Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All I Want For Xmas Is This Virus Gone...


  • Please log in to reply
26 replies to this topic

#16 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:11:13 AM

Posted 24 January 2008 - 09:24 AM

Hi,

Thanks for the log. :wacko:
Looks like the findstr too long fix worked.
had it not -- I had a "plan B" ready. :thumbsup:

Copy the following text to a new notepad file.
Save as file name CFScript.txt
Save it to your desktop.

file::
C:\WINDOWS\system32\RCX11A6.tmp
C:\WINDOWS\enexp .exe
C:\aqlwrv.exe
C:\WINDOWS\httpx2.dll

folder::
C:\Program Files\Common Files\ffzo

dirlook::
C:\Program Files\Iquegdrp

renV::
C:\Program Files\Zune\ZuneLauncher .exe

Once saved, close other programs.

Drag CFScript.txt on top of ComboFix.exe

like this:

Posted Image

Post the new ComboFix.txt please.

Note:
Don't click on the combofix window or it might stall

------------------------

Some programs were as you know damaged by vundo.
Some you will need to re-install.
I need an uninstall list first though please.

Open Hijackthis
Click "config"
Click "misc tools"
Click "open uninstall manager"
Click "save list..."
Save list and post it here.

-----------------------

Have a look on the back of your PC for a "service tag"
If you can find that -- please post the number you see here.
We'll need it to look for programs that came with the PC.

-------------------------

I wanna get some protection working asap.
I think we can start repairing stuff now.

Your McAfee...

Download this tool and save it:

http://download.mcafee.com/products/licens...atches/MCPR.exe

Once saved, disconnect from internet and shut down running programs.
Double click MCPR.exe and follow the prompts.
When done it should give you "Cleanup successful" message.

Reboot when told.

Once restarted -- head over to the comcast site and see if you can get your McAfee re-installed.
Make sure to update it.
If it installed/updated OK -- run full system scan with it and let it clean up what it wants.

Let me know if that went OK.

---------------------

Your SpyBot....

Go to add/remove programs and Uninstall Spybot Search & destroy.
Once uninstalled you can download the new one and install it. (don't activate TeaTimer yet)
Go ahead and do the updates, immunization and such. Just leave TeaTimer off for now.

http://www.safer-networking.org/en/mirrors/index.html

let me know if that went OK.

Thanks :blink:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

BC AdBot (Login to Remove)

 


#17 jenandmen

jenandmen
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 24 January 2008 - 12:29 PM

THanks Blender!
Nothing is labeled "service tag" on the labels.
It is an HP Pavillion a1616n
numbers on that label ate #RR542AA #ABA
and S/N MXX6420 4KT

The Uninstall list is below, the combofix log is attached...I'm off to McAfee

Adobe Flash Player ActiveX
Adobe Reader 7.0.5
Adobe Shockwave Player
ATI Control Panel
ATI Display Driver
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
DISCover
DivX
Enhanced Multimedia Keyboard Solution
GemMaster Mystic
Guild Wars
GWFreaks 3.3.0.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Software Update
HP Web Helper
J2SE Runtime Environment 5.0 Update 6
Macromedia Flash Player 8
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
My HP Games
Netscape Browser (remove only)
PC-Doctor 5 for Windows
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
RealPlayer
Realtek High Definition Audio Driver
Remove WeatherBug Installer
Rhapsody
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Updates from HP (remove only)
Ventrilo Client
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

Attached Files



#18 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:11:13 AM

Posted 25 January 2008 - 01:05 PM

Hi,

Looks like we are making good progress. :wacko:
However -- did you get an error this time with combofix?
There should be some registry stuff ---- which is not present in log at all.

Can you post a new Hijackthis log please once done with McAfee & spybot install?

Nothing is labeled "service tag" on the labels.
It is an HP Pavillion a1616n


That works :thumbsup:

Might want to bookmark this page in case you ever need it again:

http://h10025.www1.hp.com/ewfrf/wc/softwar...171&lang=en

I'll have to look through the logs again to see what we need to re-install.
Some stuff ComboFix did fix -- others not.

While waiting for me to get back... couple more installs you can do.

Java is out of date.
Uninstall it from add/remove programs> reboot> and install this one:

http://www.java.com/en/download/index.jsp

Uninstall:

Remove WeatherBug Installer <-- If you get error its already gone and asked if you want it removed from list -- say OK.

Adobe Reader 7.0.5 <-- out of date & exploitable.

Uninstall it and you can grab the new version here:

http://www.adobe.com/products/acrobat/readstep2.html

Uncheck the google toolbar if you don't want it before you click "except".

Install went OK?

Leme know how that all went and I'll look to see what else got busted along the way.

Thanks :blink:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#19 jenandmen

jenandmen
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 29 January 2008 - 12:23 PM

We've had a little issue with something nasty the last few days. A red screen and lots of popups for virus protection products. We didn't click on any of them...I've read about that here! When I ran spybot, it said it cleaned up virtuemonde, smitfraud and zlob. But I've done it twice and it seems to be reoccuring. Don't know if this is a new infection or old.
I updated Reader and Java as instructed. I've also tried to strengthen McAfee, but there is no abilty to change the User Age settings as indicated in help docs. Once, I briefly caught a glimspe of a screen that looked like it would allow those changes, but it disappeared too fast. Looks to me like some program is blocking access to that feature.
Here is a HiJack this log, just completed after the above mods.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16, on 2008-01-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\21Z3K18F\mvtapp[1].exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ixquick.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SXG Advisor - {58DDA832-AEA0-4BCF-BC11-C01A3C51C077} - C:\WINDOWS\dntpkwolox.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: ekxdvft - {DEEAF2E6-CBD6-4E9A-B7A7-C17C7C49F697} - C:\WINDOWS\ekxdvft.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKUS\S-1-5-21-4177565785-1466574445-3010575524-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Danny')
O4 - S-1-5-21-4177565785-1466574445-3010575524-1008 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Danny')
O4 - S-1-5-21-4177565785-1466574445-3010575524-1008 User Startup: hc_tray.lnk = C:\Program Files\Kuma Games\hcsystray\hc_tray.exe (User 'Danny')
O4 - S-1-5-21-4177565785-1466574445-3010575524-1008 User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Danny')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: bgrlsmn - {B7357718-2655-4C61-BC45-B58B30C4F526} - C:\WINDOWS\bgrlsmn.dll (file missing)
O21 - SSODL: adsoowf - {5A4195B1-6DEC-4D7D-A44C-797928F53EEF} - C:\WINDOWS\adsoowf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

--
End of file - 10168 bytes

#20 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:11:13 AM

Posted 30 January 2008 - 02:26 AM

Hey :blink:

Sorry for delay.
Looks like you picked up a new(ish) zlob.

Download SDFix and save it to your Desktop.

In the event you already have SDFix, please delete it as this is a new version I need you to download.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

Let me know if your McAfee functions return to normal.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#21 jenandmen

jenandmen
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 30 January 2008 - 07:09 PM

SDFix: Version 1.133

Run by HP_Administrator on 2008-01-30 at 16:37

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\223290~1 - Deleted
C:\PROGRA~1\COMPLU~1\RYDIQY~1 - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\ac8zt2.dat - Deleted
C:\WINDOWS\adsoowf.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\dntpkwolox.dll - Deleted
C:\WINDOWS\ffvrdgt.exe - Deleted
C:\WINDOWS\search_res.txt - Deleted



Folder C:\WINDOWS\privacy_danger - Removed


Removing Temp Files...

ADS Check:




Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 16:55:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 8 Jan 2008 281 A.SHR --- "C:\BOOT.BAK"
Sat 4 Dec 2004 4,348 A..H. --- "C:\Boy's Old Computer\License Backup\drmv1key.bak"
Fri 8 Dec 2006 20 A..H. --- "C:\Boy's Old Computer\License Backup\drmv1lic.bak"
Fri 3 Dec 2004 400 A.SH. --- "C:\Boy's Old Computer\License Backup\drmv2key.bak"
Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\Alex.HALLWAY\Local Settings\Temp\BIT18.tmp"
Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\Alex.HALLWAY\Local Settings\Temp\BIT1C.tmp"
Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\Alex.HALLWAY\Local Settings\Temp\BIT1E.tmp"
Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\Alex.HALLWAY\Local Settings\Temp\BIT20.tmp"
Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\Alex.HALLWAY\Local Settings\Temp\BIT22.tmp"
Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\Alex.HALLWAY\Local Settings\Temp\BIT24.tmp"
Sun 13 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1006.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1025.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1044.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1063.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1082.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT10A1.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT10C0.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT10D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT10DF.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT10FE.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT110.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT111D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT113C.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT115B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT117A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1199.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT11B8.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT11D7.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT11F6.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1215.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1234.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT124.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT126.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT127.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1279.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT128.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT129.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1298.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12A.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12B7.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12D6.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12E.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12F.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12F5.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT130.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT131.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1314.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT132.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT133.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1333.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT134.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT135.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1352.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT136.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT137.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1371.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT138.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT139.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1390.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13AF.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13C.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13CE.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13D.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13ED.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13F.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT140.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT140C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT141.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT142.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT142B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT143.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT144A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1469.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1488.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT14A7.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT14C6.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT14E5.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT150.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT151.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT152.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT153.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT154.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT155.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT156.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT157.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT158.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT159.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT15A.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT15B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT15C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT15D.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT15E.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT15F.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT160.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT161.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT162.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT163.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT181.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT182.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT188.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT189.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT18A.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT18B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT18C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT18D.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT18E.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT18F.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT190.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT191.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT192.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT193.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT194.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT195.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT196.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT197.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT198.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT199.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT19A.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT19B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT19C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT19D.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT19E.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT19F.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A0.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A1.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A2.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A3.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A4.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A5.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A6.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A7.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A8.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A9.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1AA.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1AB.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1AC.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1AD.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1AE.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1AF.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1B0.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1B1.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1C9.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1D0.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1E8.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1EF.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT207.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT20E.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT226.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT22D.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT245.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT24C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT264.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT26B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT283.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT28A.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT2A2.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT2A9.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT2C1.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT2C8.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT2E0.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT2E7.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT2FF.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT306.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT31E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT325.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT33D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT344.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT363.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT36A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT382.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT389.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT3A8.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT3C7.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT3E6.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT405.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT424.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT443.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT462.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT481.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT4A0.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT4BF.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT4DE.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT4FD.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT51C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT53B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT55A.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT579.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT58.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT598.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT5B7.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT5D6.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT5E.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT5F5.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT61.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT614.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT62.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT63.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT633.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT64.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT65.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT652.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT66.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT67.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT68.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT69.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT697.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6A.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6B6.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6C.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6D.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6E.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6F.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6F3.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT70.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT71.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT719.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT72.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT73.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT738.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT74.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT75.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT757.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT76.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT77.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT777.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT78.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT79.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT796.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7A.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7B5.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7C.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7D.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7D4.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7E.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7F.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7F3.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT80.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT81.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT812.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT82.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT83.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT831.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT84.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT85.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT850.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT86.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT86F.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT87.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT88.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT88E.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT89.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8A.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8AD.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8B.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8CC.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8D.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8E.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8EB.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8F.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT90A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT929.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT948.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT967.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT986.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT9A5.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT9C4.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT9E3.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITA02.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITA21.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITA40.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITA5F.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITA7E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITA9D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITABC.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITAD.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITADB.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITAE.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITAFA.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB19.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB38.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB4.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB5.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB57.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB6.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB7.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB76.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB8.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB9.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB95.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBA.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBB.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBB4.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBC.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBD.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBD3.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBE.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBF.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBF2.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC0.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC1.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC11.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC30.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC4.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC4F.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC5.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC7.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC8.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC94.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCA.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCB3.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCC.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCD.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCD2.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCE.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCF.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCF1.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD0.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD1.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD1E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD3D.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD4.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD5.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD5C.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD6.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD7B.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD8.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD9A.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITDA.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITDB.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITDB9.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITDD8.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITDF7.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE0.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE1.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE16.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE3.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE35.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE5.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE54.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE6.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE73.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE9.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE92.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITEA.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITEB.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITEB1.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITED.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITED0.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITEE.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITEEF.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITEF.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF0.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF0E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF1.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF2.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF2D.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF4.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF4C.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF6.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF6B.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF7.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF8.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF8A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITFA9.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITFB.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITFC.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITFC8.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITFD.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITFE7.tmp"
Sun 18 Sep 2005 788,568 A..H. --- "C:\Program Files\Online Services\Canada\KOL\client.exe"
Wed 17 Aug 2005 13,459,528 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\nsb-install-8-0.exe"
Wed 17 Aug 2005 233,472 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\webutil8.exe"
Wed 17 Aug 2005 389,120 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\WinsockFix.exe"
Tue 8 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT56.tmp"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\INSTPH.DLL"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\INSTPH.DLL"
Sun 18 Sep 2005 77,824 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\AcsInstN.dll"
Sun 18 Sep 2005 6,961,146 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acsnet.zip"
Sun 18 Sep 2005 3,058,888 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acssetup.exe"
Sun 18 Sep 2005 307,289 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspcheck.dll"
Sun 18 Sep 2005 7,083,361 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspsetup.exe"
Wed 21 Sep 2005 1,960,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\autoit\autoit-v3.zip"
Sun 18 Sep 2005 550,488 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\deskbar\deskbr.exe"
Sun 18 Sep 2005 553,984 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\flash\FlashAX.exe"
Sun 18 Sep 2005 2,242,759 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\nisale.exe"
Sun 18 Sep 2005 24,064 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\NISChk.dll"
Sun 18 Sep 2005 57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpchk.dll"
Sun 18 Sep 2005 748,728 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpinst.exe"
Sun 18 Sep 2005 7,515,304 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\qt.exe"
Sun 18 Sep 2005 86,016 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\QTInsInf.dll"
Sun 18 Sep 2005 45,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealChk.dll"
Sun 18 Sep 2005 5,111,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealPl8.EXE"
Sun 18 Sep 2005 4,378,673 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\real_upd.exe"
Sun 18 Sep 2005 360,448 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\rp9codec.exe"
Sun 18 Sep 2005 40,960 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SiNdInst.dll"
Sun 18 Sep 2005 473,736 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SinfInst.exe"
Sun 18 Sep 2005 12,288 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbinst.dll"
Sun 18 Sep 2005 516,032 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbsetup.exe"
Sun 18 Sep 2005 597,080 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\toolbar\toolbr.exe"
Sun 18 Sep 2005 590,688 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\TSsetup.exe"
Sun 18 Sep 2005 57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\tsverchk.dll"
Sun 18 Sep 2005 49,152 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\AOLVPChk.dll"
Sun 18 Sep 2005 61,440 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\VPPrePop.exe"
Sun 18 Sep 2005 3,858,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\Vwpt.exe"

Finished!



SDFix: Version 1.133

Run by HP_Administrator on 2008-01-30 at 16:37

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\223290~1 - Deleted
C:\PROGRA~1\COMPLU~1\RYDIQY~1 - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\ac8zt2.dat - Deleted
C:\WINDOWS\adsoowf.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\dntpkwolox.dll - Deleted
C:\WINDOWS\ffvrdgt.exe - Deleted
C:\WINDOWS\search_res.txt - Deleted



Folder C:\WINDOWS\privacy_danger - Removed


Removing Temp Files...

ADS Check:




Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 16:55:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 8 Jan 2008 281 A.SHR --- "C:\BOOT.BAK"
Sat 4 Dec 2004 4,348 A..H. --- "C:\Boy's Old Computer\License Backup\drmv1key.bak"
Fri 8 Dec 2006 20 A..H. --- "C:\Boy's Old Computer\License Backup\drmv1lic.bak"
Fri 3 Dec 2004 400 A.SH. --- "C:\Boy's Old Computer\License Backup\drmv2key.bak"
Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\Alex.HALLWAY\Local Settings\Temp\BIT18.tmp"
Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\Alex.HALLWAY\Local Settings\Temp\BIT1C.tmp"
Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\Alex.HALLWAY\Local Settings\Temp\BIT1E.tmp"
Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\Alex.HALLWAY\Local Settings\Temp\BIT20.tmp"
Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\Alex.HALLWAY\Local Settings\Temp\BIT22.tmp"
Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\Alex.HALLWAY\Local Settings\Temp\BIT24.tmp"
Sun 13 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1006.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1025.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1044.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1063.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1082.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT10A1.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT10C0.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT10D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT10DF.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT10FE.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT110.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT111D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT113C.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT115B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT117A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1199.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT11B8.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT11D7.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT11F6.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1215.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1234.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT124.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT126.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT127.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1279.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT128.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT129.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1298.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12A.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12B7.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12D6.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12E.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12F.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT12F5.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT130.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT131.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1314.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT132.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT133.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1333.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT134.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT135.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1352.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT136.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT137.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1371.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT138.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT139.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1390.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13AF.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13C.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13CE.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13D.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13ED.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT13F.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT140.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT140C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT141.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT142.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT142B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT143.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT144A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1469.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1488.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT14A7.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT14C6.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT14E5.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT150.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT151.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT152.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT153.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT154.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT155.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT156.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT157.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT158.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT159.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT15A.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT15B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT15C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT15D.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT15E.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT15F.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT160.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT161.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT162.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT163.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT181.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT182.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT188.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT189.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT18A.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT18B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT18C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT18D.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT18E.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT18F.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT190.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT191.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT192.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT193.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT194.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT195.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT196.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT197.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT198.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT199.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT19A.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT19B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT19C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT19D.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT19E.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT19F.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A0.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A1.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A2.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A3.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A4.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A5.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A6.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A7.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A8.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1A9.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1AA.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1AB.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1AC.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1AD.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1AE.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1AF.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1B0.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1B1.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1C9.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1D0.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1E8.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT1EF.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT207.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT20E.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT226.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT22D.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT245.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT24C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT264.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT26B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT283.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT28A.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT2A2.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT2A9.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT2C1.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT2C8.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT2E0.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT2E7.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT2FF.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT306.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT31E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT325.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT33D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT344.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT363.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT36A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT382.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT389.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT3A8.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT3C7.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT3E6.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT405.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT424.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT443.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT462.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT481.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT4A0.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT4BF.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT4DE.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT4FD.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT51C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT53B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT55A.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT579.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT58.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT598.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT5B7.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT5D6.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT5E.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT5F5.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT61.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT614.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT62.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT63.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT633.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT64.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT65.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT652.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT66.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT67.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT68.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT69.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT697.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6A.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6B6.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6C.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6D.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6E.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6F.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT6F3.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT70.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT71.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT719.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT72.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT73.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT738.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT74.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT75.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT757.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT76.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT77.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT777.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT78.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT79.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT796.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7A.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7B.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7B5.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7C.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7D.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7D4.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7E.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7F.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT7F3.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT80.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT81.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT812.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT82.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT83.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT831.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT84.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT85.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT850.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT86.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT86F.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT87.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT88.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT88E.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT89.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8A.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8AD.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8B.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8C.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8CC.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8D.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8E.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8EB.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT8F.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT90A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT929.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT948.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT967.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT986.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT9A5.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT9C4.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BIT9E3.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITA02.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITA21.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITA40.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITA5F.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITA7E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITA9D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITABC.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITAD.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITADB.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITAE.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITAFA.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB19.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB38.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB4.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB5.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB57.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB6.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB7.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB76.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB8.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB9.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITB95.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBA.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBB.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBB4.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBC.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBD.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBD3.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBE.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBF.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITBF2.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC0.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC1.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC11.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC30.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC4.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC4F.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC5.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC7.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC8.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITC94.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCA.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCB3.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCC.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCD.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCD2.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCE.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCF.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITCF1.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD0.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD1.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD1E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD3D.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD4.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD5.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD5C.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD6.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD7B.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD8.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITD9A.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITDA.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITDB.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITDB9.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITDD8.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITDF7.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE0.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE1.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE16.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE3.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE35.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE5.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE54.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE6.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE73.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE9.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITE92.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITEA.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITEB.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITEB1.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITED.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITED0.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITEE.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITEEF.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITEF.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF0.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF0E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF1.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF2.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF2D.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF4.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF4C.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF6.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF6B.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF7.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF8.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITF8A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITFA9.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITFB.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITFC.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITFC8.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITFD.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\Documents and Settings\Danny.HALLWAY\Local Settings\temp\BITFE7.tmp"
Sun 18 Sep 2005 788,568 A..H. --- "C:\Program Files\Online Services\Canada\KOL\client.exe"
Wed 17 Aug 2005 13,459,528 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\nsb-install-8-0.exe"
Wed 17 Aug 2005 233,472 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\webutil8.exe"
Wed 17 Aug 2005 389,120 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\WinsockFix.exe"
Tue 8 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT56.tmp"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\INSTPH.DLL"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\INSTPH.DLL"
Sun 18 Sep 2005 77,824 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\AcsInstN.dll"
Sun 18 Sep 2005 6,961,146 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acsnet.zip"
Sun 18 Sep 2005 3,058,888 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acssetup.exe"
Sun 18 Sep 2005 307,289 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspcheck.dll"
Sun 18 Sep 2005 7,083,361 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspsetup.exe"
Wed 21 Sep 2005 1,960,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\autoit\autoit-v3.zip"
Sun 18 Sep 2005 550,488 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\deskbar\deskbr.exe"
Sun 18 Sep 2005 553,984 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\flash\FlashAX.exe"
Sun 18 Sep 2005 2,242,759 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\nisale.exe"
Sun 18 Sep 2005 24,064 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\NISChk.dll"
Sun 18 Sep 2005 57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpchk.dll"
Sun 18 Sep 2005 748,728 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpinst.exe"
Sun 18 Sep 2005 7,515,304 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\qt.exe"
Sun 18 Sep 2005 86,016 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\QTInsInf.dll"
Sun 18 Sep 2005 45,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealChk.dll"
Sun 18 Sep 2005 5,111,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealPl8.EXE"
Sun 18 Sep 2005 4,378,673 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\real_upd.exe"
Sun 18 Sep 2005 360,448 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\rp9codec.exe"
Sun 18 Sep 2005 40,960 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SiNdInst.dll"
Sun 18 Sep 2005 473,736 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SinfInst.exe"
Sun 18 Sep 2005 12,288 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbinst.dll"
Sun 18 Sep 2005 516,032 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbsetup.exe"
Sun 18 Sep 2005 597,080 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\toolbar\toolbr.exe"
Sun 18 Sep 2005 590,688 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\TSsetup.exe"
Sun 18 Sep 2005 57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\tsverchk.dll"
Sun 18 Sep 2005 49,152 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\AOLVPChk.dll"
Sun 18 Sep 2005 61,440 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\VPPrePop.exe"
Sun 18 Sep 2005 3,858,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\Vwpt.exe"

Finished!

#22 jenandmen

jenandmen
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 30 January 2008 - 07:54 PM

McAfee has been uninstalled and then reinstalled, and seems to be working now.

This is getting really old.

Thank you for your help.

#23 jenandmen

jenandmen
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 31 January 2008 - 02:28 AM

Look like I may have posted the SD Fix log twice instead of the HiJack This log...
I'll grab that in the morning.
JP

#24 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:11:13 AM

Posted 31 January 2008 - 06:15 AM

Hi,

Sorry for delay. Bad weather here kept me away.

In addition to the new Hijackthis log can you also grab a log from the following please:

Please download this file and save it to your desktop:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C: ), and launch from there.


***Note : "process.exe" is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
It is safe to allow this file.

Please do not use Option 2 unless told! This tool targets specific threats and the fix portion should not be run unless needed.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#25 jenandmen

jenandmen
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 31 January 2008 - 10:42 AM

the hijack this file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:42, on 2008-01-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-21-4177565785-1466574445-3010575524-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Alex')
O4 - HKUS\S-1-5-21-4177565785-1466574445-3010575524-1009\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Alex')
O4 - S-1-5-21-4177565785-1466574445-3010575524-1009 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Alex')
O4 - S-1-5-21-4177565785-1466574445-3010575524-1009 User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Alex')
O4 - S-1-5-21-4177565785-1466574445-3010575524-1009 User Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe (User 'Alex')
O4 - S-1-5-21-4177565785-1466574445-3010575524-1009 User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Alex')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0161881201740058) (0161881201740058mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\016188~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

--
End of file - 9978 bytes

#26 jenandmen

jenandmen
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 31 January 2008 - 10:50 AM

SmitFraudFix v2.277

Scan done at 8:48:50.03, 2008-01-31
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\cmd.exe

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ hosts


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\Web


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system32


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system32\LogFiles


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Documents and Settings\HP_Administrator


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Documents and Settings\HP_Administrator\Application Data


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Start Menu


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\DOCUME~1\HP_ADM~1\FAVORI~1


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Desktop


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Program Files


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Corrupted keys


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Rustock



╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ DNS

Description: D-Link Air DWL-520 Wireless PCI Adapter(rev.D) - Packet Scheduler Miniport
DNS Server Search Order: 16.92.3.242
DNS Server Search Order: 16.92.3.243
DNS Server Search Order: 16.81.3.243
DNS Server Search Order: 16.118.3.243

Description: D-Link Air DWL-520 Wireless PCI Adapter(rev.D) - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{38B94D52-A9C4-41A0-B1E0-3C791A842089}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{38B94D52-A9C4-41A0-B1E0-3C791A842089}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{38B94D52-A9C4-41A0-B1E0-3C791A842089}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Scanning for wininet.dll infection


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ End

#27 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:11:13 AM

Posted 01 February 2008 - 01:07 AM

Hi,

Smitfraud log looks OK. SDFix cleaned it all out.
Hijackthis looks OK.
Question regarding Hijackthis..
Do you still have Morpheous installed? Limewire?

These you will want to disable from his startup (on his account) to help speed things up.
One does not need these apps running at boot up and they can hog alot of resorces while up/downloads are going on.
furthermore -- the apps themselves may be OK but many of the downloads are unsafe.

If p2p programs are a "must have" please scan everything you download before use.

How is everything else working?
Any programs not working?

Should clean up temp files..

Please download ATF Cleaner by Atribune.
  • Save it to your desktop
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose:

    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Java Cache
    Recycle bin
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Restart computer and let me know how things are running.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users