Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloader & Vundo Trojans


  • This topic is locked This topic is locked
9 replies to this topic

#1 Large M.D.

Large M.D.

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 17 December 2007 - 10:16 PM

A few weeks ago my McAfee informed me that it had spotted and removed two files for the downloader-a trojan and one file for Vundo trojan. This message kept coming back over and over. As time went on websites I would visit that I had been to many times before (e.g. CBS Sportsline) started having strange ads appear for Spyware and warning boxes kept saying I may be infected with a virus or that someone would be able to view websites I had visited. We stopped using the computer as much as we could. Then from work computer I found your site and decided I would follow these procedures. I have run Ad-Aware, Spybot, the Avert stinger, enabled a Sygate personal firewall, and have always had the McAfee and Microsoft auto updates on. In the past couple of days, even after the first few steps of your process, some pretty racy websites have come up mysteriously when we would accidentally leave Explorer open. Please help!!! Following is my Hijack This log. Thanks in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:50 PM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Documents and Settings\Owner\My Documents\My Downloads\aiepk2.exe
C:\WINNT\SM1BG.EXE
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\WINNT\MXOaldr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [NLI] C:\PROGRA~1\FitSense\nli.exe
O4 - HKLM\..\Run: [aiepk] C:\Documents and Settings\Owner\My Documents\My Downloads\aiepk2.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINNT\MXOaldr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [c0d25d03] rundll32.exe "C:\WINNT\system32\gdacgkgd.dll",b
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P5 /q C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1\Content.IE5\ZACNZPSP.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1\Content.IE5\Y1CBYHA1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1\Content.IE5\WV1NEA7H.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1\Content.IE5\W5U7S5AR.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1\Content.IE5\VRSWJY3W.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1\Content.IE5\VE1CV2AF.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1\Content.IE5\R7CNHII7.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1\Content.IE5\QLWRE5ID.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1\Content.IE5\P3NVP50A.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1\Content.IE5\O3B32W1L.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1\Content.IE5\O10JSNCR.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1\Content.IE5\GXYRSTUV.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1\Content.IE5\GHUZENU7.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1\Content.IE5\FQBXVLIH.SH! C:\DOCUME~1\Owner\LOC
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Do&wnload by ReGet Jr. - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Jr. - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/054964e31fd07c2cbb03/netzip/RdxIE2.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O20 - AppInit_DLLs: c:\winnt\system32\ldcore.dll
O23 - Service: McAfee Application Installer Cleanup (0322291197791432) (0322291197791432mcinstcleanup) - McAfee, Inc. - C:\WINNT\TEMP\032229~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AutoWhat Registry Service (AutoWhatService) - Ziff Davis Media, Inc. - C:\Program Files\AutoWhat\Autoserv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\WINNT\system32\erpgtiyf.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PictureTaker - LANovation - c:\fixit\pt\PCTKRNT.SYS
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB - Unknown owner - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12015 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 18 December 2007 - 06:27 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Large M.D.
My name is Richie and i'll be helping you to fix your problems.

Please disable Spybot S&Dís protection,or it will interfere.
You can enable it after you're clean.

Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.
If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This will change from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:
Viewpoint
Viewpoint Manager
Viewpoint Media Player



Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Post the contents of C:\vundofix.txt into your next reply.
Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could render your system/pc inoperable.

Now download Combofix and save to your desktop:
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Now go to:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#3 Large M.D.

Large M.D.
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 19 December 2007 - 01:02 AM

Thanks for your quick response and help. I have attempted to do everything you listed including removing Viewpoint. Here are the logs:

VUNDOFIX.txt:
VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 8:38:57 PM 12/18/2007

Listing files found while scanning....

C:\WINNT\system32\aedxunmk.dll
C:\WINNT\system32\anatexjf.dll
C:\WINNT\system32\awttqpo.dll
C:\WINNT\system32\bndkilak.dll
C:\WINNT\system32\dgkgcadg.ini
C:\WINNT\system32\ebmpaems.dll
C:\WINNT\system32\gdacgkgd.dll
C:\WINNT\system32\gjlyqjlr.dll
C:\WINNT\system32\hoyssuyh.dll
C:\WINNT\system32\kalikdnb.ini
C:\WINNT\system32\lbvudqsm.dll
C:\WINNT\system32\mamyuqur.dll
C:\WINNT\system32\mljji.dll
C:\WINNT\system32\mnlgrmpa.dll
C:\WINNT\system32\psfxmygr.exe
C:\WINNT\system32\qadfxdtv.dll
C:\WINNT\system32\qfvieauy.dll
C:\WINNT\system32\qhryhuhg.dll
C:\WINNT\system32\ratoedhk.dll
C:\WINNT\system32\rovjfntl.dll
C:\WINNT\system32\toebwlie.dll
C:\WINNT\system32\udausxnc.exe
C:\WINNT\system32\ujxfltnv.dll
C:\WINNT\system32\wbphktwn.dll
C:\WINNT\system32\wtlavqdj.dll
C:\WINNT\system32\yqkpwbia.dll

Beginning removal...

Attempting to delete C:\WINNT\system32\aedxunmk.dll
C:\WINNT\system32\aedxunmk.dll Has been deleted!

Attempting to delete C:\WINNT\system32\anatexjf.dll
C:\WINNT\system32\anatexjf.dll Has been deleted!

Attempting to delete C:\WINNT\system32\bndkilak.dll
C:\WINNT\system32\bndkilak.dll Has been deleted!

Attempting to delete C:\WINNT\system32\dgkgcadg.ini
C:\WINNT\system32\dgkgcadg.ini Has been deleted!

Attempting to delete C:\WINNT\system32\ebmpaems.dll
C:\WINNT\system32\ebmpaems.dll Has been deleted!

Attempting to delete C:\WINNT\system32\gdacgkgd.dll
C:\WINNT\system32\gdacgkgd.dll Has been deleted!

Attempting to delete C:\WINNT\system32\gjlyqjlr.dll
C:\WINNT\system32\gjlyqjlr.dll Has been deleted!

Attempting to delete C:\WINNT\system32\hoyssuyh.dll
C:\WINNT\system32\hoyssuyh.dll Has been deleted!

Attempting to delete C:\WINNT\system32\kalikdnb.ini
C:\WINNT\system32\kalikdnb.ini Has been deleted!

Attempting to delete C:\WINNT\system32\lbvudqsm.dll
C:\WINNT\system32\lbvudqsm.dll Has been deleted!

Attempting to delete C:\WINNT\system32\mamyuqur.dll
C:\WINNT\system32\mamyuqur.dll Has been deleted!

Attempting to delete C:\WINNT\system32\mljji.dll
C:\WINNT\system32\mljji.dll Could not be deleted.

Attempting to delete C:\WINNT\system32\mnlgrmpa.dll
C:\WINNT\system32\mnlgrmpa.dll Has been deleted!

Attempting to delete C:\WINNT\system32\psfxmygr.exe
C:\WINNT\system32\psfxmygr.exe Has been deleted!

Attempting to delete C:\WINNT\system32\qadfxdtv.dll
C:\WINNT\system32\qadfxdtv.dll Has been deleted!

Attempting to delete C:\WINNT\system32\qfvieauy.dll
C:\WINNT\system32\qfvieauy.dll Has been deleted!

Attempting to delete C:\WINNT\system32\qhryhuhg.dll
C:\WINNT\system32\qhryhuhg.dll Has been deleted!

Attempting to delete C:\WINNT\system32\ratoedhk.dll
C:\WINNT\system32\ratoedhk.dll Has been deleted!

Attempting to delete C:\WINNT\system32\rovjfntl.dll
C:\WINNT\system32\rovjfntl.dll Has been deleted!

Attempting to delete C:\WINNT\system32\toebwlie.dll
C:\WINNT\system32\toebwlie.dll Has been deleted!

Attempting to delete C:\WINNT\system32\udausxnc.exe
C:\WINNT\system32\udausxnc.exe Has been deleted!

Attempting to delete C:\WINNT\system32\ujxfltnv.dll
C:\WINNT\system32\ujxfltnv.dll Has been deleted!

Attempting to delete C:\WINNT\system32\wbphktwn.dll
C:\WINNT\system32\wbphktwn.dll Has been deleted!

Attempting to delete C:\WINNT\system32\wtlavqdj.dll
C:\WINNT\system32\wtlavqdj.dll Has been deleted!

Attempting to delete C:\WINNT\system32\yqkpwbia.dll
C:\WINNT\system32\yqkpwbia.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINNT\system32\mljji.dll
C:\WINNT\system32\mljji.dll Has been deleted!

Performing Repairs to the registry.
Done!



COMBOFIX.txt:
ComboFix 07-12-19.3 - Owner 2007-12-18 22:44:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.621 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\abW9
C:\WINNT\cookies.ini
C:\WINNT\hg173.exe
C:\WINNT\system32\ldinfo.ldr
C:\WINNT\system32\pac.txt
C:\WINNT\system32\rMa17yy

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-18 21:15 . 2007-12-18 20:35 797,348 --ahs---- C:\WINNT\system32\ijjlm.ini
2007-12-18 20:35 . 2007-12-18 20:35 947,210 ---hs---- C:\WINNT\system32\khdeotar.ini
2007-12-18 20:32 . 2007-12-18 20:32 796,755 ---hs---- C:\WINNT\system32\ijjlm.bak1
2007-12-17 20:15 . 2007-12-17 20:15 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-15 11:02 . 2007-12-15 11:02 947,210 ---hs---- C:\WINNT\system32\hyussyoh.ini
2007-12-15 10:58 . 2007-12-15 11:01 947,090 ---hs---- C:\WINNT\system32\oeyuhvvf.ini
2007-12-15 01:15 . 2004-10-15 18:32 83,096 --a------ C:\WINNT\system32\SSSensor.dll
2007-12-15 01:15 . 2004-10-15 18:17 60,496 --a------ C:\WINNT\system32\drivers\Teefer.sys
2007-12-15 01:15 . 2004-10-15 18:18 21,075 --a------ C:\WINNT\system32\drivers\wpsdrvnt.sys
2007-12-15 01:15 . 2004-10-15 18:32 14,568 --a------ C:\WINNT\system32\drivers\wg6n.sys
2007-12-15 01:15 . 2004-10-15 18:32 14,568 --a------ C:\WINNT\system32\drivers\wg5n.sys
2007-12-15 01:15 . 2004-10-15 18:32 14,568 --a------ C:\WINNT\system32\drivers\wg4n.sys
2007-12-15 01:15 . 2004-10-15 18:32 14,568 --a------ C:\WINNT\system32\drivers\wg3n.sys
2007-12-15 01:14 . 2007-12-15 01:14 <DIR> d-------- C:\Program Files\Sygate
2007-12-13 20:44 . 2007-12-14 00:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-13 17:40 . 2007-12-13 20:41 948,026 --ahs---- C:\WINNT\system32\eilwbeot.ini
2007-12-10 23:50 . 2007-12-13 17:37 1,076,321 --ahs---- C:\WINNT\system32\ruquymam.ini
2007-12-09 21:27 . 2007-12-10 23:50 996,066 --ahs---- C:\WINNT\system32\ikvltejp.ini
2007-12-08 21:30 . 2007-12-09 10:29 969,647 --ahs---- C:\WINNT\system32\xcpkhisx.ini
2007-12-07 20:23 . 2007-12-08 01:31 1,126,990 --ahs---- C:\WINNT\system32\pypodmah.ini
2007-12-07 10:28 . 2007-12-07 10:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2007-12-06 20:23 . 2007-12-06 20:23 1,241,689 --ahs---- C:\WINNT\system32\bbyheywj.ini
2007-12-05 22:54 . 2007-12-05 22:54 143 --a------ C:\WINNT\system32\mcrh.tmp
2007-12-05 20:40 . 2007-12-05 20:40 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-05 20:40 . 2007-12-05 20:40 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-05 19:46 . 2007-12-06 17:40 1,472,307 --ahs---- C:\WINNT\system32\apmrglnm.ini
2007-12-05 18:24 . 2007-10-10 18:55 6,065,664 --------- C:\WINNT\system32\dllcache\ieframe.dll
2007-12-05 18:24 . 2007-04-17 04:32 2,455,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dat
2007-12-05 18:24 . 2007-03-08 00:10 991,232 --------- C:\WINNT\system32\dllcache\ieframe.dll.mui
2007-12-05 18:24 . 2007-10-10 18:55 459,264 --------- C:\WINNT\system32\dllcache\msfeeds.dll
2007-12-05 18:24 . 2007-10-10 18:55 383,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dll
2007-12-05 18:24 . 2007-10-10 18:55 267,776 --------- C:\WINNT\system32\dllcache\iertutil.dll
2007-12-05 18:24 . 2007-10-10 18:55 63,488 --------- C:\WINNT\system32\dllcache\icardie.dll
2007-12-05 18:24 . 2007-10-10 18:55 52,224 --------- C:\WINNT\system32\dllcache\msfeedsbs.dll
2007-12-05 18:24 . 2007-10-10 05:59 13,824 --------- C:\WINNT\system32\dllcache\ieudinit.exe
2007-12-05 18:12 . 2006-06-03 06:40 33,792 --a------ C:\WINNT\system32\dllcache\SET11.tmp
2007-12-05 18:10 . 2006-03-23 23:37 49,152 --a------ C:\WINNT\system32\SETA.tmp
2007-12-03 18:41 . 2007-12-05 19:44 804,940 --ahs---- C:\WINNT\system32\aibwpkqy.ini
2007-12-02 22:34 . 2007-12-03 18:39 793,913 --ahs---- C:\WINNT\system32\qoligvyy.ini
2007-12-01 22:37 . 2007-12-02 17:47 793,862 --ahs---- C:\WINNT\system32\cvbxtqpr.ini
2007-11-30 22:34 . 2007-12-01 22:34 793,784 --ahs---- C:\WINNT\system32\cvmvcggt.ini
2007-11-30 20:13 . 2007-11-30 22:28 793,742 --ahs---- C:\WINNT\system32\vntlfxju.ini
2007-11-29 23:18 . 2007-12-18 21:17 797,514 ---hs---- C:\WINNT\system32\ijjlm.ini2
2007-11-29 22:53 . 2007-11-29 23:18 807,359 --ahs---- C:\WINNT\system32\ijjlm.tmp
2007-11-29 22:53 . 2007-12-18 22:54 54,156 --ah----- C:\WINNT\QTFont.qfn
2007-11-29 22:53 . 2007-11-29 22:53 1,409 --a------ C:\WINNT\QTFont.for
2007-11-29 22:51 . 2007-11-29 22:52 <DIR> d-------- C:\Program Files\iTunes
2007-11-29 22:51 . 2007-11-29 22:51 <DIR> d-------- C:\Program Files\iPod
2007-11-29 00:15 . 2007-11-29 22:15 788,945 --ahs---- C:\WINNT\system32\arlrmhea.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 01:33 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-19 01:09 --------- d-----w C:\Program Files\McAfee
2007-12-14 09:05 --------- dc----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-14 05:10 --------- dc----w C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-06 01:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-30 03:48 --------- d-----w C:\Program Files\QuickTime
2007-11-14 23:18 --------- d-----w C:\Program Files\Apple Software Update
2007-11-13 10:25 20,480 ----a-w C:\WINNT\system32\drivers\secdrv.sys
2007-11-11 21:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\ReGet Junior
2007-11-08 05:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\LegalSounds
2007-11-01 03:50 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kodak
2007-10-23 15:21 --------- d-----w C:\Program Files\Coupons
2007-08-03 05:13 83,480 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2003-08-27 19:19 36,963 -c--a-r C:\Program Files\Common Files\SM1updtr.dll
2001-08-18 17:00 94,784 -csh--w C:\WINNT\twain.dll
2004-08-04 07:56 50,688 --sh--w C:\WINNT\twain_32.dll
2004-08-04 07:56 54,784 --sha-w C:\WINNT\system32\msvcirt.dll
2004-08-04 07:56 413,696 --sha-w C:\WINNT\system32\msvcp60.dll
2004-08-04 07:56 11,776 --sha-w C:\WINNT\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E101B62-C40A-4E91-A85F-523E23640193}]
C:\WINNT\system32\mljji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b6e6ae72-d8f0-4a8a-af33-09fcf5050459}]
C:\WINNT\system32\wtlavqdj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBF6AF50-64AD-4FA4-AA23-8AA92323C811}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="" []
"WebCamRT.exe"="" []
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2006-07-11 07:23]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2006-07-11 07:24]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2006-07-11 07:26]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 14:50 C:\WINNT\system32\SK9910DM.EXE]
"GWMDMMSG"="GWMDMMSG.exe" [2002-03-06 10:08 C:\WINNT\GWMDMMSG.exe]
"Keyboard Preload Check"="C:\OEMDRVRS\KEYB\Preload.exe" []
"GWMDMpi"="C:\WINNT\GWMDMpi.exe" [2002-03-06 10:08]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 18:01 C:\WINNT\system32\CTHELPER.EXE]
"UpdReg"="C:\WINNT\UpdReg.EXE" [2000-05-11 01:00]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 01:00]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 08:11]
"DXM6Patch_981116"="C:\WINNT\p_981116.exe" [1998-11-30 17:04]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
"NLI"="C:\PROGRA~1\FitSense\nli.exe" []
"aiepk"="C:\Documents and Settings\Owner\My Documents\My Downloads\aiepk2.exe" [2003-02-02 20:12]
"SM1BG"="C:\WINNT\SM1BG.EXE" [2003-08-27 14:20]
"MaxtorCombo"="C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe" [2002-07-15 20:23]
"MXO Auto Loader"="C:\WINNT\MXOaldr.exe" [2002-08-09 18:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"c0d25d03"="C:\WINNT\system32\ratoedhk.dll" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 C:\WINNT\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [2004-08-16 22:19:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttqpo]
awttqpo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 HPFECP15;HPFECP15;C:\WINNT\system32\drivers\HPFECP15.SYS [1998-09-04 02:32]
R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service []
R3 WinDriver;WinDriver Kernel Module;C:\WINNT\system32\Drivers\windrvr.sys [2003-01-09 20:13]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINNT\system32\drivers\WmBEnum.sys [2001-06-29 13:03]
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINNT\system32\drivers\WmXlCore.sys [2001-06-29 13:03]
S3 AutoWhatService;AutoWhat Registry Service;C:\Program Files\AutoWhat\Autoserv.exe [2002-03-18 09:15]
S3 iscFlash;iscFlash;C:\WINNT\SYSTEM32\DRIVERS\iscflash.sys []
S3 PCDRDRV;Pcdr Helper Driver;C:\Atf\Qctest\PCDoc\PCDRDRV.sys []
S3 RiotDrv;Rio Riot driver;C:\WINNT\system32\Drivers\RiotDrv.sys [2002-02-20 08:45]
S3 RIOUNIV;Rio universal USB driver;C:\WINNT\system32\Drivers\RIOUNIV.sys [2003-06-27 15:01]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINNT\system32\drivers\WmFilter.sys [2001-06-29 13:03]
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINNT\system32\drivers\WmVirHid.sys [2001-06-29 13:03]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-06 04:50:11 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-29 04:51:02 C:\WINNT\Tasks\EasyShare Registration Task.job"
- C:\WINNT\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
"2002-05-22 02:07:46 C:\WINNT\Tasks\ISP signup reminder 2.job"
- C:\WINNT\System32\OOBE\oobebaln.exe
"2002-05-22 02:07:46 C:\WINNT\Tasks\ISP signup reminder 3.job"
- C:\WINNT\System32\OOBE\oobebaln.exe
"2007-12-15 06:40:13 C:\WINNT\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe%
"2007-12-01 06:00:12 C:\WINNT\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 22:56:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNFPS.DLL
.
Completion time: 2007-12-18 22:58:24 - machine was rebooted
.
2007-12-14 08:20:28 --- E O F ---


HIJACKTHIS as ABC.bat log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:00 AM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Documents and Settings\Owner\My Documents\My Downloads\aiepk2.exe
C:\WINNT\SM1BG.EXE
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\WINNT\MXOaldr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\abc.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {9E101B62-C40A-4E91-A85F-523E23640193} - C:\WINNT\system32\mljji.dll (file missing)
O2 - BHO: {9540505f-cf90-33fa-a8a4-0f8d27ea6e6b} - {b6e6ae72-d8f0-4a8a-af33-09fcf5050459} - C:\WINNT\system32\wtlavqdj.dll (file missing)
O2 - BHO: (no name) - {FBF6AF50-64AD-4FA4-AA23-8AA92323C811} - (no file)
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [NLI] C:\PROGRA~1\FitSense\nli.exe
O4 - HKLM\..\Run: [aiepk] C:\Documents and Settings\Owner\My Documents\My Downloads\aiepk2.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINNT\MXOaldr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [c0d25d03] rundll32.exe "C:\WINNT\system32\ratoedhk.dll",b
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Do&wnload by ReGet Jr. - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Jr. - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/054964e31fd07c2cbb03/netzip/RdxIE2.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O20 - Winlogon Notify: awttqpo - awttqpo.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AutoWhat Registry Service (AutoWhatService) - Ziff Davis Media, Inc. - C:\Program Files\AutoWhat\Autoserv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PictureTaker - LANovation - c:\fixit\pt\PCTKRNT.SYS
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB - Unknown owner - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 10621 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 19 December 2007 - 08:47 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINNT\system32\ijjlm.ini
C:\WINNT\system32\khdeotar.ini
C:\WINNT\system32\ijjlm.bak1
C:\WINNT\system32\hyussyoh.ini
C:\WINNT\system32\oeyuhvvf.ini
C:\WINNT\system32\eilwbeot.ini
C:\WINNT\system32\ruquymam.ini
C:\WINNT\system32\ikvltejp.ini
C:\WINNT\system32\xcpkhisx.ini
C:\WINNT\system32\pypodmah.ini
C:\WINNT\system32\bbyheywj.ini
C:\WINNT\system32\mcrh.tmp
C:\WINNT\system32\apmrglnm.ini
C:\WINNT\system32\aibwpkqy.ini
C:\WINNT\system32\qoligvyy.ini
C:\WINNT\system32\cvbxtqpr.ini
C:\WINNT\system32\cvmvcggt.ini
C:\WINNT\system32\vntlfxju.ini
C:\WINNT\system32\ijjlm.ini2
C:\WINNT\system32\ijjlm.tmp
C:\WINNT\system32\arlrmhea.ini
Folder::
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Owner\Application Data\Viewpoint
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E101B62-C40A-4E91-A85F-523E23640193}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b6e6ae72-d8f0-4a8a-af33-09fcf5050459}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBF6AF50-64AD-4FA4-AA23-8AA92323C811}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aiepk"=-
"c0d25d03"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttqpo]

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#5 Large M.D.

Large M.D.
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 19 December 2007 - 12:55 PM

Things seem to be moving faster and no new popups or websites are coming up. So looking much better. Below are the Combofix and HijackThis logs.

COMBOFIX.txt:
ComboFix 07-12-19.3 - Owner 2007-12-19 12:38:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.595 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\cfscript.txt
* Created a new restore point

FILE
C:\WINNT\system32\aibwpkqy.ini
C:\WINNT\system32\apmrglnm.ini
C:\WINNT\system32\arlrmhea.ini
C:\WINNT\system32\bbyheywj.ini
C:\WINNT\system32\cvbxtqpr.ini
C:\WINNT\system32\cvmvcggt.ini
C:\WINNT\system32\eilwbeot.ini
C:\WINNT\system32\hyussyoh.ini
C:\WINNT\system32\ijjlm.bak1
C:\WINNT\system32\ijjlm.ini
C:\WINNT\system32\ijjlm.ini2
C:\WINNT\system32\ijjlm.tmp
C:\WINNT\system32\ikvltejp.ini
C:\WINNT\system32\khdeotar.ini
C:\WINNT\system32\mcrh.tmp
C:\WINNT\system32\oeyuhvvf.ini
C:\WINNT\system32\pypodmah.ini
C:\WINNT\system32\qoligvyy.ini
C:\WINNT\system32\ruquymam.ini
C:\WINNT\system32\vntlfxju.ini
C:\WINNT\system32\xcpkhisx.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1054744159.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1257552095.712536053
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1370959710.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1433174481.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1476482372.712535979
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1550700062.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1675323418.713836840
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1744624506.713836803
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1758392413.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1767541886.713836716
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1792851963.712535981
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-2110364236.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-500541104.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-596269236.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-685991849.712535954
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-708065856.713836749
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-732913299.712536002
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-763019087.713836937
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-836666193.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-875343481.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-96559883.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\1090313027.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\1094750133.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\112068750.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\1366287820.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\1461440338.712535953
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\1564877131.712535908
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\1571044714.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\1614166358.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\1952761330.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\2072949760.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\253621806.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\385814962.712536011
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\501688438.712536046
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\68009648.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\980058242.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1041161462.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-112869869.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1159435808.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1216699398.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1221751860.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1238112572.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1239054977.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-167467785.712535921
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1735078747.713836821
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1787546290.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-2040853405.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-2045238163.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-378119151.712535947
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-514282804.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-571193602.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-583022627.712535910
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-787478019.712535915
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-812023840.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-823113362.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-829154433.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-867440004.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-982355842.712536070
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1041853134.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1176327029.713836865
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1220223377.712535992
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1247495568.712535999
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1304666343.712536034
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1561693756.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1580426864.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1590910395.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\346281577.713836896
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\496458925.mtz
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\512589962.712536028
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\523476829.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\548932803.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\570073743.713863076
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\768763562.712535994
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\820969661.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\855774785.mtz
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\860502393.712536026
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\925975223.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1112472420.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1140250495.713836908
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1147738167.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1149444489.712536068
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1171700879.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1203266128.MTZ
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1219180738.713836830
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1223416079.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1225250332.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1270717649.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1438713594.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1610302144.712536009
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1651440994.712535931
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1801392204.712535990
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1817435829.712536059
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1819899927.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-2034384745.713836872
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-2108356295.712535989
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-211214601.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-243470204.712536022
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-300725744.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-41890203.712536041
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-582640680.712536049
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-621807624.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-668285516.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-709402101.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-72580264.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-764272172.712535942
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-810270049.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-810570832.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-813142822.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\1057399461.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\1229517749.712535939
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\1385903037.713836769
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\143415706.712536017
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\1520622600.712535996
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\1524809905.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\172992995.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\1878323889.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\188194920.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\2013631451.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\234892933.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\40301225.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\407034558.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\434599021.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\590155027.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\683464257.MTZ
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\730770044.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\822025836.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\855774794.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\976844070.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\979954651.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1037005395.713836741
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1106322216.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1148006311.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1294591352.712536065
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1307685966.713836843
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1603077681.712535983
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1625577909.713836700
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1720476204.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1758392392.mtz
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1761385349.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1799102199.713836711
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1877319710.713836793
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1926077123.712535997
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-2071739429.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-583862537.712536063
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-594221795.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-66919675.712536043
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-879888701.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1071317150.713836906
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\112068743.mtz
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\119964245.713836888
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1382942631.713836864
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1385887584.713836838
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1418335590.713836807
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1502688009.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1577542455.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1628836757.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1669572585.712536032
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1838517554.712536007
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\2021793278.712535944
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\325080828.MTZ
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\489659170.712536061
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\581741786.713836754
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\582067880.712535985
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\746857229.713836914
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\770800983.712535978
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\794103338.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\851336175.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\879056853.712535933
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\932053967.712536014
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\978763745.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\980018594.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\UpdateVersionList_v2.mtx
C:\Documents and Settings\Owner\Application Data\Viewpoint
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\537495854.mtj&p2=1&p3=10751418062453432600966424857919&p4=50463258
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx
C:\WINNT\system32\aibwpkqy.ini
C:\WINNT\system32\apmrglnm.ini
C:\WINNT\system32\arlrmhea.ini
C:\WINNT\system32\bbyheywj.ini
C:\WINNT\system32\cvbxtqpr.ini
C:\WINNT\system32\cvmvcggt.ini
C:\WINNT\system32\eilwbeot.ini
C:\WINNT\system32\hyussyoh.ini
C:\WINNT\system32\ijjlm.bak1
C:\WINNT\system32\ijjlm.ini
C:\WINNT\system32\ijjlm.ini2
C:\WINNT\system32\ijjlm.tmp
C:\WINNT\system32\ikvltejp.ini
C:\WINNT\system32\khdeotar.ini
C:\WINNT\system32\mcrh.tmp
C:\WINNT\system32\oeyuhvvf.ini
C:\WINNT\system32\pypodmah.ini
C:\WINNT\system32\qoligvyy.ini
C:\WINNT\system32\ruquymam.ini
C:\WINNT\system32\vntlfxju.ini
C:\WINNT\system32\xcpkhisx.ini

.
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-19 05:05 . 2007-12-19 05:05 <DIR> d-------- C:\WINNT\LastGood
2007-12-17 20:15 . 2007-12-17 20:15 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-15 01:15 . 2004-10-15 18:32 83,096 --a------ C:\WINNT\system32\SSSensor.dll
2007-12-15 01:15 . 2004-10-15 18:17 60,496 --a------ C:\WINNT\system32\drivers\Teefer.sys
2007-12-15 01:15 . 2004-10-15 18:18 21,075 --a------ C:\WINNT\system32\drivers\wpsdrvnt.sys
2007-12-15 01:15 . 2004-10-15 18:32 14,568 --a------ C:\WINNT\system32\drivers\wg6n.sys
2007-12-15 01:15 . 2004-10-15 18:32 14,568 --a------ C:\WINNT\system32\drivers\wg5n.sys
2007-12-15 01:15 . 2004-10-15 18:32 14,568 --a------ C:\WINNT\system32\drivers\wg4n.sys
2007-12-15 01:15 . 2004-10-15 18:32 14,568 --a------ C:\WINNT\system32\drivers\wg3n.sys
2007-12-15 01:14 . 2007-12-15 01:14 <DIR> d-------- C:\Program Files\Sygate
2007-12-13 20:44 . 2007-12-14 00:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-05 20:40 . 2007-12-05 20:40 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-05 20:40 . 2007-12-05 20:40 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-05 18:24 . 2007-10-10 18:55 6,065,664 --------- C:\WINNT\system32\dllcache\ieframe.dll
2007-12-05 18:24 . 2007-04-17 04:32 2,455,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dat
2007-12-05 18:24 . 2007-03-08 00:10 991,232 --------- C:\WINNT\system32\dllcache\ieframe.dll.mui
2007-12-05 18:24 . 2007-10-10 18:55 459,264 --------- C:\WINNT\system32\dllcache\msfeeds.dll
2007-12-05 18:24 . 2007-10-10 18:55 383,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dll
2007-12-05 18:24 . 2007-10-10 18:55 267,776 --------- C:\WINNT\system32\dllcache\iertutil.dll
2007-12-05 18:24 . 2007-10-10 18:55 63,488 --------- C:\WINNT\system32\dllcache\icardie.dll
2007-12-05 18:24 . 2007-10-10 18:55 52,224 --------- C:\WINNT\system32\dllcache\msfeedsbs.dll
2007-12-05 18:24 . 2007-10-10 05:59 13,824 --------- C:\WINNT\system32\dllcache\ieudinit.exe
2007-12-05 18:12 . 2006-06-03 06:40 33,792 --a------ C:\WINNT\system32\dllcache\SET11.tmp
2007-12-05 18:10 . 2006-03-23 23:37 49,152 --a------ C:\WINNT\system32\SETA.tmp
2007-11-29 22:53 . 2007-12-18 22:54 54,156 --ah----- C:\WINNT\QTFont.qfn
2007-11-29 22:53 . 2007-11-29 22:53 1,409 --a------ C:\WINNT\QTFont.for
2007-11-29 22:51 . 2007-11-29 22:52 <DIR> d-------- C:\Program Files\iTunes
2007-11-29 22:51 . 2007-11-29 22:51 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 10:05 --------- d-----w C:\Program Files\McAfee
2007-12-14 09:05 --------- dc----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-14 05:10 --------- dc----w C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-06 01:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-30 03:48 --------- d-----w C:\Program Files\QuickTime
2007-11-14 23:18 --------- d-----w C:\Program Files\Apple Software Update
2007-11-13 10:25 20,480 ----a-w C:\WINNT\system32\drivers\secdrv.sys
2007-11-11 21:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\ReGet Junior
2007-11-08 05:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\LegalSounds
2007-11-01 03:50 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kodak
2007-10-30 23:42 3,590,656 ------w C:\WINNT\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINNT\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINNT\system32\dllcache\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINNT\system32\wmasf.dll
2007-10-27 22:40 227,328 ----a-w C:\WINNT\system32\dllcache\wmasf.dll
2007-10-26 03:36 8,454,656 ------w C:\WINNT\system32\dllcache\shell32.dll
2007-10-23 15:21 --------- d-----w C:\Program Files\Coupons
2007-10-10 23:56 824,832 ------w C:\WINNT\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINNT\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINNT\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINNT\system32\dllcache\mstime.dll
2007-10-10 23:55 478,208 ------w C:\WINNT\system32\dllcache\mshtmled.dll
2007-10-10 23:55 44,544 ------w C:\WINNT\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINNT\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 27,648 ------w C:\WINNT\system32\dllcache\jsproxy.dll
2007-10-10 23:55 230,400 ------w C:\WINNT\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINNT\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINNT\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINNT\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINNT\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINNT\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINNT\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINNT\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINNT\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINNT\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ------w C:\WINNT\system32\dllcache\ieakui.dll
2007-08-03 05:13 83,480 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2003-08-27 19:19 36,963 -c--a-r C:\Program Files\Common Files\SM1updtr.dll
1996-12-19 21:34 52,736 -c--a-w C:\WINNT\Fonts\_ISREG32.DLL
2001-08-18 17:00 94,784 -csh--w C:\WINNT\twain.dll
2004-08-04 07:56 50,688 --sh--w C:\WINNT\twain_32.dll
2004-08-04 07:56 54,784 --sha-w C:\WINNT\system32\msvcirt.dll
2004-08-04 07:56 413,696 --sha-w C:\WINNT\system32\msvcp60.dll
2004-08-04 07:56 11,776 --sha-w C:\WINNT\system32\regsvr32.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-18_22.57.29.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-18 09:08:47 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-19 14:44:31 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat
- 2007-12-18 09:08:47 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-19 14:44:31 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-18 09:08:47 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-19 14:44:31 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="" []
"WebCamRT.exe"="" []
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2006-07-11 07:23]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2006-07-11 07:24]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2006-07-11 07:26]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 14:50 C:\WINNT\system32\SK9910DM.EXE]
"GWMDMMSG"="GWMDMMSG.exe" [2002-03-06 10:08 C:\WINNT\GWMDMMSG.exe]
"Keyboard Preload Check"="C:\OEMDRVRS\KEYB\Preload.exe" []
"GWMDMpi"="C:\WINNT\GWMDMpi.exe" [2002-03-06 10:08]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 18:01 C:\WINNT\system32\CTHELPER.EXE]
"UpdReg"="C:\WINNT\UpdReg.EXE" [2000-05-11 01:00]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 01:00]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 08:11]
"DXM6Patch_981116"="C:\WINNT\p_981116.exe" [1998-11-30 17:04]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
"NLI"="C:\PROGRA~1\FitSense\nli.exe" []
"SM1BG"="C:\WINNT\SM1BG.EXE" [2003-08-27 14:20]
"MaxtorCombo"="C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe" [2002-07-15 20:23]
"MXO Auto Loader"="C:\WINNT\MXOaldr.exe" [2002-08-09 18:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 C:\WINNT\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [2004-08-16 22:19:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 HPFECP15;HPFECP15;C:\WINNT\system32\drivers\HPFECP15.SYS [1998-09-04 02:32]
R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service []
R3 WinDriver;WinDriver Kernel Module;C:\WINNT\system32\Drivers\windrvr.sys [2003-01-09 20:13]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINNT\system32\drivers\WmBEnum.sys [2001-06-29 13:03]
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINNT\system32\drivers\WmXlCore.sys [2001-06-29 13:03]
S2 0203761198058730mcinstcleanup;McAfee Application Installer Cleanup (0203761198058730);C:\WINNT\TEMP\020376~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 AutoWhatService;AutoWhat Registry Service;C:\Program Files\AutoWhat\Autoserv.exe [2002-03-18 09:15]
S3 iscFlash;iscFlash;C:\WINNT\SYSTEM32\DRIVERS\iscflash.sys []
S3 PCDRDRV;Pcdr Helper Driver;C:\Atf\Qctest\PCDoc\PCDRDRV.sys []
S3 RiotDrv;Rio Riot driver;C:\WINNT\system32\Drivers\RiotDrv.sys [2002-02-20 08:45]
S3 RIOUNIV;Rio universal USB driver;C:\WINNT\system32\Drivers\RIOUNIV.sys [2003-06-27 15:01]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINNT\system32\drivers\WmFilter.sys [2001-06-29 13:03]
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINNT\system32\drivers\WmVirHid.sys [2001-06-29 13:03]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-06 04:50:11 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-29 04:51:02 C:\WINNT\Tasks\EasyShare Registration Task.job"
- C:\WINNT\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
"2002-05-22 02:07:46 C:\WINNT\Tasks\ISP signup reminder 2.job"
- C:\WINNT\System32\OOBE\oobebaln.exe
"2002-05-22 02:07:46 C:\WINNT\Tasks\ISP signup reminder 3.job"
- C:\WINNT\System32\OOBE\oobebaln.exe
"2007-12-15 06:40:13 C:\WINNT\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe%
"2007-12-01 06:00:12 C:\WINNT\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 12:43:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-19 12:45:17
C:\ComboFix2.txt ... 2007-12-18 22:58
.


HijackThis as xyz.bat log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:19 PM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Documents and Settings\Owner\My Documents\My Downloads\aiepk2.exe
C:\WINNT\SM1BG.EXE
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\WINNT\MXOaldr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\WINNT\explorer.exe
C:\Program Files\Trend Micro\HijackThis\xyz.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [NLI] C:\PROGRA~1\FitSense\nli.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINNT\MXOaldr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Do&wnload by ReGet Jr. - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Jr. - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/054964e31fd07c2cbb03/netzip/RdxIE2.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O23 - Service: McAfee Application Installer Cleanup (0203761198058730) (0203761198058730mcinstcleanup) - Unknown owner - C:\WINNT\TEMP\020376~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AutoWhat Registry Service (AutoWhatService) - Ziff Davis Media, Inc. - C:\Program Files\AutoWhat\Autoserv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PictureTaker - LANovation - c:\fixit\pt\PCTKRNT.SYS
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB - Unknown owner - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 10292 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 19 December 2007 - 02:51 PM

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKLM\..\Run: [NLI] C:\PROGRA~1\FitSense\nli.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe

Exit Hijackthis.

Now double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Now Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#7 Large M.D.

Large M.D.
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 21 December 2007 - 12:30 AM

I can't thank you enough for all your help and super-prompt responses. I have completed your suggestions per above. PC seems to be running great. It did shutdown on it's own for no reason today right after I started these tasks, but otherwise it has been running smoothly and quick.

Here is the SuperAntiSpyware Scan Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/20/2007 at 06:55 PM

Application Version : 3.9.1008

Core Rules Database Version : 3364
Trace Rules Database Version: 1363

Scan type : Complete Scan
Total Scan Time : 01:04:13

Memory items scanned : 497
Memory threats detected : 0
Registry items scanned : 6575
Registry threats detected : 6
File items scanned : 41060
File threats detected : 8

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{714E3D02-7252-427B-8E8B-226B95CCED91}
HKCR\CLSID\{714E3D02-7252-427B-8E8B-226B95CCED91}
HKCR\CLSID\{714E3D02-7252-427B-8E8B-226B95CCED91}\InprocServer32
HKCR\CLSID\{714E3D02-7252-427B-8E8B-226B95CCED91}\InprocServer32#ThreadingModel
C:\WINNT\SYSTEM32\MLJJI.DLL

Registry Cleaner Trial
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID

Trojan.Downloader-Gen/Cool
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECTASKMAN\COOL.DLL.Q_7D81006_Q
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1938\A0187567.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@synacor.112.2o7[1].txt

And here is the latest HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:47 AM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINNT\SM1BG.EXE
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\WINNT\MXOaldr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\xyz.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINNT\MXOaldr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Do&wnload by ReGet Jr. - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Jr. - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/054964e31fd07c2cbb03/netzip/RdxIE2.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0026931198183762) (0026931198183762mcinstcleanup) - Unknown owner - C:\WINNT\TEMP\002693~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AutoWhat Registry Service (AutoWhatService) - Ziff Davis Media, Inc. - C:\Program Files\AutoWhat\Autoserv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PictureTaker - LANovation - c:\fixit\pt\PCTKRNT.SYS
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB - Unknown owner - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 10263 bytes

Edited by Large M.D., 21 December 2007 - 12:33 AM.


#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 21 December 2007 - 08:04 AM

Your log is clean :thumbsup: ,please do the following:

Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press Ok.

Posted Image

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Click on the 'Cleanup' button Posted Image
When you do this a text file named cleanup.txt will be downloaded from the internet.
If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

You should take the time to read and follow the information found in the links below,to help you prevent any possible future infections and stay safe and secure while online:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

How to prevent Malware:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

So how did I get infected in the first place:
http://forums.spybot.info/showthread.php?t=279

Malware Cleanup Programs and Preventative Procedures:
http://russelltexas.com/malware/allclear.htm
Posted Image
Posted Image

#9 Large M.D.

Large M.D.
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 23 December 2007 - 12:49 PM

These steps are completed. Thanks for all your help! It's like I got a new computer (one I can actually use) for Christmas.

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 23 December 2007 - 04:30 PM

You're most welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users