Tasks\At54.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At540.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At541.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:45 C:\WINDOWS\Tasks\At542.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:50 C:\WINDOWS\Tasks\At543.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:11 C:\WINDOWS\Tasks\At544.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:51 C:\WINDOWS\Tasks\At545.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:07 C:\WINDOWS\Tasks\At546.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:27 C:\WINDOWS\Tasks\At547.job
2007-08-08 18:36:55 C:\WINDOWS\Tasks\At548.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:31 C:\WINDOWS\Tasks\At549.job
2007-08-05 08:26:22 C:\WINDOWS\Tasks\At55.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:05 C:\WINDOWS\Tasks\At550.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:53 C:\WINDOWS\Tasks\At551.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:56 C:\WINDOWS\Tasks\At552.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:23 C:\WINDOWS\Tasks\At553.job - C:\WINDOWS\system32\winmds.exe
2007-07-26 15:21:43 C:\WINDOWS\Tasks\At554.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:19 C:\WINDOWS\Tasks\At555.job
2007-08-08 02:39:45 C:\WINDOWS\Tasks\At556.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:19 C:\WINDOWS\Tasks\At557.job
2007-08-09 04:33:35 C:\WINDOWS\Tasks\At558.job
2007-08-05 08:26:22 C:\WINDOWS\Tasks\At559.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:41 C:\WINDOWS\Tasks\At56.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:41 C:\WINDOWS\Tasks\At560.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:09 C:\WINDOWS\Tasks\At561.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:13 C:\WINDOWS\Tasks\At562.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:13 C:\WINDOWS\Tasks\At563.job
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At564.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At565.job
2007-08-08 12:32:45 C:\WINDOWS\Tasks\At566.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:51 C:\WINDOWS\Tasks\At567.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:11 C:\WINDOWS\Tasks\At568.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:52 C:\WINDOWS\Tasks\At569.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:09 C:\WINDOWS\Tasks\At57.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:07 C:\WINDOWS\Tasks\At570.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:28 C:\WINDOWS\Tasks\At571.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:56 C:\WINDOWS\Tasks\At572.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:32 C:\WINDOWS\Tasks\At573.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:06 C:\WINDOWS\Tasks\At574.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:53 C:\WINDOWS\Tasks\At575.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:56 C:\WINDOWS\Tasks\At576.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:23 C:\WINDOWS\Tasks\At577.job - C:\WINDOWS\system32\winmds.exe
2007-07-27 02:29:40 C:\WINDOWS\Tasks\At578.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:19 C:\WINDOWS\Tasks\At579.job
2007-08-06 08:36:13 C:\WINDOWS\Tasks\At58.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:47 C:\WINDOWS\Tasks\At580.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:20 C:\WINDOWS\Tasks\At581.job
2007-08-09 04:33:36 C:\WINDOWS\Tasks\At582.job
2007-08-05 08:26:22 C:\WINDOWS\Tasks\At583.job
2007-08-04 06:40:41 C:\WINDOWS\Tasks\At584.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:09 C:\WINDOWS\Tasks\At585.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:13 C:\WINDOWS\Tasks\At586.job
2007-08-06 13:24:13 C:\WINDOWS\Tasks\At587.job
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At588.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:24 C:\WINDOWS\Tasks\At589.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:13 C:\WINDOWS\Tasks\At59.job
2007-08-08 12:32:45 C:\WINDOWS\Tasks\At590.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:51 C:\WINDOWS\Tasks\At591.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:11 C:\WINDOWS\Tasks\At592.job
2007-08-07 15:33:52 C:\WINDOWS\Tasks\At593.job
2007-08-08 16:33:07 C:\WINDOWS\Tasks\At594.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:29 C:\WINDOWS\Tasks\At595.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:56 C:\WINDOWS\Tasks\At596.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:32 C:\WINDOWS\Tasks\At597.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:07 C:\WINDOWS\Tasks\At598.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:53 C:\WINDOWS\Tasks\At599.job
2007-08-09 04:33:36 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At60.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:57 C:\WINDOWS\Tasks\At600.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:23 C:\WINDOWS\Tasks\At601.job - C:\WINDOWS\system32\winmds.exe
2007-07-31 03:13:15 C:\WINDOWS\Tasks\At602.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:19 C:\WINDOWS\Tasks\At603.job
2007-08-08 02:39:47 C:\WINDOWS\Tasks\At604.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:20 C:\WINDOWS\Tasks\At605.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:36 C:\WINDOWS\Tasks\At606.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:23 C:\WINDOWS\Tasks\At607.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:41 C:\WINDOWS\Tasks\At608.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:09 C:\WINDOWS\Tasks\At609.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:24 C:\WINDOWS\Tasks\At61.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:13 C:\WINDOWS\Tasks\At610.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:13 C:\WINDOWS\Tasks\At611.job
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At612.job
2007-08-09 11:31:24 C:\WINDOWS\Tasks\At613.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:45 C:\WINDOWS\Tasks\At614.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:52 C:\WINDOWS\Tasks\At615.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:12 C:\WINDOWS\Tasks\At616.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:52 C:\WINDOWS\Tasks\At617.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:07 C:\WINDOWS\Tasks\At618.job
2007-08-08 17:31:31 C:\WINDOWS\Tasks\At619.job
2007-08-08 12:32:45 C:\WINDOWS\Tasks\At62.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:56 C:\WINDOWS\Tasks\At620.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:32 C:\WINDOWS\Tasks\At621.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:09 C:\WINDOWS\Tasks\At622.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:53 C:\WINDOWS\Tasks\At623.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:57 C:\WINDOWS\Tasks\At624.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:23 C:\WINDOWS\Tasks\At625.job
2007-07-31 10:17:04 C:\WINDOWS\Tasks\At626.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:20 C:\WINDOWS\Tasks\At627.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:47 C:\WINDOWS\Tasks\At628.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:20 C:\WINDOWS\Tasks\At629.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:53 C:\WINDOWS\Tasks\At63.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:37 C:\WINDOWS\Tasks\At630.job
2007-08-05 08:26:23 C:\WINDOWS\Tasks\At631.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:41 C:\WINDOWS\Tasks\At632.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:10 C:\WINDOWS\Tasks\At633.job
2007-08-06 08:36:13 C:\WINDOWS\Tasks\At634.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:18 C:\WINDOWS\Tasks\At635.job
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At636.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:24 C:\WINDOWS\Tasks\At637.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:45 C:\WINDOWS\Tasks\At638.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:54 C:\WINDOWS\Tasks\At639.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:12 C:\WINDOWS\Tasks\At64.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:12 C:\WINDOWS\Tasks\At640.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:52 C:\WINDOWS\Tasks\At641.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:08 C:\WINDOWS\Tasks\At642.job
2007-08-08 17:31:36 C:\WINDOWS\Tasks\At643.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:56 C:\WINDOWS\Tasks\At644.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:32 C:\WINDOWS\Tasks\At645.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:09 C:\WINDOWS\Tasks\At646.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:53 C:\WINDOWS\Tasks\At647.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:57 C:\WINDOWS\Tasks\At648.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:23 C:\WINDOWS\Tasks\At649.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:52 C:\WINDOWS\Tasks\At65.job - C:\WINDOWS\system32\winmds.exe
2007-08-01 03:24:55 C:\WINDOWS\Tasks\At650.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:20 C:\WINDOWS\Tasks\At651.job
2007-08-08 02:39:47 C:\WINDOWS\Tasks\At652.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:20 C:\WINDOWS\Tasks\At653.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:37 C:\WINDOWS\Tasks\At654.job
2007-08-05 08:26:23 C:\WINDOWS\Tasks\At655.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:41 C:\WINDOWS\Tasks\At656.job
2007-08-08 09:16:10 C:\WINDOWS\Tasks\At657.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:13 C:\WINDOWS\Tasks\At658.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:19 C:\WINDOWS\Tasks\At659.job
2007-08-08 16:33:08 C:\WINDOWS\Tasks\At66.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At660.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:24 C:\WINDOWS\Tasks\At661.job
2007-08-08 12:32:45 C:\WINDOWS\Tasks\At662.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:54 C:\WINDOWS\Tasks\At663.job
2007-08-08 15:51:12 C:\WINDOWS\Tasks\At664.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:52 C:\WINDOWS\Tasks\At665.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:08 C:\WINDOWS\Tasks\At666.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:37 C:\WINDOWS\Tasks\At667.job
2007-08-08 18:36:57 C:\WINDOWS\Tasks\At668.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:32 C:\WINDOWS\Tasks\At669.job
2007-08-08 17:31:37 C:\WINDOWS\Tasks\At67.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:09 C:\WINDOWS\Tasks\At670.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At671.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:57 C:\WINDOWS\Tasks\At672.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:24 C:\WINDOWS\Tasks\At673.job - C:\WINDOWS\system32\winmds.exe
2007-08-01 09:25:15 C:\WINDOWS\Tasks\At674.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:20 C:\WINDOWS\Tasks\At675.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:47 C:\WINDOWS\Tasks\At676.job
2007-08-09 03:32:20 C:\WINDOWS\Tasks\At677.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:37 C:\WINDOWS\Tasks\At678.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:23 C:\WINDOWS\Tasks\At679.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:57 C:\WINDOWS\Tasks\At68.job
2007-08-04 06:40:41 C:\WINDOWS\Tasks\At680.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:10 C:\WINDOWS\Tasks\At681.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:13 C:\WINDOWS\Tasks\At682.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:21 C:\WINDOWS\Tasks\At683.job
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At684.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:26 C:\WINDOWS\Tasks\At685.job
2007-08-08 12:32:45 C:\WINDOWS\Tasks\At686.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:54 C:\WINDOWS\Tasks\At687.job
2007-08-08 15:51:12 C:\WINDOWS\Tasks\At688.job
2007-08-07 15:33:52 C:\WINDOWS\Tasks\At689.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:32 C:\WINDOWS\Tasks\At69.job
2007-08-08 16:33:08 C:\WINDOWS\Tasks\At690.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:37 C:\WINDOWS\Tasks\At691.job
2007-08-08 18:36:58 C:\WINDOWS\Tasks\At692.job
2007-08-08 19:35:32 C:\WINDOWS\Tasks\At693.job
2007-08-08 21:09:10 C:\WINDOWS\Tasks\At694.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At695.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:57 C:\WINDOWS\Tasks\At696.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:24 C:\WINDOWS\Tasks\At697.job - C:\WINDOWS\system32\winmds.exe
2007-08-01 17:26:25 C:\WINDOWS\Tasks\At698.job
2007-08-08 01:39:20 C:\WINDOWS\Tasks\At699.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:23 C:\WINDOWS\Tasks\At7.job
2007-08-08 21:09:10 C:\WINDOWS\Tasks\At70.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:47 C:\WINDOWS\Tasks\At700.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:20 C:\WINDOWS\Tasks\At701.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:37 C:\WINDOWS\Tasks\At702.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:23 C:\WINDOWS\Tasks\At703.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:41 C:\WINDOWS\Tasks\At704.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:10 C:\WINDOWS\Tasks\At705.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:13 C:\WINDOWS\Tasks\At706.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:21 C:\WINDOWS\Tasks\At707.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At708.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:26 C:\WINDOWS\Tasks\At709.job
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At71.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:46 C:\WINDOWS\Tasks\At710.job
2007-08-05 13:39:57 C:\WINDOWS\Tasks\At711.job
2007-08-08 15:51:12 C:\WINDOWS\Tasks\At712.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:53 C:\WINDOWS\Tasks\At713.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:08 C:\WINDOWS\Tasks\At714.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:38 C:\WINDOWS\Tasks\At715.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:59 C:\WINDOWS\Tasks\At716.job
2007-08-08 19:35:32 C:\WINDOWS\Tasks\At717.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:10 C:\WINDOWS\Tasks\At718.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At719.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:57 C:\WINDOWS\Tasks\At72.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:57 C:\WINDOWS\Tasks\At720.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:24 C:\WINDOWS\Tasks\At721.job - C:\WINDOWS\system32\winmds.exe
2007-08-02 01:55:14 C:\WINDOWS\Tasks\At722.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:20 C:\WINDOWS\Tasks\At723.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:48 C:\WINDOWS\Tasks\At724.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:21 C:\WINDOWS\Tasks\At725.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:38 C:\WINDOWS\Tasks\At726.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:24 C:\WINDOWS\Tasks\At727.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:43 C:\WINDOWS\Tasks\At728.job
2007-08-08 09:16:10 C:\WINDOWS\Tasks\At729.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:24 C:\WINDOWS\Tasks\At73.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:14 C:\WINDOWS\Tasks\At730.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:23 C:\WINDOWS\Tasks\At731.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At732.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:26 C:\WINDOWS\Tasks\At733.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:46 C:\WINDOWS\Tasks\At734.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:58 C:\WINDOWS\Tasks\At735.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:12 C:\WINDOWS\Tasks\At736.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:53 C:\WINDOWS\Tasks\At737.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:08 C:\WINDOWS\Tasks\At738.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:38 C:\WINDOWS\Tasks\At739.job - C:\WINDOWS\system32\winmds.exe
2007-07-18 02:24:14 C:\WINDOWS\Tasks\At74.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:36:59 C:\WINDOWS\Tasks\At740.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:32 C:\WINDOWS\Tasks\At741.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:10 C:\WINDOWS\Tasks\At742.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At743.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:57 C:\WINDOWS\Tasks\At744.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:24 C:\WINDOWS\Tasks\At745.job - C:\WINDOWS\system32\winmds.exe
2007-08-02 09:23:15 C:\WINDOWS\Tasks\At746.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:20 C:\WINDOWS\Tasks\At747.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:48 C:\WINDOWS\Tasks\At748.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:21 C:\WINDOWS\Tasks\At749.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:20 C:\WINDOWS\Tasks\At75.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:38 C:\WINDOWS\Tasks\At750.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:24 C:\WINDOWS\Tasks\At751.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:43 C:\WINDOWS\Tasks\At752.job
2007-08-08 09:16:10 C:\WINDOWS\Tasks\At753.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:14 C:\WINDOWS\Tasks\At754.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:23 C:\WINDOWS\Tasks\At755.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At756.job
2007-08-09 11:31:26 C:\WINDOWS\Tasks\At757.job
2007-08-08 12:32:46 C:\WINDOWS\Tasks\At758.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:58 C:\WINDOWS\Tasks\At759.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:48 C:\WINDOWS\Tasks\At76.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:12 C:\WINDOWS\Tasks\At760.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:53 C:\WINDOWS\Tasks\At761.job
2007-08-08 16:33:08 C:\WINDOWS\Tasks\At762.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:38 C:\WINDOWS\Tasks\At763.job
2007-08-08 18:37:00 C:\WINDOWS\Tasks\At764.job
2007-08-08 19:35:33 C:\WINDOWS\Tasks\At765.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:10 C:\WINDOWS\Tasks\At766.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At767.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:58 C:\WINDOWS\Tasks\At768.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:24 C:\WINDOWS\Tasks\At769.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:21 C:\WINDOWS\Tasks\At77.job - C:\WINDOWS\system32\winmds.exe
2007-08-03 01:55:34 C:\WINDOWS\Tasks\At770.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:21 C:\WINDOWS\Tasks\At771.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:48 C:\WINDOWS\Tasks\At772.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:21 C:\WINDOWS\Tasks\At773.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:38 C:\WINDOWS\Tasks\At774.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:24 C:\WINDOWS\Tasks\At775.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:43 C:\WINDOWS\Tasks\At776.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:10 C:\WINDOWS\Tasks\At777.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:14 C:\WINDOWS\Tasks\At778.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:23 C:\WINDOWS\Tasks\At779.job
2007-08-09 04:33:38 C:\WINDOWS\Tasks\At78.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At780.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:26 C:\WINDOWS\Tasks\At781.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:46 C:\WINDOWS\Tasks\At782.job
2007-08-05 13:39:58 C:\WINDOWS\Tasks\At783.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:13 C:\WINDOWS\Tasks\At784.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:53 C:\WINDOWS\Tasks\At785.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:08 C:\WINDOWS\Tasks\At786.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:38 C:\WINDOWS\Tasks\At787.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:37:00 C:\WINDOWS\Tasks\At788.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:33 C:\WINDOWS\Tasks\At789.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:24 C:\WINDOWS\Tasks\At79.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:10 C:\WINDOWS\Tasks\At790.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At791.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:58 C:\WINDOWS\Tasks\At792.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:24 C:\WINDOWS\Tasks\At793.job - C:\WINDOWS\system32\winmds.exe
2007-08-03 08:39:27 C:\WINDOWS\Tasks\At794.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:21 C:\WINDOWS\Tasks\At795.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:48 C:\WINDOWS\Tasks\At796.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:21 C:\WINDOWS\Tasks\At797.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:39 C:\WINDOWS\Tasks\At798.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:24 C:\WINDOWS\Tasks\At799.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:43 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:43 C:\WINDOWS\Tasks\At80.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:43 C:\WINDOWS\Tasks\At800.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:11 C:\WINDOWS\Tasks\At801.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:14 C:\WINDOWS\Tasks\At802.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:24 C:\WINDOWS\Tasks\At803.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At804.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:29 C:\WINDOWS\Tasks\At805.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:46 C:\WINDOWS\Tasks\At806.job
2007-08-05 13:39:58 C:\WINDOWS\Tasks\At807.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:13 C:\WINDOWS\Tasks\At808.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:54 C:\WINDOWS\Tasks\At809.job
2007-08-08 09:16:11 C:\WINDOWS\Tasks\At81.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:08 C:\WINDOWS\Tasks\At810.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:38 C:\WINDOWS\Tasks\At811.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:37:00 C:\WINDOWS\Tasks\At812.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:33 C:\WINDOWS\Tasks\At813.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:10 C:\WINDOWS\Tasks\At814.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At815.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:58 C:\WINDOWS\Tasks\At816.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:24 C:\WINDOWS\Tasks\At817.job - C:\WINDOWS\system32\winmds.exe
2007-08-03 15:35:29 C:\WINDOWS\Tasks\At818.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:21 C:\WINDOWS\Tasks\At819.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:15 C:\WINDOWS\Tasks\At82.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:48 C:\WINDOWS\Tasks\At820.job
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At821.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:40 C:\WINDOWS\Tasks\At822.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:24 C:\WINDOWS\Tasks\At823.job
2007-08-04 06:40:45 C:\WINDOWS\Tasks\At824.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:11 C:\WINDOWS\Tasks\At825.job
2007-08-06 08:36:15 C:\WINDOWS\Tasks\At826.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:25 C:\WINDOWS\Tasks\At827.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At828.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:30 C:\WINDOWS\Tasks\At829.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:25 C:\WINDOWS\Tasks\At83.job
2007-08-08 12:32:46 C:\WINDOWS\Tasks\At830.job
2007-08-05 13:39:59 C:\WINDOWS\Tasks\At831.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:13 C:\WINDOWS\Tasks\At832.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:54 C:\WINDOWS\Tasks\At833.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:09 C:\WINDOWS\Tasks\At834.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:38 C:\WINDOWS\Tasks\At835.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:37:00 C:\WINDOWS\Tasks\At836.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:34 C:\WINDOWS\Tasks\At837.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:11 C:\WINDOWS\Tasks\At838.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At839.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At84.job
2007-08-09 02:52:58 C:\WINDOWS\Tasks\At840.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:25 C:\WINDOWS\Tasks\At841.job - C:\WINDOWS\system32\winmds.exe
2007-08-03 21:52:25 C:\WINDOWS\Tasks\At842.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:21 C:\WINDOWS\Tasks\At843.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:48 C:\WINDOWS\Tasks\At844.job
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At845.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:40 C:\WINDOWS\Tasks\At846.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:24 C:\WINDOWS\Tasks\At847.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:45 C:\WINDOWS\Tasks\At848.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:11 C:\WINDOWS\Tasks\At849.job
2007-08-09 11:31:31 C:\WINDOWS\Tasks\At85.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:15 C:\WINDOWS\Tasks\At850.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:25 C:\WINDOWS\Tasks\At851.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At852.job
2007-08-09 11:31:31 C:\WINDOWS\Tasks\At853.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:47 C:\WINDOWS\Tasks\At854.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:59 C:\WINDOWS\Tasks\At855.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:13 C:\WINDOWS\Tasks\At856.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:54 C:\WINDOWS\Tasks\At857.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:09 C:\WINDOWS\Tasks\At858.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:39 C:\WINDOWS\Tasks\At859.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:47 C:\WINDOWS\Tasks\At86.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:37:00 C:\WINDOWS\Tasks\At860.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:34 C:\WINDOWS\Tasks\At861.job
2007-08-08 21:09:11 C:\WINDOWS\Tasks\At862.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:55 C:\WINDOWS\Tasks\At863.job
2007-08-09 02:52:58 C:\WINDOWS\Tasks\At864.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:25 C:\WINDOWS\Tasks\At865.job
2007-08-04 16:41:47 C:\WINDOWS\Tasks\At866.job
2007-08-08 01:39:21 C:\WINDOWS\Tasks\At867.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:49 C:\WINDOWS\Tasks\At868.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At869.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:59 C:\WINDOWS\Tasks\At87.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:41 C:\WINDOWS\Tasks\At870.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:24 C:\WINDOWS\Tasks\At871.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 16:41:47 C:\WINDOWS\Tasks\At872.job
2007-08-08 09:16:11 C:\WINDOWS\Tasks\At873.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:15 C:\WINDOWS\Tasks\At874.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:25 C:\WINDOWS\Tasks\At875.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At876.job
2007-08-09 11:31:33 C:\WINDOWS\Tasks\At877.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:47 C:\WINDOWS\Tasks\At878.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:59 C:\WINDOWS\Tasks\At879.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:13 C:\WINDOWS\Tasks\At88.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:13 C:\WINDOWS\Tasks\At880.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:54 C:\WINDOWS\Tasks\At881.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:09 C:\WINDOWS\Tasks\At882.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:39 C:\WINDOWS\Tasks\At883.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:37:01 C:\WINDOWS\Tasks\At884.job
2007-08-08 19:35:34 C:\WINDOWS\Tasks\At885.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:11 C:\WINDOWS\Tasks\At886.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:55 C:\WINDOWS\Tasks\At887.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:58 C:\WINDOWS\Tasks\At888.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:25 C:\WINDOWS\Tasks\At889.job
2007-08-07 15:33:54 C:\WINDOWS\Tasks\At89.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 22:47:46 C:\WINDOWS\Tasks\At890.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:22 C:\WINDOWS\Tasks\At891.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:49 C:\WINDOWS\Tasks\At892.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At893.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:44 C:\WINDOWS\Tasks\At894.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:26:24 C:\WINDOWS\Tasks\At895.job
2007-08-04 22:47:46 C:\WINDOWS\Tasks\At896.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:11 C:\WINDOWS\Tasks\At897.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:15 C:\WINDOWS\Tasks\At898.job
2007-08-06 13:24:25 C:\WINDOWS\Tasks\At899.job
2007-08-08 09:16:11 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:09 C:\WINDOWS\Tasks\At90.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At900.job
2007-08-09 11:31:35 C:\WINDOWS\Tasks\At901.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:47 C:\WINDOWS\Tasks\At902.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 13:39:59 C:\WINDOWS\Tasks\At903.job
2007-08-08 15:51:13 C:\WINDOWS\Tasks\At904.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:54 C:\WINDOWS\Tasks\At905.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:09 C:\WINDOWS\Tasks\At906.job
2007-08-08 17:31:39 C:\WINDOWS\Tasks\At907.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:37:01 C:\WINDOWS\Tasks\At908.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:34 C:\WINDOWS\Tasks\At909.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:39 C:\WINDOWS\Tasks\At91.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:11 C:\WINDOWS\Tasks\At910.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:55 C:\WINDOWS\Tasks\At911.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:58 C:\WINDOWS\Tasks\At912.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:25 C:\WINDOWS\Tasks\At913.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:32:22 C:\WINDOWS\Tasks\At914.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:22 C:\WINDOWS\Tasks\At915.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:49 C:\WINDOWS\Tasks\At916.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At917.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:44 C:\WINDOWS\Tasks\At918.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:32:22 C:\WINDOWS\Tasks\At919.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:37:01 C:\WINDOWS\Tasks\At92.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 08:32:22 C:\WINDOWS\Tasks\At920.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:11 C:\WINDOWS\Tasks\At921.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:15 C:\WINDOWS\Tasks\At922.job
2007-08-06 13:24:25 C:\WINDOWS\Tasks\At923.job
2007-08-09 10:35:51 C:\WINDOWS\Tasks\At924.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:35 C:\WINDOWS\Tasks\At925.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:47 C:\WINDOWS\Tasks\At926.job
2007-08-05 13:39:59 C:\WINDOWS\Tasks\At927.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:13 C:\WINDOWS\Tasks\At928.job
2007-08-07 15:33:55 C:\WINDOWS\Tasks\At929.job
2007-08-08 19:35:34 C:\WINDOWS\Tasks\At93.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:09 C:\WINDOWS\Tasks\At930.job
2007-08-08 17:31:39 C:\WINDOWS\Tasks\At931.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:37:02 C:\WINDOWS\Tasks\At932.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:34 C:\WINDOWS\Tasks\At933.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:11 C:\WINDOWS\Tasks\At934.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:55 C:\WINDOWS\Tasks\At935.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:59 C:\WINDOWS\Tasks\At936.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:25 C:\WINDOWS\Tasks\At937.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 15:47:02 C:\WINDOWS\Tasks\At938.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:22 C:\WINDOWS\Tasks\At939.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:11 C:\WINDOWS\Tasks\At94.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:49 C:\WINDOWS\Tasks\At940.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At941.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:44 C:\WINDOWS\Tasks\At942.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 15:47:02 C:\WINDOWS\Tasks\At943.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 15:47:02 C:\WINDOWS\Tasks\At944.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:11 C:\WINDOWS\Tasks\At945.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:15 C:\WINDOWS\Tasks\At946.job
2007-08-06 13:24:26 C:\WINDOWS\Tasks\At947.job
2007-08-09 10:35:51 C:\WINDOWS\Tasks\At948.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:35 C:\WINDOWS\Tasks\At949.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:55 C:\WINDOWS\Tasks\At95.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:47 C:\WINDOWS\Tasks\At950.job - C:\WINDOWS\system32\winmds.exe
2007-08-05 15:47:02 C:\WINDOWS\Tasks\At951.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:14 C:\WINDOWS\Tasks\At952.job
2007-08-07 15:33:55 C:\WINDOWS\Tasks\At953.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:09 C:\WINDOWS\Tasks\At954.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:39 C:\WINDOWS\Tasks\At955.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:37:04 C:\WINDOWS\Tasks\At956.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:34 C:\WINDOWS\Tasks\At957.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:11 C:\WINDOWS\Tasks\At958.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:55 C:\WINDOWS\Tasks\At959.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:59 C:\WINDOWS\Tasks\At96.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:59 C:\WINDOWS\Tasks\At960.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 07:30:52 C:\WINDOWS\Tasks\At961.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 07:30:52 C:\WINDOWS\Tasks\At962.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:22 C:\WINDOWS\Tasks\At963.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:49 C:\WINDOWS\Tasks\At964.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At965.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:45 C:\WINDOWS\Tasks\At966.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 07:30:52 C:\WINDOWS\Tasks\At967.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 07:30:52 C:\WINDOWS\Tasks\At968.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:12 C:\WINDOWS\Tasks\At969.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 00:11:25 C:\WINDOWS\Tasks\At97.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 08:36:15 C:\WINDOWS\Tasks\At970.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:24:26 C:\WINDOWS\Tasks\At971.job
2007-08-09 10:35:54 C:\WINDOWS\Tasks\At972.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:35 C:\WINDOWS\Tasks\At973.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:47 C:\WINDOWS\Tasks\At974.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 07:30:52 C:\WINDOWS\Tasks\At975.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:51:14 C:\WINDOWS\Tasks\At976.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 15:33:56 C:\WINDOWS\Tasks\At977.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 16:33:10 C:\WINDOWS\Tasks\At978.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 17:31:40 C:\WINDOWS\Tasks\At979.job - C:\WINDOWS\system32\winmds.exe
2007-07-18 02:24:14 C:\WINDOWS\Tasks\At98.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 18:37:04 C:\WINDOWS\Tasks\At980.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 19:35:37 C:\WINDOWS\Tasks\At981.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 21:09:11 C:\WINDOWS\Tasks\At982.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 00:26:55 C:\WINDOWS\Tasks\At983.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:52:59 C:\WINDOWS\Tasks\At984.job
2007-08-06 14:44:02 C:\WINDOWS\Tasks\At985.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 14:44:02 C:\WINDOWS\Tasks\At986.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:22 C:\WINDOWS\Tasks\At987.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:49 C:\WINDOWS\Tasks\At988.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At989.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:22 C:\WINDOWS\Tasks\At99.job
2007-08-09 04:33:45 C:\WINDOWS\Tasks\At990.job
2007-08-06 14:44:02 C:\WINDOWS\Tasks\At991.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 14:44:02 C:\WINDOWS\Tasks\At992.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:16:12 C:\WINDOWS\Tasks\At993.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 14:44:02 C:\WINDOWS\Tasks\At994.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 14:44:02 C:\WINDOWS\Tasks\At995.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:56 C:\WINDOWS\Tasks\At996.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:36 C:\WINDOWS\Tasks\At997.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 12:32:47 C:\WINDOWS\Tasks\At998.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 14:44:02 C:\WINDOWS\Tasks\At999.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:30:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-09 12:55:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-09 12:59:26
C:\ComboFix-quarantined-files.txt ... 2007-08-09 12:59
C:\ComboFix2.txt ... 2007-08-08 14:30

--- E O F ---

#7 BigVoice

BigVoice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 09 August 2007 - 09:03 AM

Good Afternoon again Richie here is the Hijack report. :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 14:59:26, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\ComputerFix\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8bec1d077a9e40f59a968ea75cd25aa6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8bec1d077a9e40f59a968ea75cd25aa6
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148 212.67.96.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 09 August 2007 - 10:46 AM

Download KillBox,unzip/extract it to your desktop.
http://download.bleepingcomputer.com/spyware/KillBox.exe
Start up Killbox and place a check in 'Delete on Reboot'.
In the 'Full path of file to delete' box,copy and paste:
C:\WINDOWS\system32\winmds.exe
Then press the red button with the white cross.
It will then provide a window for you to confirm the delete.
Next it will ask if you now wish to reboot,select YES.
Allow it to reboot.
If it does'nt reboot automatically,reboot manually.

-------------------------------------------------------

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopPosted Imageand agree to merge the imformation into the registry,then restart your pc.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-

-------------------------------------------------------

Download SmitfraudFix (by S!Ri),to your desktop.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Double click on Smitfraudfix.cmd
Select #2 and hit Enter to delete the infected files.
You will be prompted: 'Do you want to clean the registry?' answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): 'Replace infected file ?' answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
The report can be found at the root of the system drive, usually at C:\rapport.txt

Post the Smitfraudfix report,and a new Hijack This log into your next reply.
Posted Image
Posted Image

#9 BigVoice

BigVoice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 09 August 2007 - 11:55 PM

Gooday Richie, We followed your instructions to the letter about Smitfraudfix.cmd last evening and at last my computer is showing signs of a marked improvement in performance as I was on for over an hour last night with no freezing, so thank you kindly. :thumbsup:

Here is the c;\rapport.txt report that you requestedSmitFraudFix v2.210

Scan done at 20:21:47.48, 09/08/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts

127.0.0.1 localhost

Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\WINDOWS\Tasks\At?.job Deleted
C:\WINDOWS\Tasks\At??.job Deleted

DNS



Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

Download KillBox,unzip/extract it to your desktop.
http://download.bleepingcomputer.com/spyware/KillBox.exe
Start up Killbox and place a check in 'Delete on Reboot'.
In the 'Full path of file to delete' box,copy and paste:
C:\WINDOWS\system32\winmds.exe
Then press the red button with the white cross.
It will then provide a window for you to confirm the delete.
Next it will ask if you now wish to reboot,select YES.
Allow it to reboot.
If it does'nt reboot automatically,reboot manually.

-------------------------------------------------------

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopPosted Imageand agree to merge the imformation into the registry,then restart your pc.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-

-------------------------------------------------------

Download SmitfraudFix (by S!Ri),to your desktop.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Double click on Smitfraudfix.cmd
Select #2 and hit Enter to delete the infected files.
You will be prompted: 'Do you want to clean the registry?' answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): 'Replace infected file ?' answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
The report can be found at the root of the system drive, usually at C:\rapport.txt

Post the Smitfraudfix report,and a new Hijack This log into your next reply.



#10 BigVoice

BigVoice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 10 August 2007 - 12:00 AM

Hello again Richie, I am still a bit slow on the uptake with following your advice but I believe that this is the Hijack report that you requested. :flowers:

Have a Jolly Good Weekend and thanks again for your help. :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 14:59:26, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\ComputerFix\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8bec1d077a9e40f59a968ea75cd25aa6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8bec1d077a9e40f59a968ea75cd25aa6
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148 212.67.96.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#11 BigVoice

BigVoice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 10 August 2007 - 03:26 AM

Sorry Richie, I sent the old Hijack Notepad before, so here is the latest data, so far my computer has frozen just once in the past 12 hours, thank you kindly. :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 09:20:23, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winmds.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.202\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8bec1d077a9e40f59a968ea75cd25aa6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8bec1d077a9e40f59a968ea75cd25aa6
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 10 August 2007 - 04:07 AM

Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Standard
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This will start the program and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste the contents of that file into your next reply.

Double click on Combofix.exe again and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Also post a new Hijackthis log.
Posted Image
Posted Image

#13 BigVoice

BigVoice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 10 August 2007 - 04:57 PM

Good Evening Richie, I have attempted to run the Kaspersku Online Scanner, three times but it was taking over forty minutes to complete and my computer froze before completion! :thumbsup:

I have run a Combofix Scan now and attach the report: ComboFix 07-08-07.5 - "Owner" 2007-08-10 22:37:53.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.179 [GMT 1:00]


((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))


2007-08-10 12:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-10 12:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-10 05:51 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-10 05:51 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-10 05:51 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-10 02:30 15,950 --a------ C:\WINDOWS\system32\winmds.exe
2007-08-09 20:21 2,530 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-09 19:37 <DIR> d-------- C:\!KillBox
2007-08-09 17:45 94,720 --a--c--- C:\WINDOWS\system32\dllcache\umaxud32.dll
2007-08-09 17:45 94,720 --a------ C:\WINDOWS\system32\umaxud32.dll
2007-08-09 17:45 50,688 --a--c--- C:\WINDOWS\system32\dllcache\umaxscan.dll
2007-08-09 17:45 50,688 --a------ C:\WINDOWS\system32\umaxscan.dll
2007-08-09 17:45 50,176 --a--c--- C:\WINDOWS\system32\dllcache\umaxp60.dll
2007-08-09 17:45 50,176 --a------ C:\WINDOWS\system32\umaxp60.dll
2007-08-09 17:45 22,912 --a--c--- C:\WINDOWS\system32\dllcache\umaxpcls.sys
2007-08-09 17:45 22,912 --a------ C:\WINDOWS\system32\drivers\umaxpcls.sys
2007-08-08 14:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-08 13:59 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-07 20:27 <DIR> d-------- C:\ComputerFix
2007-08-07 16:10 <DIR> d-------- C:\New Folder (2)
2007-08-07 16:09 <DIR> d-------- C:\New Folder
2007-08-04 05:14 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-08-04 05:14 <DIR> d-------- C:\Program Files\YouSendIt
2007-07-26 05:24 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-07-18 15:13 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-07-18 15:13 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-07-18 15:13 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-07-18 15:13 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-07-18 15:13 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-07-18 15:13 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-07-18 15:13 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-07-18 15:13 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-07-18 15:13 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-10 22:35 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-08-07 04:11 --------- d-------- C:\Program Files\MSN Messenger
2007-08-04 05:15 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-28 13:00 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Help
2007-06-28 12:58 --------- d-------- C:\Program Files\LexmarkX84-X85
2007-06-22 03:45 --------- d-------- C:\Program Files\QuickTime
2007-05-16 16:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-04-11 23:51]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-04-11 23:51]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-04-11 23:51]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2007-04-11 23:51]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-11 23:51]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-04-11 23:51]
"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 13:36]
"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 09:36]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2007-04-11 23:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-04-11 23:51]

R1 Tcpip6;Microsoft IPv6 Protocol Driver;C:\WINDOWS\system32\DRIVERS\tcpip6.sys
R2 6to4;IPv6 Helper Service;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys
R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 SiS300i;SiS300i;C:\WINDOWS\system32\DRIVERS\sis300ip.sys
R3 SiS7018;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\ac97sis.sys
R3 tunmp;Microsoft Tun Miniport Adapter Driver;C:\WINDOWS\system32\DRIVERS\tunmp.sys
S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys


Contents of the 'Scheduled Tasks' folder
2007-08-08 02:39:22 C:\WINDOWS\Tasks\At100.job
2007-08-09 14:31:56 C:\WINDOWS\Tasks\At1000.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:19 C:\WINDOWS\Tasks\At1001.job
2007-08-10 17:32:32 C:\WINDOWS\Tasks\At1002.job
2007-08-09 17:29:30 C:\WINDOWS\Tasks\At1003.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:22 C:\WINDOWS\Tasks\At1004.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At1005.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:02 C:\WINDOWS\Tasks\At1006.job
2007-08-08 00:26:31 C:\WINDOWS\Tasks\At1007.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At1008.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:00 C:\WINDOWS\Tasks\At1009.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:31:57 C:\WINDOWS\Tasks\At101.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At1010.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:01 C:\WINDOWS\Tasks\At1011.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:24 C:\WINDOWS\Tasks\At1012.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:31:58 C:\WINDOWS\Tasks\At1013.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:14 C:\WINDOWS\Tasks\At1014.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:28 C:\WINDOWS\Tasks\At1015.job
2007-08-07 01:34:02 C:\WINDOWS\Tasks\At1016.job
2007-08-10 07:34:05 C:\WINDOWS\Tasks\At1017.job
2007-08-10 11:14:34 C:\WINDOWS\Tasks\At1018.job
2007-08-07 01:34:02 C:\WINDOWS\Tasks\At1019.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:16 C:\WINDOWS\Tasks\At102.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:37 C:\WINDOWS\Tasks\At1020.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:11 C:\WINDOWS\Tasks\At1021.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:36:37 C:\WINDOWS\Tasks\At1022.job
2007-08-10 14:13:33 C:\WINDOWS\Tasks\At1023.job
2007-08-09 14:31:56 C:\WINDOWS\Tasks\At1024.job
2007-08-10 15:45:20 C:\WINDOWS\Tasks\At1025.job
2007-08-10 17:32:33 C:\WINDOWS\Tasks\At1026.job
2007-08-09 17:29:31 C:\WINDOWS\Tasks\At1027.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:24 C:\WINDOWS\Tasks\At1028.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At1029.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:41 C:\WINDOWS\Tasks\At103.job
2007-08-10 21:35:03 C:\WINDOWS\Tasks\At1030.job
2007-08-08 00:26:49 C:\WINDOWS\Tasks\At1031.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At1032.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:00 C:\WINDOWS\Tasks\At1033.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At1034.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:13 C:\WINDOWS\Tasks\At1035.job
2007-08-08 02:39:36 C:\WINDOWS\Tasks\At1036.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:12 C:\WINDOWS\Tasks\At1037.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:24 C:\WINDOWS\Tasks\At1038.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:41 C:\WINDOWS\Tasks\At1039.job
2007-08-04 06:40:26 C:\WINDOWS\Tasks\At104.job - C:\WINDOWS\system32\winmds.exe
2007-08-07 13:39:01 C:\WINDOWS\Tasks\At1040.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:15 C:\WINDOWS\Tasks\At1041.job
2007-08-10 11:14:46 C:\WINDOWS\Tasks\At1042.job
2007-08-07 13:39:01 C:\WINDOWS\Tasks\At1043.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At1044.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At1045.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:36:38 C:\WINDOWS\Tasks\At1046.job
2007-08-10 14:13:36 C:\WINDOWS\Tasks\At1047.job
2007-08-09 14:31:58 C:\WINDOWS\Tasks\At1048.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:22 C:\WINDOWS\Tasks\At1049.job
2007-08-10 07:34:16 C:\WINDOWS\Tasks\At105.job
2007-08-10 17:32:35 C:\WINDOWS\Tasks\At1050.job
2007-08-09 17:29:32 C:\WINDOWS\Tasks\At1051.job
2007-08-10 19:32:25 C:\WINDOWS\Tasks\At1052.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At1053.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:05 C:\WINDOWS\Tasks\At1054.job
2007-08-08 00:26:50 C:\WINDOWS\Tasks\At1055.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At1056.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:00 C:\WINDOWS\Tasks\At1057.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At1058.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:14 C:\WINDOWS\Tasks\At1059.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 11:14:46 C:\WINDOWS\Tasks\At106.job
2007-08-08 02:39:37 C:\WINDOWS\Tasks\At1060.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:13 C:\WINDOWS\Tasks\At1061.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:25 C:\WINDOWS\Tasks\At1062.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:41 C:\WINDOWS\Tasks\At1063.job
2007-08-07 20:43:43 C:\WINDOWS\Tasks\At1064.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:16 C:\WINDOWS\Tasks\At1065.job
2007-08-10 11:14:46 C:\WINDOWS\Tasks\At1066.job
2007-08-07 20:43:43 C:\WINDOWS\Tasks\At1067.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At1068.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At1069.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:23:46 C:\WINDOWS\Tasks\At107.job
2007-08-10 12:36:42 C:\WINDOWS\Tasks\At1070.job
2007-08-10 14:13:57 C:\WINDOWS\Tasks\At1071.job
2007-08-09 14:31:58 C:\WINDOWS\Tasks\At1072.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:25 C:\WINDOWS\Tasks\At1073.job
2007-08-10 17:32:39 C:\WINDOWS\Tasks\At1074.job
2007-08-09 17:29:33 C:\WINDOWS\Tasks\At1075.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:27 C:\WINDOWS\Tasks\At1076.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At1077.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:10 C:\WINDOWS\Tasks\At1078.job
2007-08-08 00:26:50 C:\WINDOWS\Tasks\At1079.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At108.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At1080.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:00 C:\WINDOWS\Tasks\At1081.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At1082.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:43:47 C:\WINDOWS\Tasks\At1083.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:43:47 C:\WINDOWS\Tasks\At1084.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:14 C:\WINDOWS\Tasks\At1085.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:25 C:\WINDOWS\Tasks\At1086.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:41 C:\WINDOWS\Tasks\At1087.job
2007-08-08 02:43:47 C:\WINDOWS\Tasks\At1088.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:16 C:\WINDOWS\Tasks\At1089.job
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At109.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 11:14:47 C:\WINDOWS\Tasks\At1090.job
2007-08-08 02:43:47 C:\WINDOWS\Tasks\At1091.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At1092.job
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At1093.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:36:48 C:\WINDOWS\Tasks\At1094.job
2007-08-10 14:13:57 C:\WINDOWS\Tasks\At1095.job
2007-08-09 14:32:01 C:\WINDOWS\Tasks\At1096.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:32 C:\WINDOWS\Tasks\At1097.job
2007-08-10 17:32:44 C:\WINDOWS\Tasks\At1098.job
2007-08-09 17:29:35 C:\WINDOWS\Tasks\At1099.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:36:51 C:\WINDOWS\Tasks\At110.job
2007-08-10 19:32:29 C:\WINDOWS\Tasks\At1100.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At1101.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:16 C:\WINDOWS\Tasks\At1102.job
2007-08-08 02:43:48 C:\WINDOWS\Tasks\At1103.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At1104.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:00 C:\WINDOWS\Tasks\At1105.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At1106.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:22:24 C:\WINDOWS\Tasks\At1107.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 09:22:24 C:\WINDOWS\Tasks\At1108.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:14 C:\WINDOWS\Tasks\At1109.job
2007-08-10 14:13:57 C:\WINDOWS\Tasks\At111.job
2007-08-09 04:33:25 C:\WINDOWS\Tasks\At1110.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:41 C:\WINDOWS\Tasks\At1111.job
2007-08-08 09:22:24 C:\WINDOWS\Tasks\At1112.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:16 C:\WINDOWS\Tasks\At1113.job
2007-08-10 11:14:47 C:\WINDOWS\Tasks\At1114.job
2007-08-08 09:22:24 C:\WINDOWS\Tasks\At1115.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At1116.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At1117.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:36:52 C:\WINDOWS\Tasks\At1118.job
2007-08-10 14:13:57 C:\WINDOWS\Tasks\At1119.job
2007-08-09 14:32:02 C:\WINDOWS\Tasks\At112.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 14:32:02 C:\WINDOWS\Tasks\At1120.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:35 C:\WINDOWS\Tasks\At1121.job
2007-08-10 17:32:47 C:\WINDOWS\Tasks\At1122.job
2007-08-09 17:29:36 C:\WINDOWS\Tasks\At1123.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:29 C:\WINDOWS\Tasks\At1124.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At1125.job
2007-08-10 21:35:18 C:\WINDOWS\Tasks\At1126.job
2007-08-08 09:22:25 C:\WINDOWS\Tasks\At1127.job
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At1128.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:00 C:\WINDOWS\Tasks\At1129.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:35 C:\WINDOWS\Tasks\At113.job
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At1130.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:57:33 C:\WINDOWS\Tasks\At1131.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 15:57:33 C:\WINDOWS\Tasks\At1132.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:15 C:\WINDOWS\Tasks\At1133.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:25 C:\WINDOWS\Tasks\At1134.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:41 C:\WINDOWS\Tasks\At1135.job
2007-08-08 15:57:34 C:\WINDOWS\Tasks\At1136.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:16 C:\WINDOWS\Tasks\At1137.job
2007-08-10 11:14:47 C:\WINDOWS\Tasks\At1138.job
2007-08-08 15:57:34 C:\WINDOWS\Tasks\At1139.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 17:32:48 C:\WINDOWS\Tasks\At114.job
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At1140.job
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At1141.job
2007-08-10 12:36:54 C:\WINDOWS\Tasks\At1142.job
2007-08-10 14:13:57 C:\WINDOWS\Tasks\At1143.job
2007-08-09 14:32:02 C:\WINDOWS\Tasks\At1144.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:36 C:\WINDOWS\Tasks\At1145.job
2007-08-10 17:32:48 C:\WINDOWS\Tasks\At1146.job
2007-08-09 17:29:37 C:\WINDOWS\Tasks\At1147.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:30 C:\WINDOWS\Tasks\At1148.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At1149.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 17:29:37 C:\WINDOWS\Tasks\At115.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:19 C:\WINDOWS\Tasks\At1150.job
2007-08-08 15:57:34 C:\WINDOWS\Tasks\At1151.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At1152.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:00 C:\WINDOWS\Tasks\At1153.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At1154.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1155.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1156.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:16 C:\WINDOWS\Tasks\At1157.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:25 C:\WINDOWS\Tasks\At1158.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:41 C:\WINDOWS\Tasks\At1159.job
2007-08-10 19:32:30 C:\WINDOWS\Tasks\At116.job
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1160.job
2007-08-10 07:34:16 C:\WINDOWS\Tasks\At1161.job
2007-08-10 11:14:47 C:\WINDOWS\Tasks\At1162.job
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1163.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At1164.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At1165.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:19 C:\WINDOWS\Tasks\At1166.job
2007-08-10 14:13:57 C:\WINDOWS\Tasks\At1167.job
2007-08-09 14:32:07 C:\WINDOWS\Tasks\At1168.job
2007-08-10 15:45:37 C:\WINDOWS\Tasks\At1169.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At117.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 17:32:48 C:\WINDOWS\Tasks\At1170.job
2007-08-09 17:29:42 C:\WINDOWS\Tasks\At1171.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:41 C:\WINDOWS\Tasks\At1172.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At1173.job
2007-08-10 21:35:21 C:\WINDOWS\Tasks\At1174.job
2007-08-09 02:59:13 C:\WINDOWS\Tasks\At1175.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At1176.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:00 C:\WINDOWS\Tasks\At1177.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At1178.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1179.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:21 C:\WINDOWS\Tasks\At118.job
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1180.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1181.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1182.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:42 C:\WINDOWS\Tasks\At1183.job
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1184.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:16 C:\WINDOWS\Tasks\At1185.job
2007-08-10 11:14:47 C:\WINDOWS\Tasks\At1186.job
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1187.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:46 C:\WINDOWS\Tasks\At1188.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At1189.job
2007-08-08 00:26:50 C:\WINDOWS\Tasks\At119.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:19 C:\WINDOWS\Tasks\At1190.job
2007-08-10 14:13:57 C:\WINDOWS\Tasks\At1191.job
2007-08-09 14:32:11 C:\WINDOWS\Tasks\At1192.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:39 C:\WINDOWS\Tasks\At1193.job
2007-08-10 17:32:48 C:\WINDOWS\Tasks\At1194.job
2007-08-09 17:29:54 C:\WINDOWS\Tasks\At1195.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:42 C:\WINDOWS\Tasks\At1196.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At1197.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:27 C:\WINDOWS\Tasks\At1198.job
2007-08-09 09:51:54 C:\WINDOWS\Tasks\At1199.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At120.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At1200.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:00 C:\WINDOWS\Tasks\At1201.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At1202.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 16:34:25 C:\WINDOWS\Tasks\At1203.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 16:34:25 C:\WINDOWS\Tasks\At1204.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 16:34:25 C:\WINDOWS\Tasks\At1205.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 16:34:25 C:\WINDOWS\Tasks\At1206.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:42 C:\WINDOWS\Tasks\At1207.job
2007-08-09 16:34:25 C:\WINDOWS\Tasks\At1208.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:16 C:\WINDOWS\Tasks\At1209.job
2007-08-09 23:00:00 C:\WINDOWS\Tasks\At121.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 11:14:48 C:\WINDOWS\Tasks\At1210.job
2007-08-09 16:34:26 C:\WINDOWS\Tasks\At1211.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 16:34:26 C:\WINDOWS\Tasks\At1212.job
2007-08-09 16:34:26 C:\WINDOWS\Tasks\At1213.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:19 C:\WINDOWS\Tasks\At1214.job
2007-08-10 14:13:57 C:\WINDOWS\Tasks\At1215.job
2007-08-09 16:34:26 C:\WINDOWS\Tasks\At1216.job
2007-08-10 15:45:46 C:\WINDOWS\Tasks\At1217.job
2007-08-10 17:32:48 C:\WINDOWS\Tasks\At1218.job
2007-08-09 17:29:56 C:\WINDOWS\Tasks\At1219.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At122.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:42 C:\WINDOWS\Tasks\At1220.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At1221.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:30 C:\WINDOWS\Tasks\At1222.job
2007-08-09 16:34:26 C:\WINDOWS\Tasks\At1223.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At1224.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 01:30:38 C:\WINDOWS\Tasks\At1225.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 01:30:39 C:\WINDOWS\Tasks\At1226.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 01:30:39 C:\WINDOWS\Tasks\At1227.job
2007-08-10 01:30:39 C:\WINDOWS\Tasks\At1228.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 01:30:39 C:\WINDOWS\Tasks\At1229.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:16 C:\WINDOWS\Tasks\At123.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 01:30:39 C:\WINDOWS\Tasks\At1230.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:42 C:\WINDOWS\Tasks\At1231.job
2007-08-10 01:30:39 C:\WINDOWS\Tasks\At1232.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:16 C:\WINDOWS\Tasks\At1233.job
2007-08-10 11:14:48 C:\WINDOWS\Tasks\At1234.job
2007-08-10 01:30:39 C:\WINDOWS\Tasks\At1235.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 01:30:39 C:\WINDOWS\Tasks\At1236.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 01:30:39 C:\WINDOWS\Tasks\At1237.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:22 C:\WINDOWS\Tasks\At1238.job
2007-08-10 14:13:58 C:\WINDOWS\Tasks\At1239.job
2007-08-08 02:39:39 C:\WINDOWS\Tasks\At124.job
2007-08-10 01:30:39 C:\WINDOWS\Tasks\At1240.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:48 C:\WINDOWS\Tasks\At1241.job
2007-08-10 17:32:48 C:\WINDOWS\Tasks\At1242.job
2007-08-10 01:30:39 C:\WINDOWS\Tasks\At1243.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:42 C:\WINDOWS\Tasks\At1244.job
2007-08-10 01:30:39 C:\WINDOWS\Tasks\At1245.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:30 C:\WINDOWS\Tasks\At1246.job
2007-08-10 01:30:39 C:\WINDOWS\Tasks\At1247.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 01:30:39 C:\WINDOWS\Tasks\At1248.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:38:42 C:\WINDOWS\Tasks\At1249.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:16 C:\WINDOWS\Tasks\At125.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:38:42 C:\WINDOWS\Tasks\At1250.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:38:42 C:\WINDOWS\Tasks\At1251.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:38:48 C:\WINDOWS\Tasks\At1252.job
2007-08-10 07:38:48 C:\WINDOWS\Tasks\At1253.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:38:48 C:\WINDOWS\Tasks\At1254.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:38:48 C:\WINDOWS\Tasks\At1255.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:38:48 C:\WINDOWS\Tasks\At1256.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:38:48 C:\WINDOWS\Tasks\At1257.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 11:14:48 C:\WINDOWS\Tasks\At1258.job
2007-08-10 07:38:48 C:\WINDOWS\Tasks\At1259.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:26 C:\WINDOWS\Tasks\At126.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:38:48 C:\WINDOWS\Tasks\At1260.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:38:48 C:\WINDOWS\Tasks\At1261.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:24 C:\WINDOWS\Tasks\At1262.job
2007-08-10 14:13:58 C:\WINDOWS\Tasks\At1263.job
2007-08-10 07:38:48 C:\WINDOWS\Tasks\At1264.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:48 C:\WINDOWS\Tasks\At1265.job
2007-08-10 17:32:48 C:\WINDOWS\Tasks\At1266.job
2007-08-10 07:38:48 C:\WINDOWS\Tasks\At1267.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:42 C:\WINDOWS\Tasks\At1268.job
2007-08-10 07:38:48 C:\WINDOWS\Tasks\At1269.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:43 C:\WINDOWS\Tasks\At127.job
2007-08-10 21:35:32 C:\WINDOWS\Tasks\At1270.job
2007-08-10 07:38:48 C:\WINDOWS\Tasks\At1271.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:38:48 C:\WINDOWS\Tasks\At1272.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1273.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1274.job
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1275.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1276.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1277.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1278.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1279.job - C:\WINDOWS\system32\winmds.exe
2007-08-04 06:40:37 C:\WINDOWS\Tasks\At128.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1280.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1281.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1282.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1283.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1284.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1285.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1286.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1287.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1288.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:49 C:\WINDOWS\Tasks\At1289.job
2007-08-10 07:34:17 C:\WINDOWS\Tasks\At129.job
2007-08-10 17:32:49 C:\WINDOWS\Tasks\At1290.job
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1291.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:42 C:\WINDOWS\Tasks\At1292.job
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1293.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:32 C:\WINDOWS\Tasks\At1294.job
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1295.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 14:20:13 C:\WINDOWS\Tasks\At1296.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:41:53 C:\WINDOWS\Tasks\At1297.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:41:53 C:\WINDOWS\Tasks\At1298.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:41:54 C:\WINDOWS\Tasks\At1299.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 11:14:49 C:\WINDOWS\Tasks\At130.job
2007-08-10 21:41:54 C:\WINDOWS\Tasks\At1300.job
2007-08-10 21:41:55 C:\WINDOWS\Tasks\At1301.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:41:55 C:\WINDOWS\Tasks\At1302.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:42:17 C:\WINDOWS\Tasks\At1303.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:42:17 C:\WINDOWS\Tasks\At1304.job
2007-08-10 21:42:18 C:\WINDOWS\Tasks\At1305.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:42:19 C:\WINDOWS\Tasks\At1306.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:42:20 C:\WINDOWS\Tasks\At1307.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:42:21 C:\WINDOWS\Tasks\At1308.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:42:22 C:\WINDOWS\Tasks\At1309.job - C:\WINDOWS\system32\winmds.exe
2007-08-06 13:23:47 C:\WINDOWS\Tasks\At131.job
2007-08-10 21:42:22 C:\WINDOWS\Tasks\At1310.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:42:22 C:\WINDOWS\Tasks\At1311.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:42:23 C:\WINDOWS\Tasks\At1312.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:42:23 C:\WINDOWS\Tasks\At1313.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:42:24 C:\WINDOWS\Tasks\At1314.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:42:25 C:\WINDOWS\Tasks\At1315.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:42:25 C:\WINDOWS\Tasks\At1316.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:42:26 C:\WINDOWS\Tasks\At1317.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:42:26 C:\WINDOWS\Tasks\At1318.job
2007-08-10 21:42:26 C:\WINDOWS\Tasks\At1319.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At132.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:42:26 C:\WINDOWS\Tasks\At1320.job
2007-08-09 11:31:19 C:\WINDOWS\Tasks\At133.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:26 C:\WINDOWS\Tasks\At134.job
2007-08-10 14:13:58 C:\WINDOWS\Tasks\At135.job
2007-08-09 14:32:12 C:\WINDOWS\Tasks\At136.job
2007-08-10 15:45:49 C:\WINDOWS\Tasks\At137.job
2007-08-10 17:33:15 C:\WINDOWS\Tasks\At138.job
2007-08-09 17:29:57 C:\WINDOWS\Tasks\At139.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:42 C:\WINDOWS\Tasks\At140.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At141.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:33 C:\WINDOWS\Tasks\At142.job
2007-08-08 00:26:50 C:\WINDOWS\Tasks\At143.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At144.job
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At145.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At146.job
2007-08-08 01:39:16 C:\WINDOWS\Tasks\At147.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:39 C:\WINDOWS\Tasks\At148.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:16 C:\WINDOWS\Tasks\At149.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:26 C:\WINDOWS\Tasks\At150.job
2007-08-10 06:08:43 C:\WINDOWS\Tasks\At151.job
2007-08-04 06:40:37 C:\WINDOWS\Tasks\At152.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:17 C:\WINDOWS\Tasks\At153.job
2007-08-10 11:14:49 C:\WINDOWS\Tasks\At154.job
2007-08-06 13:23:48 C:\WINDOWS\Tasks\At155.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At156.job
2007-08-09 11:31:20 C:\WINDOWS\Tasks\At157.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:28 C:\WINDOWS\Tasks\At158.job
2007-08-10 14:13:58 C:\WINDOWS\Tasks\At159.job
2007-08-09 14:32:12 C:\WINDOWS\Tasks\At160.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:51 C:\WINDOWS\Tasks\At161.job
2007-08-10 17:33:26 C:\WINDOWS\Tasks\At162.job
2007-08-09 17:29:58 C:\WINDOWS\Tasks\At163.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:42 C:\WINDOWS\Tasks\At164.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At165.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:35 C:\WINDOWS\Tasks\At166.job
2007-08-08 00:26:51 C:\WINDOWS\Tasks\At167.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At168.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At169.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At170.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:16 C:\WINDOWS\Tasks\At171.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:40 C:\WINDOWS\Tasks\At172.job
2007-08-09 03:32:16 C:\WINDOWS\Tasks\At173.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:26 C:\WINDOWS\Tasks\At174.job
2007-08-10 06:08:43 C:\WINDOWS\Tasks\At175.job
2007-08-04 06:40:38 C:\WINDOWS\Tasks\At176.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:17 C:\WINDOWS\Tasks\At177.job
2007-08-10 11:14:49 C:\WINDOWS\Tasks\At178.job
2007-08-06 13:23:49 C:\WINDOWS\Tasks\At179.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At180.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:20 C:\WINDOWS\Tasks\At181.job
2007-08-10 12:37:28 C:\WINDOWS\Tasks\At182.job
2007-08-10 14:13:58 C:\WINDOWS\Tasks\At183.job
2007-08-09 14:32:12 C:\WINDOWS\Tasks\At184.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:53 C:\WINDOWS\Tasks\At185.job
2007-08-10 17:33:26 C:\WINDOWS\Tasks\At186.job
2007-08-09 17:29:59 C:\WINDOWS\Tasks\At187.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:42 C:\WINDOWS\Tasks\At188.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At189.job
2007-08-10 21:35:36 C:\WINDOWS\Tasks\At190.job
2007-08-08 00:26:51 C:\WINDOWS\Tasks\At191.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At192.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At193.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At194.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:16 C:\WINDOWS\Tasks\At195.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:40 C:\WINDOWS\Tasks\At196.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:17 C:\WINDOWS\Tasks\At197.job
2007-08-09 04:33:27 C:\WINDOWS\Tasks\At198.job
2007-08-10 06:08:43 C:\WINDOWS\Tasks\At199.job
2007-08-04 06:40:38 C:\WINDOWS\Tasks\At200.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:17 C:\WINDOWS\Tasks\At201.job
2007-08-10 11:14:49 C:\WINDOWS\Tasks\At202.job
2007-08-06 13:23:51 C:\WINDOWS\Tasks\At203.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At204.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:20 C:\WINDOWS\Tasks\At205.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:29 C:\WINDOWS\Tasks\At206.job
2007-08-10 14:13:58 C:\WINDOWS\Tasks\At207.job
2007-08-09 14:32:12 C:\WINDOWS\Tasks\At208.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:53 C:\WINDOWS\Tasks\At209.job
2007-08-10 17:33:27 C:\WINDOWS\Tasks\At210.job
2007-08-09 17:30:00 C:\WINDOWS\Tasks\At211.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:42 C:\WINDOWS\Tasks\At212.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At213.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:36 C:\WINDOWS\Tasks\At214.job
2007-08-08 00:26:51 C:\WINDOWS\Tasks\At215.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At216.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At217.job
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At218.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:17 C:\WINDOWS\Tasks\At219.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:40 C:\WINDOWS\Tasks\At220.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:17 C:\WINDOWS\Tasks\At221.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:27 C:\WINDOWS\Tasks\At222.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:43 C:\WINDOWS\Tasks\At223.job
2007-08-04 06:40:38 C:\WINDOWS\Tasks\At224.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:17 C:\WINDOWS\Tasks\At225.job
2007-08-10 11:14:49 C:\WINDOWS\Tasks\At226.job
2007-08-06 13:23:52 C:\WINDOWS\Tasks\At227.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At228.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:20 C:\WINDOWS\Tasks\At229.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:29 C:\WINDOWS\Tasks\At230.job
2007-08-10 14:13:58 C:\WINDOWS\Tasks\At231.job
2007-08-09 14:32:13 C:\WINDOWS\Tasks\At232.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:54 C:\WINDOWS\Tasks\At233.job
2007-08-10 17:33:27 C:\WINDOWS\Tasks\At234.job
2007-08-09 17:30:00 C:\WINDOWS\Tasks\At235.job
2007-08-10 19:32:43 C:\WINDOWS\Tasks\At236.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At237.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:36 C:\WINDOWS\Tasks\At238.job
2007-08-08 00:26:51 C:\WINDOWS\Tasks\At239.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At240.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At241.job
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At242.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:17 C:\WINDOWS\Tasks\At243.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:40 C:\WINDOWS\Tasks\At244.job
2007-08-09 03:32:17 C:\WINDOWS\Tasks\At245.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:27 C:\WINDOWS\Tasks\At246.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:43 C:\WINDOWS\Tasks\At247.job
2007-08-04 06:40:38 C:\WINDOWS\Tasks\At248.job
2007-08-10 07:34:17 C:\WINDOWS\Tasks\At249.job
2007-08-10 11:14:49 C:\WINDOWS\Tasks\At250.job
2007-08-06 13:23:52 C:\WINDOWS\Tasks\At251.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At252.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:21 C:\WINDOWS\Tasks\At253.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:29 C:\WINDOWS\Tasks\At254.job
2007-08-10 14:13:58 C:\WINDOWS\Tasks\At255.job
2007-08-09 14:32:16 C:\WINDOWS\Tasks\At256.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:54 C:\WINDOWS\Tasks\At257.job
2007-08-10 17:33:27 C:\WINDOWS\Tasks\At258.job
2007-08-09 17:30:01 C:\WINDOWS\Tasks\At259.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:43 C:\WINDOWS\Tasks\At260.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At261.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:36 C:\WINDOWS\Tasks\At262.job
2007-08-08 00:26:51 C:\WINDOWS\Tasks\At263.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At264.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At265.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At266.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:17 C:\WINDOWS\Tasks\At267.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:41 C:\WINDOWS\Tasks\At268.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:17 C:\WINDOWS\Tasks\At269.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:27 C:\WINDOWS\Tasks\At270.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:43 C:\WINDOWS\Tasks\At271.job
2007-08-04 06:40:38 C:\WINDOWS\Tasks\At272.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:17 C:\WINDOWS\Tasks\At273.job
2007-08-10 11:14:50 C:\WINDOWS\Tasks\At274.job
2007-08-06 13:24:06 C:\WINDOWS\Tasks\At275.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At276.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:21 C:\WINDOWS\Tasks\At277.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:29 C:\WINDOWS\Tasks\At278.job
2007-08-10 14:13:58 C:\WINDOWS\Tasks\At279.job
2007-08-09 14:32:22 C:\WINDOWS\Tasks\At280.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:54 C:\WINDOWS\Tasks\At281.job
2007-08-10 17:33:27 C:\WINDOWS\Tasks\At282.job
2007-08-09 17:30:02 C:\WINDOWS\Tasks\At283.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:43 C:\WINDOWS\Tasks\At284.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At285.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:36 C:\WINDOWS\Tasks\At286.job
2007-08-08 00:26:51 C:\WINDOWS\Tasks\At287.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At288.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At289.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At290.job
2007-08-08 01:39:17 C:\WINDOWS\Tasks\At291.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:41 C:\WINDOWS\Tasks\At292.job
2007-08-09 03:32:18 C:\WINDOWS\Tasks\At293.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:27 C:\WINDOWS\Tasks\At294.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:44 C:\WINDOWS\Tasks\At295.job
2007-08-04 06:40:38 C:\WINDOWS\Tasks\At296.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:17 C:\WINDOWS\Tasks\At297.job
2007-08-10 11:14:50 C:\WINDOWS\Tasks\At298.job
2007-08-06 13:24:07 C:\WINDOWS\Tasks\At299.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At300.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:21 C:\WINDOWS\Tasks\At301.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:30 C:\WINDOWS\Tasks\At302.job
2007-08-10 14:13:58 C:\WINDOWS\Tasks\At303.job
2007-08-09 14:32:24 C:\WINDOWS\Tasks\At304.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:54 C:\WINDOWS\Tasks\At305.job
2007-08-10 17:33:28 C:\WINDOWS\Tasks\At306.job
2007-08-09 17:30:03 C:\WINDOWS\Tasks\At307.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:43 C:\WINDOWS\Tasks\At308.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At309.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:37 C:\WINDOWS\Tasks\At310.job
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At311.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At312.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At313.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At314.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:17 C:\WINDOWS\Tasks\At315.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:41 C:\WINDOWS\Tasks\At316.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:18 C:\WINDOWS\Tasks\At317.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:27 C:\WINDOWS\Tasks\At318.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:44 C:\WINDOWS\Tasks\At319.job
2007-08-04 06:40:38 C:\WINDOWS\Tasks\At320.job
2007-08-10 07:34:18 C:\WINDOWS\Tasks\At321.job
2007-08-10 11:14:50 C:\WINDOWS\Tasks\At322.job
2007-08-06 13:24:09 C:\WINDOWS\Tasks\At323.job
2007-08-09 10:35:47 C:\WINDOWS\Tasks\At324.job
2007-08-09 11:31:21 C:\WINDOWS\Tasks\At325.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:30 C:\WINDOWS\Tasks\At326.job
2007-08-10 14:13:58 C:\WINDOWS\Tasks\At327.job
2007-08-09 14:32:25 C:\WINDOWS\Tasks\At328.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:54 C:\WINDOWS\Tasks\At329.job
2007-08-10 17:33:28 C:\WINDOWS\Tasks\At330.job
2007-08-09 17:30:03 C:\WINDOWS\Tasks\At331.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:43 C:\WINDOWS\Tasks\At332.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At333.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:37 C:\WINDOWS\Tasks\At334.job
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At335.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At336.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At337.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At338.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:17 C:\WINDOWS\Tasks\At339.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:41 C:\WINDOWS\Tasks\At340.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:18 C:\WINDOWS\Tasks\At341.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:27 C:\WINDOWS\Tasks\At342.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:44 C:\WINDOWS\Tasks\At343.job
2007-08-04 06:40:39 C:\WINDOWS\Tasks\At344.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:18 C:\WINDOWS\Tasks\At345.job
2007-08-10 11:14:50 C:\WINDOWS\Tasks\At346.job
2007-08-06 13:24:09 C:\WINDOWS\Tasks\At347.job
2007-08-09 10:35:48 C:\WINDOWS\Tasks\At348.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:21 C:\WINDOWS\Tasks\At349.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:31 C:\WINDOWS\Tasks\At350.job
2007-08-10 14:13:58 C:\WINDOWS\Tasks\At351.job
2007-08-09 14:32:26 C:\WINDOWS\Tasks\At352.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:54 C:\WINDOWS\Tasks\At353.job
2007-08-10 17:33:28 C:\WINDOWS\Tasks\At354.job
2007-08-09 17:30:03 C:\WINDOWS\Tasks\At355.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:43 C:\WINDOWS\Tasks\At356.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At357.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:37 C:\WINDOWS\Tasks\At358.job
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At359.job
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At360.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At361.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At362.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:18 C:\WINDOWS\Tasks\At363.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:41 C:\WINDOWS\Tasks\At364.job
2007-08-09 03:32:18 C:\WINDOWS\Tasks\At365.job
2007-08-09 04:33:28 C:\WINDOWS\Tasks\At366.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:44 C:\WINDOWS\Tasks\At367.job
2007-08-04 06:40:39 C:\WINDOWS\Tasks\At368.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:18 C:\WINDOWS\Tasks\At369.job
2007-08-10 11:14:50 C:\WINDOWS\Tasks\At370.job
2007-08-06 13:24:09 C:\WINDOWS\Tasks\At371.job
2007-08-09 10:35:48 C:\WINDOWS\Tasks\At372.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:21 C:\WINDOWS\Tasks\At373.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:31 C:\WINDOWS\Tasks\At374.job
2007-08-10 14:13:58 C:\WINDOWS\Tasks\At375.job
2007-08-09 14:32:27 C:\WINDOWS\Tasks\At376.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:54 C:\WINDOWS\Tasks\At377.job
2007-08-10 17:33:28 C:\WINDOWS\Tasks\At378.job
2007-08-09 17:30:03 C:\WINDOWS\Tasks\At379.job
2007-08-10 19:32:43 C:\WINDOWS\Tasks\At380.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At381.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:37 C:\WINDOWS\Tasks\At382.job
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At383.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At384.job
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At385.job
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At386.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:18 C:\WINDOWS\Tasks\At387.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:42 C:\WINDOWS\Tasks\At388.job
2007-08-09 03:32:18 C:\WINDOWS\Tasks\At389.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:28 C:\WINDOWS\Tasks\At390.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:44 C:\WINDOWS\Tasks\At391.job
2007-08-04 06:40:39 C:\WINDOWS\Tasks\At392.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:18 C:\WINDOWS\Tasks\At393.job
2007-08-10 11:14:51 C:\WINDOWS\Tasks\At394.job
2007-08-06 13:24:10 C:\WINDOWS\Tasks\At395.job
2007-08-09 10:35:48 C:\WINDOWS\Tasks\At396.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At397.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:31 C:\WINDOWS\Tasks\At398.job
2007-08-10 14:13:58 C:\WINDOWS\Tasks\At399.job
2007-08-09 14:32:28 C:\WINDOWS\Tasks\At400.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:54 C:\WINDOWS\Tasks\At401.job
2007-08-10 17:33:29 C:\WINDOWS\Tasks\At402.job
2007-08-09 17:30:03 C:\WINDOWS\Tasks\At403.job
2007-08-10 19:32:43 C:\WINDOWS\Tasks\At404.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At405.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:37 C:\WINDOWS\Tasks\At406.job
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At407.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At408.job
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At409.job
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At410.job
2007-08-08 01:39:18 C:\WINDOWS\Tasks\At411.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:42 C:\WINDOWS\Tasks\At412.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:18 C:\WINDOWS\Tasks\At413.job
2007-08-09 04:33:28 C:\WINDOWS\Tasks\At414.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:45 C:\WINDOWS\Tasks\At415.job
2007-08-04 06:40:39 C:\WINDOWS\Tasks\At416.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:18 C:\WINDOWS\Tasks\At417.job
2007-08-10 11:14:51 C:\WINDOWS\Tasks\At418.job
2007-08-06 13:24:10 C:\WINDOWS\Tasks\At419.job
2007-08-09 10:35:48 C:\WINDOWS\Tasks\At420.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At421.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:31 C:\WINDOWS\Tasks\At422.job
2007-08-10 14:13:58 C:\WINDOWS\Tasks\At423.job
2007-08-09 14:32:28 C:\WINDOWS\Tasks\At424.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:55 C:\WINDOWS\Tasks\At425.job
2007-08-10 17:33:29 C:\WINDOWS\Tasks\At426.job
2007-08-09 17:30:03 C:\WINDOWS\Tasks\At427.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:44 C:\WINDOWS\Tasks\At428.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At429.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:37 C:\WINDOWS\Tasks\At430.job
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At431.job
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At432.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At433.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At434.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:18 C:\WINDOWS\Tasks\At435.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:42 C:\WINDOWS\Tasks\At436.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:19 C:\WINDOWS\Tasks\At437.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:28 C:\WINDOWS\Tasks\At438.job
2007-08-10 06:08:45 C:\WINDOWS\Tasks\At439.job
2007-08-04 06:40:39 C:\WINDOWS\Tasks\At440.job
2007-08-10 07:34:18 C:\WINDOWS\Tasks\At441.job
2007-08-10 11:14:51 C:\WINDOWS\Tasks\At442.job
2007-08-06 13:24:10 C:\WINDOWS\Tasks\At443.job
2007-08-09 10:35:48 C:\WINDOWS\Tasks\At444.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At445.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:32 C:\WINDOWS\Tasks\At446.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At447.job
2007-08-09 14:32:28 C:\WINDOWS\Tasks\At448.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:55 C:\WINDOWS\Tasks\At449.job
2007-08-10 17:33:29 C:\WINDOWS\Tasks\At450.job
2007-08-09 17:30:04 C:\WINDOWS\Tasks\At451.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:44 C:\WINDOWS\Tasks\At452.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At453.job
2007-08-10 21:35:37 C:\WINDOWS\Tasks\At454.job
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At455.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At456.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At457.job
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At458.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:18 C:\WINDOWS\Tasks\At459.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:43 C:\WINDOWS\Tasks\At460.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:19 C:\WINDOWS\Tasks\At461.job
2007-08-09 04:33:28 C:\WINDOWS\Tasks\At462.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:45 C:\WINDOWS\Tasks\At463.job
2007-08-04 06:40:40 C:\WINDOWS\Tasks\At464.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:18 C:\WINDOWS\Tasks\At465.job
2007-08-10 11:14:51 C:\WINDOWS\Tasks\At466.job
2007-08-06 13:24:10 C:\WINDOWS\Tasks\At467.job
2007-08-09 10:35:48 C:\WINDOWS\Tasks\At468.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At469.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:32 C:\WINDOWS\Tasks\At470.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At471.job
2007-08-09 14:32:29 C:\WINDOWS\Tasks\At472.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:55 C:\WINDOWS\Tasks\At473.job
2007-08-10 17:33:29 C:\WINDOWS\Tasks\At474.job
2007-08-09 17:30:04 C:\WINDOWS\Tasks\At475.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:44 C:\WINDOWS\Tasks\At476.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At477.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:37 C:\WINDOWS\Tasks\At478.job
2007-08-08 00:26:52 C:\WINDOWS\Tasks\At479.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At480.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At481.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At482.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:18 C:\WINDOWS\Tasks\At483.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:43 C:\WINDOWS\Tasks\At484.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:19 C:\WINDOWS\Tasks\At485.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:28 C:\WINDOWS\Tasks\At486.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:45 C:\WINDOWS\Tasks\At487.job
2007-08-04 06:40:40 C:\WINDOWS\Tasks\At488.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:18 C:\WINDOWS\Tasks\At489.job
2007-08-10 11:14:51 C:\WINDOWS\Tasks\At490.job
2007-08-06 13:24:11 C:\WINDOWS\Tasks\At491.job
2007-08-09 10:35:48 C:\WINDOWS\Tasks\At492.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At493.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:32 C:\WINDOWS\Tasks\At494.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At495.job
2007-08-09 14:32:31 C:\WINDOWS\Tasks\At496.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:55 C:\WINDOWS\Tasks\At497.job
2007-08-10 17:33:30 C:\WINDOWS\Tasks\At498.job
2007-08-09 17:30:04 C:\WINDOWS\Tasks\At499.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:44 C:\WINDOWS\Tasks\At500.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At501.job
2007-08-10 21:35:38 C:\WINDOWS\Tasks\At502.job
2007-08-08 00:26:53 C:\WINDOWS\Tasks\At503.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At504.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:01 C:\WINDOWS\Tasks\At505.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At506.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:19 C:\WINDOWS\Tasks\At507.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:44 C:\WINDOWS\Tasks\At508.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:19 C:\WINDOWS\Tasks\At509.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:33 C:\WINDOWS\Tasks\At510.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:45 C:\WINDOWS\Tasks\At511.job
2007-08-04 06:40:40 C:\WINDOWS\Tasks\At512.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:19 C:\WINDOWS\Tasks\At513.job
2007-08-10 11:14:51 C:\WINDOWS\Tasks\At514.job
2007-08-06 13:24:12 C:\WINDOWS\Tasks\At515.job
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At516.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At517.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:34 C:\WINDOWS\Tasks\At518.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At519.job
2007-08-09 14:32:33 C:\WINDOWS\Tasks\At520.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:55 C:\WINDOWS\Tasks\At521.job
2007-08-10 17:33:30 C:\WINDOWS\Tasks\At522.job
2007-08-09 17:30:04 C:\WINDOWS\Tasks\At523.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:44 C:\WINDOWS\Tasks\At524.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At525.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:38 C:\WINDOWS\Tasks\At526.job
2007-08-08 00:26:53 C:\WINDOWS\Tasks\At527.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At528.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At529.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At530.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:19 C:\WINDOWS\Tasks\At531.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:44 C:\WINDOWS\Tasks\At532.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:19 C:\WINDOWS\Tasks\At533.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:34 C:\WINDOWS\Tasks\At534.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:45 C:\WINDOWS\Tasks\At535.job
2007-08-04 06:40:40 C:\WINDOWS\Tasks\At536.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:19 C:\WINDOWS\Tasks\At537.job
2007-08-10 11:14:51 C:\WINDOWS\Tasks\At538.job
2007-08-06 13:24:13 C:\WINDOWS\Tasks\At539.job
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At540.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At541.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:35 C:\WINDOWS\Tasks\At542.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At543.job
2007-08-09 14:32:33 C:\WINDOWS\Tasks\At544.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:55 C:\WINDOWS\Tasks\At545.job
2007-08-10 17:33:30 C:\WINDOWS\Tasks\At546.job
2007-08-09 17:30:04 C:\WINDOWS\Tasks\At547.job
2007-08-10 19:32:44 C:\WINDOWS\Tasks\At548.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At549.job
2007-08-10 21:35:38 C:\WINDOWS\Tasks\At550.job
2007-08-08 00:26:53 C:\WINDOWS\Tasks\At551.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At552.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At553.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At554.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:19 C:\WINDOWS\Tasks\At555.job
2007-08-08 02:39:45 C:\WINDOWS\Tasks\At556.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:19 C:\WINDOWS\Tasks\At557.job
2007-08-09 04:33:35 C:\WINDOWS\Tasks\At558.job
2007-08-10 06:08:45 C:\WINDOWS\Tasks\At559.job
2007-08-04 06:40:41 C:\WINDOWS\Tasks\At560.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:21 C:\WINDOWS\Tasks\At561.job
2007-08-10 11:14:51 C:\WINDOWS\Tasks\At562.job
2007-08-06 13:24:13 C:\WINDOWS\Tasks\At563.job
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At564.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:22 C:\WINDOWS\Tasks\At565.job
2007-08-10 12:37:35 C:\WINDOWS\Tasks\At566.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At567.job
2007-08-09 14:32:33 C:\WINDOWS\Tasks\At568.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:55 C:\WINDOWS\Tasks\At569.job
2007-08-10 17:33:31 C:\WINDOWS\Tasks\At570.job
2007-08-09 17:30:04 C:\WINDOWS\Tasks\At571.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:44 C:\WINDOWS\Tasks\At572.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At573.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:38 C:\WINDOWS\Tasks\At574.job
2007-08-08 00:26:53 C:\WINDOWS\Tasks\At575.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At576.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At577.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At578.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:19 C:\WINDOWS\Tasks\At579.job
2007-08-08 02:39:47 C:\WINDOWS\Tasks\At580.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:20 C:\WINDOWS\Tasks\At581.job
2007-08-09 04:33:36 C:\WINDOWS\Tasks\At582.job
2007-08-10 06:08:45 C:\WINDOWS\Tasks\At583.job
2007-08-04 06:40:41 C:\WINDOWS\Tasks\At584.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:25 C:\WINDOWS\Tasks\At585.job
2007-08-10 11:14:51 C:\WINDOWS\Tasks\At586.job
2007-08-06 13:24:13 C:\WINDOWS\Tasks\At587.job
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At588.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:24 C:\WINDOWS\Tasks\At589.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:35 C:\WINDOWS\Tasks\At590.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At591.job
2007-08-09 14:32:33 C:\WINDOWS\Tasks\At592.job
2007-08-10 15:45:55 C:\WINDOWS\Tasks\At593.job
2007-08-10 17:33:32 C:\WINDOWS\Tasks\At594.job
2007-08-09 17:30:05 C:\WINDOWS\Tasks\At595.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:44 C:\WINDOWS\Tasks\At596.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At597.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:38 C:\WINDOWS\Tasks\At598.job
2007-08-08 00:26:53 C:\WINDOWS\Tasks\At599.job
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At600.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At601.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At602.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:19 C:\WINDOWS\Tasks\At603.job
2007-08-08 02:39:47 C:\WINDOWS\Tasks\At604.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:20 C:\WINDOWS\Tasks\At605.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:36 C:\WINDOWS\Tasks\At606.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:46 C:\WINDOWS\Tasks\At607.job
2007-08-04 06:40:41 C:\WINDOWS\Tasks\At608.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:28 C:\WINDOWS\Tasks\At609.job
2007-08-10 11:14:52 C:\WINDOWS\Tasks\At610.job
2007-08-06 13:24:13 C:\WINDOWS\Tasks\At611.job
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At612.job
2007-08-09 11:31:24 C:\WINDOWS\Tasks\At613.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:35 C:\WINDOWS\Tasks\At614.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At615.job
2007-08-09 14:32:33 C:\WINDOWS\Tasks\At616.job
2007-08-10 15:45:56 C:\WINDOWS\Tasks\At617.job
2007-08-10 17:33:32 C:\WINDOWS\Tasks\At618.job
2007-08-09 17:30:05 C:\WINDOWS\Tasks\At619.job
2007-08-10 19:32:44 C:\WINDOWS\Tasks\At620.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At621.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:39 C:\WINDOWS\Tasks\At622.job
2007-08-08 00:26:53 C:\WINDOWS\Tasks\At623.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At624.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At625.job
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At626.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:20 C:\WINDOWS\Tasks\At627.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:47 C:\WINDOWS\Tasks\At628.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:20 C:\WINDOWS\Tasks\At629.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:37 C:\WINDOWS\Tasks\At630.job
2007-08-10 06:08:46 C:\WINDOWS\Tasks\At631.job
2007-08-04 06:40:41 C:\WINDOWS\Tasks\At632.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:30 C:\WINDOWS\Tasks\At633.job
2007-08-10 11:14:52 C:\WINDOWS\Tasks\At634.job
2007-08-06 13:24:18 C:\WINDOWS\Tasks\At635.job
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At636.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:24 C:\WINDOWS\Tasks\At637.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:36 C:\WINDOWS\Tasks\At638.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At639.job
2007-08-09 14:32:33 C:\WINDOWS\Tasks\At640.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:56 C:\WINDOWS\Tasks\At641.job
2007-08-10 17:33:32 C:\WINDOWS\Tasks\At642.job
2007-08-09 17:30:05 C:\WINDOWS\Tasks\At643.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:45 C:\WINDOWS\Tasks\At644.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At645.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:39 C:\WINDOWS\Tasks\At646.job
2007-08-08 00:26:53 C:\WINDOWS\Tasks\At647.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At648.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At649.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At650.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:20 C:\WINDOWS\Tasks\At651.job
2007-08-08 02:39:47 C:\WINDOWS\Tasks\At652.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:20 C:\WINDOWS\Tasks\At653.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:37 C:\WINDOWS\Tasks\At654.job
2007-08-10 06:08:46 C:\WINDOWS\Tasks\At655.job
2007-08-04 06:40:41 C:\WINDOWS\Tasks\At656.job
2007-08-10 07:34:32 C:\WINDOWS\Tasks\At657.job
2007-08-10 11:14:52 C:\WINDOWS\Tasks\At658.job
2007-08-06 13:24:19 C:\WINDOWS\Tasks\At659.job
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At660.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:24 C:\WINDOWS\Tasks\At661.job
2007-08-10 12:37:36 C:\WINDOWS\Tasks\At662.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At663.job
2007-08-09 14:32:33 C:\WINDOWS\Tasks\At664.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:56 C:\WINDOWS\Tasks\At665.job
2007-08-10 17:33:32 C:\WINDOWS\Tasks\At666.job
2007-08-09 17:30:05 C:\WINDOWS\Tasks\At667.job
2007-08-10 19:32:45 C:\WINDOWS\Tasks\At668.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At669.job
2007-08-10 21:35:39 C:\WINDOWS\Tasks\At670.job
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At671.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At672.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At673.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At674.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:20 C:\WINDOWS\Tasks\At675.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:47 C:\WINDOWS\Tasks\At676.job
2007-08-09 03:32:20 C:\WINDOWS\Tasks\At677.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:37 C:\WINDOWS\Tasks\At678.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:46 C:\WINDOWS\Tasks\At679.job
2007-08-04 06:40:41 C:\WINDOWS\Tasks\At680.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:32 C:\WINDOWS\Tasks\At681.job
2007-08-10 11:14:52 C:\WINDOWS\Tasks\At682.job
2007-08-06 13:24:21 C:\WINDOWS\Tasks\At683.job
2007-08-09 10:35:49 C:\WINDOWS\Tasks\At684.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:26 C:\WINDOWS\Tasks\At685.job
2007-08-10 12:37:36 C:\WINDOWS\Tasks\At686.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At687.job
2007-08-09 14:32:34 C:\WINDOWS\Tasks\At688.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:56 C:\WINDOWS\Tasks\At689.job
2007-08-10 17:33:33 C:\WINDOWS\Tasks\At690.job
2007-08-09 17:30:05 C:\WINDOWS\Tasks\At691.job
2007-08-10 19:32:45 C:\WINDOWS\Tasks\At692.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At693.job
2007-08-10 21:35:39 C:\WINDOWS\Tasks\At694.job
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At695.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At696.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At697.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At698.job
2007-08-08 01:39:20 C:\WINDOWS\Tasks\At699.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:47 C:\WINDOWS\Tasks\At700.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:20 C:\WINDOWS\Tasks\At701.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:37 C:\WINDOWS\Tasks\At702.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:46 C:\WINDOWS\Tasks\At703.job
2007-08-04 06:40:41 C:\WINDOWS\Tasks\At704.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:33 C:\WINDOWS\Tasks\At705.job
2007-08-10 11:14:52 C:\WINDOWS\Tasks\At706.job
2007-08-06 13:24:21 C:\WINDOWS\Tasks\At707.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At708.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:26 C:\WINDOWS\Tasks\At709.job
2007-08-10 12:37:38 C:\WINDOWS\Tasks\At710.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At711.job
2007-08-09 14:32:34 C:\WINDOWS\Tasks\At712.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:56 C:\WINDOWS\Tasks\At713.job
2007-08-10 17:33:35 C:\WINDOWS\Tasks\At714.job
2007-08-09 17:30:06 C:\WINDOWS\Tasks\At715.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:45 C:\WINDOWS\Tasks\At716.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At717.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:39 C:\WINDOWS\Tasks\At718.job
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At719.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At720.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At721.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At722.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:20 C:\WINDOWS\Tasks\At723.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:48 C:\WINDOWS\Tasks\At724.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:21 C:\WINDOWS\Tasks\At725.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:38 C:\WINDOWS\Tasks\At726.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:46 C:\WINDOWS\Tasks\At727.job
2007-08-04 06:40:43 C:\WINDOWS\Tasks\At728.job
2007-08-10 07:34:35 C:\WINDOWS\Tasks\At729.job
2007-08-10 11:14:52 C:\WINDOWS\Tasks\At730.job
2007-08-06 13:24:23 C:\WINDOWS\Tasks\At731.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At732.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:26 C:\WINDOWS\Tasks\At733.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:39 C:\WINDOWS\Tasks\At734.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At735.job
2007-08-09 14:32:34 C:\WINDOWS\Tasks\At736.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:56 C:\WINDOWS\Tasks\At737.job
2007-08-10 17:33:35 C:\WINDOWS\Tasks\At738.job
2007-08-09 17:30:06 C:\WINDOWS\Tasks\At739.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:45 C:\WINDOWS\Tasks\At740.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At741.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:39 C:\WINDOWS\Tasks\At742.job
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At743.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At744.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At745.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At746.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:20 C:\WINDOWS\Tasks\At747.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:48 C:\WINDOWS\Tasks\At748.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:21 C:\WINDOWS\Tasks\At749.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:38 C:\WINDOWS\Tasks\At750.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:46 C:\WINDOWS\Tasks\At751.job
2007-08-04 06:40:43 C:\WINDOWS\Tasks\At752.job
2007-08-10 07:34:36 C:\WINDOWS\Tasks\At753.job
2007-08-10 11:14:52 C:\WINDOWS\Tasks\At754.job
2007-08-06 13:24:23 C:\WINDOWS\Tasks\At755.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At756.job
2007-08-09 11:31:26 C:\WINDOWS\Tasks\At757.job
2007-08-10 12:37:40 C:\WINDOWS\Tasks\At758.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At759.job
2007-08-09 14:32:34 C:\WINDOWS\Tasks\At760.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:56 C:\WINDOWS\Tasks\At761.job
2007-08-10 17:33:35 C:\WINDOWS\Tasks\At762.job
2007-08-09 17:30:06 C:\WINDOWS\Tasks\At763.job
2007-08-10 19:32:45 C:\WINDOWS\Tasks\At764.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At765.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:39 C:\WINDOWS\Tasks\At766.job
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At767.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At768.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At769.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At770.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:21 C:\WINDOWS\Tasks\At771.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:48 C:\WINDOWS\Tasks\At772.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:21 C:\WINDOWS\Tasks\At773.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:38 C:\WINDOWS\Tasks\At774.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:46 C:\WINDOWS\Tasks\At775.job
2007-08-04 06:40:43 C:\WINDOWS\Tasks\At776.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:36 C:\WINDOWS\Tasks\At777.job
2007-08-10 11:14:52 C:\WINDOWS\Tasks\At778.job
2007-08-06 13:24:23 C:\WINDOWS\Tasks\At779.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At780.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:26 C:\WINDOWS\Tasks\At781.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:40 C:\WINDOWS\Tasks\At782.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At783.job
2007-08-09 14:32:34 C:\WINDOWS\Tasks\At784.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:57 C:\WINDOWS\Tasks\At785.job
2007-08-10 17:33:36 C:\WINDOWS\Tasks\At786.job
2007-08-09 17:30:06 C:\WINDOWS\Tasks\At787.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:45 C:\WINDOWS\Tasks\At788.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At789.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:39 C:\WINDOWS\Tasks\At790.job
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At791.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At792.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At793.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At794.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:21 C:\WINDOWS\Tasks\At795.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:48 C:\WINDOWS\Tasks\At796.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:21 C:\WINDOWS\Tasks\At797.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:39 C:\WINDOWS\Tasks\At798.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:47 C:\WINDOWS\Tasks\At799.job
2007-08-04 06:40:43 C:\WINDOWS\Tasks\At800.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:37 C:\WINDOWS\Tasks\At801.job
2007-08-10 11:14:53 C:\WINDOWS\Tasks\At802.job
2007-08-06 13:24:24 C:\WINDOWS\Tasks\At803.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At804.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:29 C:\WINDOWS\Tasks\At805.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:41 C:\WINDOWS\Tasks\At806.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At807.job
2007-08-09 14:32:34 C:\WINDOWS\Tasks\At808.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:57 C:\WINDOWS\Tasks\At809.job
2007-08-10 17:33:36 C:\WINDOWS\Tasks\At810.job
2007-08-09 17:30:07 C:\WINDOWS\Tasks\At811.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:45 C:\WINDOWS\Tasks\At812.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At813.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:40 C:\WINDOWS\Tasks\At814.job
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At815.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At816.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At817.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At818.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:21 C:\WINDOWS\Tasks\At819.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:48 C:\WINDOWS\Tasks\At820.job
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At821.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:40 C:\WINDOWS\Tasks\At822.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:47 C:\WINDOWS\Tasks\At823.job
2007-08-04 06:40:45 C:\WINDOWS\Tasks\At824.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:37 C:\WINDOWS\Tasks\At825.job
2007-08-10 11:14:53 C:\WINDOWS\Tasks\At826.job
2007-08-06 13:24:25 C:\WINDOWS\Tasks\At827.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At828.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:30 C:\WINDOWS\Tasks\At829.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:41 C:\WINDOWS\Tasks\At830.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At831.job
2007-08-09 14:32:34 C:\WINDOWS\Tasks\At832.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:57 C:\WINDOWS\Tasks\At833.job
2007-08-10 17:33:36 C:\WINDOWS\Tasks\At834.job
2007-08-09 17:30:11 C:\WINDOWS\Tasks\At835.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:46 C:\WINDOWS\Tasks\At836.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At837.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:40 C:\WINDOWS\Tasks\At838.job
2007-08-08 00:26:54 C:\WINDOWS\Tasks\At839.job
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At840.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At841.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At842.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:21 C:\WINDOWS\Tasks\At843.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:48 C:\WINDOWS\Tasks\At844.job
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At845.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:40 C:\WINDOWS\Tasks\At846.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:47 C:\WINDOWS\Tasks\At847.job
2007-08-04 06:40:45 C:\WINDOWS\Tasks\At848.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:37 C:\WINDOWS\Tasks\At849.job
2007-08-10 11:14:53 C:\WINDOWS\Tasks\At850.job
2007-08-06 13:24:25 C:\WINDOWS\Tasks\At851.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At852.job
2007-08-09 11:31:31 C:\WINDOWS\Tasks\At853.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:42 C:\WINDOWS\Tasks\At854.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At855.job
2007-08-09 14:32:34 C:\WINDOWS\Tasks\At856.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:57 C:\WINDOWS\Tasks\At857.job
2007-08-10 17:33:36 C:\WINDOWS\Tasks\At858.job
2007-08-09 17:30:12 C:\WINDOWS\Tasks\At859.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:46 C:\WINDOWS\Tasks\At860.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At861.job
2007-08-10 21:35:40 C:\WINDOWS\Tasks\At862.job
2007-08-08 00:26:55 C:\WINDOWS\Tasks\At863.job
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At864.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At865.job
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At866.job
2007-08-08 01:39:21 C:\WINDOWS\Tasks\At867.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:49 C:\WINDOWS\Tasks\At868.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At869.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:41 C:\WINDOWS\Tasks\At870.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:47 C:\WINDOWS\Tasks\At871.job
2007-08-04 16:41:47 C:\WINDOWS\Tasks\At872.job
2007-08-10 07:34:37 C:\WINDOWS\Tasks\At873.job
2007-08-10 11:14:53 C:\WINDOWS\Tasks\At874.job
2007-08-06 13:24:25 C:\WINDOWS\Tasks\At875.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At876.job
2007-08-09 11:31:33 C:\WINDOWS\Tasks\At877.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:42 C:\WINDOWS\Tasks\At878.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At879.job
2007-08-09 14:32:35 C:\WINDOWS\Tasks\At880.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:57 C:\WINDOWS\Tasks\At881.job
2007-08-10 17:33:37 C:\WINDOWS\Tasks\At882.job
2007-08-09 17:30:12 C:\WINDOWS\Tasks\At883.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:46 C:\WINDOWS\Tasks\At884.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At885.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:40 C:\WINDOWS\Tasks\At886.job
2007-08-08 00:26:55 C:\WINDOWS\Tasks\At887.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At888.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At889.job
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At890.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:22 C:\WINDOWS\Tasks\At891.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:49 C:\WINDOWS\Tasks\At892.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At893.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:44 C:\WINDOWS\Tasks\At894.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:47 C:\WINDOWS\Tasks\At895.job
2007-08-04 22:47:46 C:\WINDOWS\Tasks\At896.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:37 C:\WINDOWS\Tasks\At897.job
2007-08-10 11:14:53 C:\WINDOWS\Tasks\At898.job
2007-08-06 13:24:25 C:\WINDOWS\Tasks\At899.job
2007-08-09 10:35:50 C:\WINDOWS\Tasks\At900.job
2007-08-09 11:31:35 C:\WINDOWS\Tasks\At901.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:42 C:\WINDOWS\Tasks\At902.job
2007-08-10 14:13:59 C:\WINDOWS\Tasks\At903.job
2007-08-09 14:32:35 C:\WINDOWS\Tasks\At904.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:57 C:\WINDOWS\Tasks\At905.job
2007-08-10 17:33:37 C:\WINDOWS\Tasks\At906.job
2007-08-09 17:30:12 C:\WINDOWS\Tasks\At907.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:46 C:\WINDOWS\Tasks\At908.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At909.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:40 C:\WINDOWS\Tasks\At910.job
2007-08-08 00:26:55 C:\WINDOWS\Tasks\At911.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At912.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At913.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At914.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:22 C:\WINDOWS\Tasks\At915.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:49 C:\WINDOWS\Tasks\At916.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At917.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:44 C:\WINDOWS\Tasks\At918.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:47 C:\WINDOWS\Tasks\At919.job
2007-08-05 08:32:22 C:\WINDOWS\Tasks\At920.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:37 C:\WINDOWS\Tasks\At921.job
2007-08-10 11:14:53 C:\WINDOWS\Tasks\At922.job
2007-08-06 13:24:25 C:\WINDOWS\Tasks\At923.job
2007-08-09 10:35:51 C:\WINDOWS\Tasks\At924.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:35 C:\WINDOWS\Tasks\At925.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:42 C:\WINDOWS\Tasks\At926.job
2007-08-10 14:14:00 C:\WINDOWS\Tasks\At927.job
2007-08-09 14:32:36 C:\WINDOWS\Tasks\At928.job
2007-08-10 15:45:57 C:\WINDOWS\Tasks\At929.job
2007-08-10 17:33:38 C:\WINDOWS\Tasks\At930.job
2007-08-09 17:30:12 C:\WINDOWS\Tasks\At931.job
2007-08-10 19:32:46 C:\WINDOWS\Tasks\At932.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At933.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:40 C:\WINDOWS\Tasks\At934.job
2007-08-08 00:26:55 C:\WINDOWS\Tasks\At935.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At936.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At937.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:00 C:\WINDOWS\Tasks\At938.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:22 C:\WINDOWS\Tasks\At939.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:49 C:\WINDOWS\Tasks\At940.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At941.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:44 C:\WINDOWS\Tasks\At942.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:47 C:\WINDOWS\Tasks\At943.job
2007-08-05 15:47:02 C:\WINDOWS\Tasks\At944.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:37 C:\WINDOWS\Tasks\At945.job
2007-08-10 11:14:53 C:\WINDOWS\Tasks\At946.job
2007-08-06 13:24:26 C:\WINDOWS\Tasks\At947.job
2007-08-09 10:35:51 C:\WINDOWS\Tasks\At948.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:35 C:\WINDOWS\Tasks\At949.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:42 C:\WINDOWS\Tasks\At950.job
2007-08-10 14:14:00 C:\WINDOWS\Tasks\At951.job
2007-08-09 14:32:36 C:\WINDOWS\Tasks\At952.job
2007-08-10 15:45:57 C:\WINDOWS\Tasks\At953.job
2007-08-10 17:33:38 C:\WINDOWS\Tasks\At954.job
2007-08-09 17:30:12 C:\WINDOWS\Tasks\At955.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:46 C:\WINDOWS\Tasks\At956.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At957.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:40 C:\WINDOWS\Tasks\At958.job
2007-08-08 00:26:55 C:\WINDOWS\Tasks\At959.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At960.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 23:00:02 C:\WINDOWS\Tasks\At961.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:01 C:\WINDOWS\Tasks\At962.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:22 C:\WINDOWS\Tasks\At963.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:49 C:\WINDOWS\Tasks\At964.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At965.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:45 C:\WINDOWS\Tasks\At966.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 06:08:47 C:\WINDOWS\Tasks\At967.job
2007-08-06 07:30:52 C:\WINDOWS\Tasks\At968.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:38 C:\WINDOWS\Tasks\At969.job
2007-08-10 11:14:53 C:\WINDOWS\Tasks\At970.job
2007-08-06 13:24:26 C:\WINDOWS\Tasks\At971.job
2007-08-09 10:35:54 C:\WINDOWS\Tasks\At972.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:35 C:\WINDOWS\Tasks\At973.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:43 C:\WINDOWS\Tasks\At974.job
2007-08-10 14:14:00 C:\WINDOWS\Tasks\At975.job
2007-08-09 14:32:36 C:\WINDOWS\Tasks\At976.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 15:45:58 C:\WINDOWS\Tasks\At977.job
2007-08-10 17:33:38 C:\WINDOWS\Tasks\At978.job
2007-08-09 17:30:12 C:\WINDOWS\Tasks\At979.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 19:32:46 C:\WINDOWS\Tasks\At980.job
2007-08-09 19:00:00 C:\WINDOWS\Tasks\At981.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 21:35:41 C:\WINDOWS\Tasks\At982.job
2007-08-08 00:26:55 C:\WINDOWS\Tasks\At983.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 22:00:00 C:\WINDOWS\Tasks\At984.job
2007-08-09 23:00:03 C:\WINDOWS\Tasks\At985.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 00:00:01 C:\WINDOWS\Tasks\At986.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 01:39:22 C:\WINDOWS\Tasks\At987.job - C:\WINDOWS\system32\winmds.exe
2007-08-08 02:39:49 C:\WINDOWS\Tasks\At988.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 03:32:22 C:\WINDOWS\Tasks\At989.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 04:33:45 C:\WINDOWS\Tasks\At990.job
2007-08-10 06:08:47 C:\WINDOWS\Tasks\At991.job
2007-08-06 14:44:02 C:\WINDOWS\Tasks\At992.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 07:34:38 C:\WINDOWS\Tasks\At993.job
2007-08-10 11:14:54 C:\WINDOWS\Tasks\At994.job
2007-08-06 14:44:02 C:\WINDOWS\Tasks\At995.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 10:35:56 C:\WINDOWS\Tasks\At996.job - C:\WINDOWS\system32\winmds.exe
2007-08-09 11:31:36 C:\WINDOWS\Tasks\At997.job - C:\WINDOWS\system32\winmds.exe
2007-08-10 12:37:43 C:\WINDOWS\Tasks\At998.job
2007-08-10 14:14:00 C:\WINDOWS\Tasks\At999.job
2007-08-10 20:30:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 22:45:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-10 22:50:24
C:\ComboFix-quarantined-files.txt ... 2007-08-10 22:49
C:\ComboFix2.txt ... 2007-08-09 12:59
C:\ComboFix3.txt ... 2007-08-08 14:30

--- E O F ---

#14 BigVoice

BigVoice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 10 August 2007 - 05:03 PM

Hello Again, here is the latest Hijackthis log; Logfile of HijackThis v1.99.1
Scan saved at 22:59:21, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\ComputerFix\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8bec1d077a9e40f59a968ea75cd25aa6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8bec1d077a9e40f59a968ea75cd25aa6
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{087D892C-B482-4697-B42D-5E973B7D86E9}: NameServer = 212.67.120.148
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 10 August 2007 - 05:29 PM

First make sure all hidden files are showing:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE
Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.
Don't run it just yet.

----------------------------------------------------

Disconnect from the internet and stay off until you'vr finished all the following instructions.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Double click on Smitfraudfix.cmd
Select #2 and hit Enter to delete the infected files.
You will be prompted: 'Do you want to clean the registry?' answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): 'Replace infected file ?' answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
The report can be found at the root of the system drive, usually at C:\rapport.txt

Post the smitfraudfix report into your next reply when you've finished below.

-----------------------------------------------------

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Find and delete:
C:\WINDOWS\system32\winmds.exe

Launch SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users