Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Removing Vundo


  • Please log in to reply
18 replies to this topic

#1 Serj27

Serj27

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 26 January 2008 - 01:51 AM

Hi i just need help with getting rid of the Vundo virus. I have all the symptoms of it including all those pos TMP files on my C: drive.

Any help would be great.

I already have VundoFix and HiJackThis

Thanks

BC AdBot (Login to Remove)

 


#2 Serj27

Serj27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 26 January 2008 - 01:55 AM

This is my log btw


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:03 AM, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Documents and Settings\Serj\My Documents\BitTorrent Downloads\Alcohol 120% 1.9.5.4521\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Documents and Settings\Serj\Desktop\HiJackThis.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Rainmeter\Rainmeter.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0060928
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0060928
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {49D63E18-33B1-46F2-82C2-39431FB94794} - C:\WINDOWS\system32\fcccdbc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {a90def2e-e7d1-01e8-67c4-1e4ac50dd14b} - {b41dd05c-a4e1-4c76-8e10-1d7ee2fed09a} - C:\WINDOWS\system32\utuddbyf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {EDF6C1D2-FCEB-456B-B1FA-D78DE83DD642} - C:\WINDOWS\system32\geeba.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [AnimatedWallpaper] C:\Program Files\3d Animated Wallpaper\AnimWallpaper.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [208c45d4] rundll32.exe "C:\WINDOWS\system32\xxiaphvr.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Logomulti] C:\DOCUME~1\Serj\APPLIC~1\BROWSE~1\Mode loud.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?7b2568cf37e844c3a8819539266af065
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?7b2568cf37e844c3a8819539266af065
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.115
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O22 - SharedTaskScheduler: falsism - {6e886df7-914d-48f0-86b3-a5cf24385361} - (no file)
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\

--
End of file - 13358 bytes

Edited by Serj27, 26 January 2008 - 02:09 AM.


#3 Serj27

Serj27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 26 January 2008 - 09:25 AM

Also this is my combofix log

ComboFix 08-01-23.1C - Serj 2008-01-26 17:08:45.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.547 [GMT -4:00]
Running from: C:\Documents and Settings\Serj\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Serj\My Documents\pos2C0.tmp
C:\Documents and Settings\Serj\My Documents\pos2C1.tmp
C:\Documents and Settings\Serj\My Documents\pos2C2.tmp
C:\Documents and Settings\Serj\My Documents\pos2C3.tmp
C:\Documents and Settings\Serj\My Documents\pos2C4.tmp
C:\Documents and Settings\Serj\My Documents\pos2C5.tmp
C:\Documents and Settings\Serj\My Documents\pos2C6.tmp
C:\Documents and Settings\Serj\My Documents\pos2C7.tmp
C:\Documents and Settings\Serj\My Documents\pos2C8.tmp
C:\Documents and Settings\Serj\My Documents\pos2C9.tmp
C:\Documents and Settings\Serj\My Documents\pos2CA.tmp
C:\Documents and Settings\Serj\My Documents\pos2CB.tmp
C:\Documents and Settings\Serj\My Documents\pos2CC.tmp
C:\Documents and Settings\Serj\My Documents\pos2CD.tmp
C:\Documents and Settings\Serj\My Documents\pos2CE.tmp
C:\Documents and Settings\Serj\My Documents\pos2CF.tmp
C:\Documents and Settings\Serj\My Documents\pos2D0.tmp
C:\Documents and Settings\Serj\My Documents\pos2D1.tmp
C:\Documents and Settings\Serj\My Documents\pos2D2.tmp
C:\Documents and Settings\Serj\My Documents\pos2D3.tmp
C:\Documents and Settings\Serj\My Documents\pos2D4.tmp
C:\Documents and Settings\Serj\My Documents\pos2D5.tmp
C:\Documents and Settings\Serj\My Documents\pos2D6.tmp
C:\Documents and Settings\Serj\My Documents\pos2D7.tmp
C:\Documents and Settings\Serj\My Documents\pos2D8.tmp
C:\Documents and Settings\Serj\My Documents\pos2D9.tmp
C:\Documents and Settings\Serj\My Documents\pos2DA.tmp
C:\Documents and Settings\Serj\My Documents\pos2DB.tmp
C:\Documents and Settings\Serj\My Documents\pos2DC.tmp
C:\Documents and Settings\Serj\My Documents\pos2DD.tmp
C:\Documents and Settings\Serj\My Documents\pos2DE.tmp
C:\Documents and Settings\Serj\My Documents\pos2DF.tmp
C:\Documents and Settings\Serj\My Documents\pos2E0.tmp
C:\Documents and Settings\Serj\My Documents\pos2E1.tmp
C:\Documents and Settings\Serj\My Documents\pos2E2.tmp
C:\Documents and Settings\Serj\My Documents\pos2E3.tmp
C:\Documents and Settings\Serj\My Documents\pos2E4.tmp
C:\Documents and Settings\Serj\My Documents\pos2E5.tmp
C:\Documents and Settings\Serj\My Documents\pos2E6.tmp
C:\Documents and Settings\Serj\My Documents\pos2E7.tmp
C:\Documents and Settings\Serj\My Documents\pos2E8.tmp
C:\Documents and Settings\Serj\My Documents\pos2E9.tmp
C:\Documents and Settings\Serj\My Documents\pos2EA.tmp
C:\Documents and Settings\Serj\My Documents\pos2EB.tmp
C:\Documents and Settings\Serj\My Documents\pos2EC.tmp
C:\Documents and Settings\Serj\My Documents\pos2ED.tmp
C:\Documents and Settings\Serj\My Documents\pos2EE.tmp
C:\Documents and Settings\Serj\My Documents\pos2EF.tmp
C:\Documents and Settings\Serj\My Documents\pos2F0.tmp
C:\Documents and Settings\Serj\My Documents\pos2F1.tmp
C:\Documents and Settings\Serj\My Documents\pos2F2.tmp
C:\Documents and Settings\Serj\My Documents\pos2F3.tmp
C:\Documents and Settings\Serj\My Documents\pos2F4.tmp
C:\Documents and Settings\Serj\My Documents\pos2F5.tmp
C:\Documents and Settings\Serj\My Documents\pos2F6.tmp
C:\Documents and Settings\Serj\My Documents\pos2F7.tmp
C:\Documents and Settings\Serj\My Documents\pos2F8.tmp
C:\Documents and Settings\Serj\My Documents\pos2F9.tmp
C:\Documents and Settings\Serj\My Documents\pos2FA.tmp
C:\Documents and Settings\Serj\My Documents\pos2FB.tmp
C:\Documents and Settings\Serj\My Documents\pos2FC.tmp
C:\Documents and Settings\Serj\My Documents\pos2FD.tmp
C:\Documents and Settings\Serj\My Documents\pos2FE.tmp
C:\Documents and Settings\Serj\My Documents\pos2FF.tmp
C:\Documents and Settings\Serj\My Documents\pos300.tmp
C:\Documents and Settings\Serj\My Documents\pos301.tmp
C:\Documents and Settings\Serj\My Documents\pos302.tmp
C:\Documents and Settings\Serj\My Documents\pos303.tmp
C:\Documents and Settings\Serj\My Documents\pos304.tmp
C:\Documents and Settings\Serj\My Documents\pos305.tmp
C:\Documents and Settings\Serj\My Documents\pos306.tmp
C:\Documents and Settings\Serj\My Documents\pos307.tmp
C:\Documents and Settings\Serj\My Documents\pos308.tmp
C:\Documents and Settings\Serj\My Documents\pos309.tmp
C:\Documents and Settings\Serj\My Documents\pos30A.tmp
C:\Documents and Settings\Serj\My Documents\pos30B.tmp
C:\Documents and Settings\Serj\My Documents\pos30C.tmp
C:\Documents and Settings\Serj\My Documents\pos30D.tmp
C:\Documents and Settings\Serj\My Documents\pos30E.tmp
C:\Documents and Settings\Serj\My Documents\pos30F.tmp
C:\Documents and Settings\Serj\My Documents\pos310.tmp
C:\Documents and Settings\Serj\My Documents\pos311.tmp
C:\Documents and Settings\Serj\My Documents\pos312.tmp
C:\Documents and Settings\Serj\My Documents\pos313.tmp
C:\Documents and Settings\Serj\My Documents\pos314.tmp
C:\Documents and Settings\Serj\My Documents\pos315.tmp
C:\Documents and Settings\Serj\My Documents\pos316.tmp
C:\Documents and Settings\Serj\My Documents\pos317.tmp
C:\Documents and Settings\Serj\My Documents\pos318.tmp
C:\Documents and Settings\Serj\My Documents\pos319.tmp
C:\Documents and Settings\Serj\My Documents\pos31A.tmp
C:\Documents and Settings\Serj\My Documents\pos31B.tmp
C:\Documents and Settings\Serj\My Documents\pos31C.tmp
C:\Documents and Settings\Serj\My Documents\pos31D.tmp
C:\Documents and Settings\Serj\My Documents\pos31E.tmp
C:\Documents and Settings\Serj\My Documents\pos31F.tmp
C:\Documents and Settings\Serj\My Documents\pos320.tmp
C:\Documents and Settings\Serj\My Documents\pos321.tmp
C:\Documents and Settings\Serj\My Documents\pos322.tmp
C:\Documents and Settings\Serj\My Documents\pos323.tmp
C:\Documents and Settings\Serj\My Documents\pos324.tmp
C:\Documents and Settings\Serj\My Documents\pos325.tmp
C:\Documents and Settings\Serj\My Documents\pos326.tmp
C:\Documents and Settings\Serj\My Documents\pos327.tmp
C:\Documents and Settings\Serj\My Documents\pos328.tmp
C:\Documents and Settings\Serj\My Documents\pos329.tmp
C:\Documents and Settings\Serj\My Documents\pos32A.tmp
C:\Documents and Settings\Serj\My Documents\pos32B.tmp
C:\Documents and Settings\Serj\My Documents\pos32C.tmp
C:\Documents and Settings\Serj\My Documents\pos32D.tmp
C:\Documents and Settings\Serj\My Documents\pos32E.tmp
C:\Documents and Settings\Serj\My Documents\pos32F.tmp
C:\Documents and Settings\Serj\My Documents\pos330.tmp
C:\Documents and Settings\Serj\My Documents\pos331.tmp
C:\Documents and Settings\Serj\My Documents\pos332.tmp
C:\Documents and Settings\Serj\My Documents\pos333.tmp
C:\Documents and Settings\Serj\My Documents\pos334.tmp
C:\Documents and Settings\Serj\My Documents\pos335.tmp
C:\Documents and Settings\Serj\My Documents\pos336.tmp
C:\Documents and Settings\Serj\My Documents\pos337.tmp
C:\Documents and Settings\Serj\My Documents\pos338.tmp
C:\Documents and Settings\Serj\My Documents\pos339.tmp
C:\Documents and Settings\Serj\My Documents\pos33A.tmp
C:\Documents and Settings\Serj\My Documents\pos33B.tmp
C:\Documents and Settings\Serj\My Documents\pos33C.tmp
C:\Documents and Settings\Serj\My Documents\pos33D.tmp
C:\Documents and Settings\Serj\My Documents\pos33E.tmp
C:\Documents and Settings\Serj\My Documents\pos33F.tmp
C:\Documents and Settings\Serj\My Documents\pos340.tmp
C:\Documents and Settings\Serj\My Documents\pos341.tmp
C:\Documents and Settings\Serj\My Documents\pos342.tmp
C:\Documents and Settings\Serj\My Documents\pos343.tmp
C:\Documents and Settings\Serj\My Documents\pos344.tmp
C:\Documents and Settings\Serj\My Documents\pos345.tmp
C:\Documents and Settings\Serj\My Documents\pos346.tmp
C:\Documents and Settings\Serj\My Documents\pos347.tmp
C:\Documents and Settings\Serj\My Documents\pos348.tmp
C:\Documents and Settings\Serj\My Documents\pos349.tmp
C:\Documents and Settings\Serj\My Documents\pos34A.tmp
C:\Documents and Settings\Serj\My Documents\pos34B.tmp
C:\Documents and Settings\Serj\My Documents\pos34C.tmp
C:\Documents and Settings\Serj\My Documents\pos34D.tmp
C:\Documents and Settings\Serj\My Documents\pos34E.tmp
C:\Documents and Settings\Serj\My Documents\pos34F.tmp
C:\Documents and Settings\Serj\My Documents\pos350.tmp
C:\Documents and Settings\Serj\My Documents\pos351.tmp
C:\Documents and Settings\Serj\My Documents\pos352.tmp
C:\Documents and Settings\Serj\My Documents\pos353.tmp
C:\Documents and Settings\Serj\My Documents\pos354.tmp
C:\Documents and Settings\Serj\My Documents\pos355.tmp
C:\Documents and Settings\Serj\My Documents\pos356.tmp
C:\Documents and Settings\Serj\My Documents\pos357.tmp
C:\Documents and Settings\Serj\My Documents\pos358.tmp
C:\Documents and Settings\Serj\My Documents\pos359.tmp
C:\Documents and Settings\Serj\My Documents\pos35A.tmp
C:\Documents and Settings\Serj\My Documents\pos35B.tmp
C:\Documents and Settings\Serj\My Documents\pos35C.tmp
C:\Documents and Settings\Serj\My Documents\pos35D.tmp
C:\Documents and Settings\Serj\My Documents\pos35E.tmp
C:\Documents and Settings\Serj\My Documents\pos35F.tmp
C:\Documents and Settings\Serj\My Documents\pos360.tmp
C:\Documents and Settings\Serj\My Documents\pos361.tmp
C:\Documents and Settings\Serj\My Documents\pos362.tmp
C:\Documents and Settings\Serj\My Documents\pos363.tmp
C:\Documents and Settings\Serj\My Documents\pos364.tmp
C:\Documents and Settings\Serj\My Documents\pos365.tmp
C:\Documents and Settings\Serj\My Documents\pos366.tmp
C:\Documents and Settings\Serj\My Documents\pos367.tmp
C:\Documents and Settings\Serj\My Documents\pos368.tmp
C:\Documents and Settings\Serj\My Documents\pos369.tmp
C:\Documents and Settings\Serj\My Documents\pos36A.tmp
C:\Documents and Settings\Serj\My Documents\pos36B.tmp
C:\Documents and Settings\Serj\My Documents\pos36C.tmp
C:\Documents and Settings\Serj\My Documents\pos36D.tmp
C:\Documents and Settings\Serj\My Documents\pos36E.tmp
C:\Documents and Settings\Serj\My Documents\pos36F.tmp
C:\Documents and Settings\Serj\My Documents\pos370.tmp
C:\Documents and Settings\Serj\My Documents\pos371.tmp
C:\Documents and Settings\Serj\My Documents\pos372.tmp
C:\Documents and Settings\Serj\My Documents\pos373.tmp
C:\Documents and Settings\Serj\My Documents\pos374.tmp
C:\Documents and Settings\Serj\My Documents\pos375.tmp
C:\Documents and Settings\Serj\My Documents\pos376.tmp
C:\Documents and Settings\Serj\My Documents\pos377.tmp
C:\Documents and Settings\Serj\My Documents\pos378.tmp
C:\Documents and Settings\Serj\My Documents\pos379.tmp
C:\Documents and Settings\Serj\My Documents\pos37A.tmp
C:\Documents and Settings\Serj\My Documents\pos37B.tmp
C:\Documents and Settings\Serj\My Documents\pos37C.tmp
C:\Documents and Settings\Serj\My Documents\pos37D.tmp
C:\Documents and Settings\Serj\My Documents\pos37E.tmp
C:\Documents and Settings\Serj\My Documents\pos37F.tmp
C:\Documents and Settings\Serj\My Documents\pos380.tmp
C:\Documents and Settings\Serj\My Documents\pos381.tmp
C:\Documents and Settings\Serj\My Documents\pos382.tmp
C:\Documents and Settings\Serj\My Documents\pos383.tmp
C:\Documents and Settings\Serj\My Documents\pos384.tmp
C:\Documents and Settings\Serj\My Documents\pos385.tmp
C:\Documents and Settings\Serj\My Documents\pos386.tmp
C:\Documents and Settings\Serj\My Documents\pos387.tmp
C:\Documents and Settings\Serj\My Documents\pos388.tmp
C:\Documents and Settings\Serj\My Documents\pos389.tmp
C:\Documents and Settings\Serj\My Documents\pos38A.tmp
C:\Documents and Settings\Serj\My Documents\pos38B.tmp
C:\Documents and Settings\Serj\My Documents\pos38C.tmp
C:\Documents and Settings\Serj\My Documents\pos38D.tmp
C:\Documents and Settings\Serj\My Documents\pos38E.tmp
C:\Documents and Settings\Serj\My Documents\pos38F.tmp
C:\Documents and Settings\Serj\My Documents\pos390.tmp
C:\Documents and Settings\Serj\My Documents\pos391.tmp
C:\Documents and Settings\Serj\My Documents\pos392.tmp
C:\Documents and Settings\Serj\My Documents\pos393.tmp
C:\Documents and Settings\Serj\My Documents\pos394.tmp
C:\Documents and Settings\Serj\My Documents\pos395.tmp
C:\Documents and Settings\Serj\My Documents\pos396.tmp
C:\Documents and Settings\Serj\My Documents\pos397.tmp
C:\Documents and Settings\Serj\My Documents\pos398.tmp
C:\Documents and Settings\Serj\My Documents\pos399.tmp
C:\Documents and Settings\Serj\My Documents\pos39A.tmp
C:\Documents and Settings\Serj\My Documents\pos39B.tmp
C:\Documents and Settings\Serj\My Documents\pos39C.tmp
C:\Documents and Settings\Serj\My Documents\pos39D.tmp
C:\Documents and Settings\Serj\My Documents\pos39E.tmp
C:\Documents and Settings\Serj\My Documents\pos39F.tmp
C:\Documents and Settings\Serj\My Documents\pos3A0.tmp
C:\Documents and Settings\Serj\My Documents\pos3A1.tmp
C:\Documents and Settings\Serj\My Documents\pos3A2.tmp
C:\Documents and Settings\Serj\My Documents\pos3A3.tmp
C:\Documents and Settings\Serj\My Documents\pos3A4.tmp
C:\Documents and Settings\Serj\My Documents\pos3A5.tmp
C:\Documents and Settings\Serj\My Documents\pos3A6.tmp
C:\Documents and Settings\Serj\My Documents\pos3A7.tmp
C:\Documents and Settings\Serj\My Documents\pos3A8.tmp
C:\Documents and Settings\Serj\My Documents\pos3A9.tmp
C:\Documents and Settings\Serj\My Documents\pos3AA.tmp
C:\Documents and Settings\Serj\My Documents\pos3AB.tmp
C:\Documents and Settings\Serj\My Documents\pos3AC.tmp
C:\Documents and Settings\Serj\My Documents\pos3AD.tmp
C:\Documents and Settings\Serj\My Documents\pos3AE.tmp
C:\Documents and Settings\Serj\My Documents\pos3AF.tmp
C:\Documents and Settings\Serj\My Documents\pos3B0.tmp
C:\Documents and Settings\Serj\My Documents\pos3B1.tmp
C:\Documents and Settings\Serj\My Documents\pos3B2.tmp
C:\Documents and Settings\Serj\My Documents\pos3B3.tmp
C:\Documents and Settings\Serj\My Documents\pos3B4.tmp
C:\Documents and Settings\Serj\My Documents\pos3B5.tmp
C:\Documents and Settings\Serj\My Documents\pos3B6.tmp
C:\Documents and Settings\Serj\My Documents\pos3B7.tmp
C:\Documents and Settings\Serj\My Documents\pos3B8.tmp
C:\Documents and Settings\Serj\My Documents\pos3B9.tmp
C:\Documents and Settings\Serj\My Documents\pos3BA.tmp
C:\Documents and Settings\Serj\My Documents\pos3BB.tmp
C:\Documents and Settings\Serj\My Documents\pos3BC.tmp
C:\Documents and Settings\Serj\My Documents\pos3BD.tmp
C:\Documents and Settings\Serj\My Documents\pos3BE.tmp
C:\Documents and Settings\Serj\My Documents\pos3BF.tmp
C:\Documents and Settings\Serj\My Documents\pos3C0.tmp
C:\Documents and Settings\Serj\My Documents\pos3C1.tmp
C:\Documents and Settings\Serj\My Documents\pos3C2.tmp
C:\Documents and Settings\Serj\My Documents\pos3C3.tmp
C:\Documents and Settings\Serj\My Documents\pos3C4.tmp
C:\Documents and Settings\Serj\My Documents\pos3C5.tmp
C:\Documents and Settings\Serj\My Documents\pos3C6.tmp
C:\Documents and Settings\Serj\My Documents\pos3C7.tmp
C:\Documents and Settings\Serj\My Documents\pos3C8.tmp
C:\Documents and Settings\Serj\My Documents\pos3C9.tmp
C:\Documents and Settings\Serj\My Documents\pos3CA.tmp
C:\Documents and Settings\Serj\My Documents\pos3CB.tmp
C:\Documents and Settings\Serj\My Documents\pos3CC.tmp
C:\Documents and Settings\Serj\My Documents\pos3CD.tmp
C:\Documents and Settings\Serj\My Documents\pos3CE.tmp
C:\Documents and Settings\Serj\My Documents\pos3CF.tmp
C:\Documents and Settings\Serj\My Documents\pos3D0.tmp
C:\Documents and Settings\Serj\My Documents\pos3D1.tmp
C:\Documents and Settings\Serj\My Documents\pos3D2.tmp
C:\Documents and Settings\Serj\My Documents\pos3D3.tmp
C:\Documents and Settings\Serj\My Documents\pos3D4.tmp
C:\Documents and Settings\Serj\My Documents\pos3D5.tmp
C:\Documents and Settings\Serj\My Documents\pos3D6.tmp
C:\Documents and Settings\Serj\My Documents\pos3D7.tmp
C:\Documents and Settings\Serj\My Documents\pos3D8.tmp
C:\Documents and Settings\Serj\My Documents\pos3D9.tmp
C:\Documents and Settings\Serj\My Documents\pos3DA.tmp
C:\Documents and Settings\Serj\My Documents\pos3DB.tmp
C:\Documents and Settings\Serj\My Documents\pos3DC.tmp
C:\Documents and Settings\Serj\My Documents\pos3DD.tmp
C:\Documents and Settings\Serj\My Documents\pos3DE.tmp
C:\Documents and Settings\Serj\My Documents\pos3DF.tmp
C:\Documents and Settings\Serj\My Documents\pos3E0.tmp
C:\Documents and Settings\Serj\My Documents\pos3E1.tmp
C:\Documents and Settings\Serj\My Documents\pos3E2.tmp
C:\Documents and Settings\Serj\My Documents\pos3E3.tmp
C:\Documents and Settings\Serj\My Documents\pos3E4.tmp
C:\Documents and Settings\Serj\My Documents\pos3E5.tmp
C:\Documents and Settings\Serj\My Documents\pos3E6.tmp
C:\Documents and Settings\Serj\My Documents\pos3E7.tmp
C:\Documents and Settings\Serj\My Documents\pos3E8.tmp
C:\Documents and Settings\Serj\My Documents\pos3E9.tmp
C:\Documents and Settings\Serj\My Documents\pos3EA.tmp
C:\Documents and Settings\Serj\My Documents\pos3EB.tmp
C:\Documents and Settings\Serj\My Documents\pos3EC.tmp
C:\Documents and Settings\Serj\My Documents\pos3ED.tmp
C:\Documents and Settings\Serj\My Documents\pos3EE.tmp
C:\Documents and Settings\Serj\My Documents\pos3EF.tmp
C:\Documents and Settings\Serj\My Documents\pos3F0.tmp
C:\Documents and Settings\Serj\My Documents\pos3F1.tmp
C:\Documents and Settings\Serj\My Documents\pos3F2.tmp
C:\Documents and Settings\Serj\My Documents\pos3F3.tmp
C:\Documents and Settings\Serj\My Documents\pos3F4.tmp
C:\Documents and Settings\Serj\My Documents\pos3F5.tmp
C:\Documents and Settings\Serj\My Documents\pos3F6.tmp
C:\Documents and Settings\Serj\My Documents\pos3F7.tmp
C:\Documents and Settings\Serj\My Documents\pos3F8.tmp
C:\Documents and Settings\Serj\My Documents\pos3F9.tmp
C:\Documents and Settings\Serj\My Documents\pos3FA.tmp
C:\Documents and Settings\Serj\My Documents\pos3FB.tmp
C:\Documents and Settings\Serj\My Documents\pos3FC.tmp
C:\Documents and Settings\Serj\My Documents\pos3FD.tmp
C:\Documents and Settings\Serj\My Documents\pos3FE.tmp
C:\Documents and Settings\Serj\My Documents\pos3FF.tmp
C:\Documents and Settings\Serj\My Documents\pos400.tmp
C:\Documents and Settings\Serj\My Documents\pos401.tmp
C:\Documents and Settings\Serj\My Documents\pos402.tmp
C:\Documents and Settings\Serj\My Documents\pos403.tmp
C:\Documents and Settings\Serj\My Documents\pos404.tmp
C:\Documents and Settings\Serj\My Documents\pos405.tmp
C:\Documents and Settings\Serj\My Documents\pos406.tmp
C:\Documents and Settings\Serj\My Documents\pos407.tmp
C:\Documents and Settings\Serj\My Documents\pos408.tmp
C:\Documents and Settings\Serj\My Documents\pos409.tmp
C:\Documents and Settings\Serj\My Documents\pos40A.tmp
C:\Documents and Settings\Serj\My Documents\pos40B.tmp
C:\Documents and Settings\Serj\My Documents\pos40C.tmp
C:\Documents and Settings\Serj\My Documents\pos40D.tmp
C:\Documents and Settings\Serj\My Documents\pos40E.tmp
C:\Documents and Settings\Serj\My Documents\pos40F.tmp
C:\Documents and Settings\Serj\My Documents\pos410.tmp
C:\Documents and Settings\Serj\My Documents\pos411.tmp
C:\Documents and Settings\Serj\My Documents\pos412.tmp
C:\Documents and Settings\Serj\My Documents\pos413.tmp
C:\Documents and Settings\Serj\My Documents\pos414.tmp
C:\Documents and Settings\Serj\My Documents\pos415.tmp
C:\Documents and Settings\Serj\My Documents\pos416.tmp
C:\Documents and Settings\Serj\My Documents\pos417.tmp
C:\Documents and Settings\Serj\My Documents\pos418.tmp
C:\Documents and Settings\Serj\My Documents\pos419.tmp
C:\Documents and Settings\Serj\My Documents\pos41A.tmp
C:\Documents and Settings\Serj\My Documents\pos41B.tmp
C:\Documents and Settings\Serj\My Documents\pos41C.tmp
C:\Documents and Settings\Serj\My Documents\pos41D.tmp
C:\Documents and Settings\Serj\My Documents\pos41E.tmp
C:\Documents and Settings\Serj\My Documents\pos41F.tmp
C:\Documents and Settings\Serj\My Documents\pos420.tmp
C:\Documents and Settings\Serj\My Documents\pos421.tmp
C:\Documents and Settings\Serj\My Documents\pos422.tmp
C:\Documents and Settings\Serj\My Documents\pos423.tmp
C:\Documents and Settings\Serj\My Documents\pos424.tmp
C:\Documents and Settings\Serj\My Documents\pos425.tmp
C:\Documents and Settings\Serj\My Documents\pos426.tmp
C:\Documents and Settings\Serj\My Documents\pos427.tmp
C:\Documents and Settings\Serj\My Documents\pos428.tmp
C:\Documents and Settings\Serj\My Documents\pos429.tmp
C:\Documents and Settings\Serj\My Documents\pos42A.tmp
C:\Documents and Settings\Serj\My Documents\pos42B.tmp
C:\Documents and Settings\Serj\My Documents\pos42C.tmp
C:\Documents and Settings\Serj\My Documents\pos42D.tmp
C:\Documents and Settings\Serj\My Documents\pos42E.tmp
C:\Documents and Settings\Serj\My Documents\pos42F.tmp
C:\Documents and Settings\Serj\My Documents\pos430.tmp
C:\Documents and Settings\Serj\My Documents\pos431.tmp
C:\Documents and Settings\Serj\My Documents\pos432.tmp
C:\Documents and Settings\Serj\My Documents\pos433.tmp
C:\Documents and Settings\Serj\My Documents\pos434.tmp
C:\Documents and Settings\Serj\My Documents\pos435.tmp
C:\Documents and Settings\Serj\My Documents\pos436.tmp
C:\Documents and Settings\Serj\My Documents\pos437.tmp
C:\Documents and Settings\Serj\My Documents\pos438.tmp
C:\Documents and Settings\Serj\My Documents\pos439.tmp
C:\Documents and Settings\Serj\My Documents\pos43A.tmp
C:\Documents and Settings\Serj\My Documents\pos43B.tmp
C:\Documents and Settings\Serj\My Documents\pos43C.tmp
C:\Documents and Settings\Serj\My Documents\pos43D.tmp
C:\Documents and Settings\Serj\My Documents\pos43E.tmp
C:\Documents and Settings\Serj\My Documents\pos43F.tmp
C:\Documents and Settings\Serj\My Documents\pos440.tmp
C:\Documents and Settings\Serj\My Documents\pos441.tmp
C:\Documents and Settings\Serj\My Documents\pos442.tmp
C:\Documents and Settings\Serj\My Documents\pos443.tmp
C:\Documents and Settings\Serj\My Documents\pos444.tmp
C:\Documents and Settings\Serj\My Documents\pos445.tmp
C:\Documents and Settings\Serj\My Documents\pos446.tmp
C:\Documents and Settings\Serj\My Documents\pos447.tmp
C:\Documents and Settings\Serj\My Documents\pos448.tmp
C:\Documents and Settings\Serj\My Documents\pos449.tmp
C:\Documents and Settings\Serj\My Documents\pos44A.tmp
C:\Documents and Settings\Serj\My Documents\pos44B.tmp
C:\Documents and Settings\Serj\My Documents\pos44C.tmp
C:\Documents and Settings\Serj\My Documents\pos44D.tmp
C:\Documents and Settings\Serj\My Documents\pos44E.tmp
C:\Documents and Settings\Serj\My Documents\pos44F.tmp
C:\Documents and Settings\Serj\My Documents\pos450.tmp
C:\Documents and Settings\Serj\My Documents\pos451.tmp
C:\Documents and Settings\Serj\My Documents\pos452.tmp
C:\Documents and Settings\Serj\My Documents\pos453.tmp
C:\Documents and Settings\Serj\My Documents\pos454.tmp
C:\Documents and Settings\Serj\My Documents\pos455.tmp
C:\Documents and Settings\Serj\My Documents\pos456.tmp
C:\Documents and Settings\Serj\My Documents\pos457.tmp
C:\Documents and Settings\Serj\My Documents\pos458.tmp
C:\Documents and Settings\Serj\My Documents\pos459.tmp
C:\Documents and Settings\Serj\My Documents\pos45A.tmp
C:\Documents and Settings\Serj\My Documents\pos45B.tmp
C:\Documents and Settings\Serj\My Documents\pos45C.tmp
C:\Documents and Settings\Serj\My Documents\pos45D.tmp
C:\Documents and Settings\Serj\My Documents\pos45E.tmp
C:\Documents and Settings\Serj\My Documents\pos45F.tmp
C:\Documents and Settings\Serj\My Documents\pos460.tmp
C:\Documents and Settings\Serj\My Documents\pos461.tmp
C:\Documents and Settings\Serj\My Documents\pos462.tmp
C:\Documents and Settings\Serj\My Documents\pos463.tmp
C:\Documents and Settings\Serj\My Documents\pos464.tmp
C:\Documents and Settings\Serj\My Documents\pos465.tmp
C:\Documents and Settings\Serj\My Documents\pos466.tmp
C:\Documents and Settings\Serj\My Documents\pos467.tmp
C:\Documents and Settings\Serj\My Documents\pos468.tmp
C:\Documents and Settings\Serj\My Documents\pos469.tmp
C:\Documents and Settings\Serj\My Documents\pos46A.tmp
C:\Documents and Settings\Serj\My Documents\pos46B.tmp
C:\Documents and Settings\Serj\My Documents\pos46C.tmp
C:\Documents and Settings\Serj\My Documents\pos46D.tmp
C:\Documents and Settings\Serj\My Documents\pos46E.tmp
C:\Documents and Settings\Serj\My Documents\pos46F.tmp
C:\Documents and Settings\Serj\My Documents\pos470.tmp
C:\Documents and Settings\Serj\My Documents\pos471.tmp
C:\Documents and Settings\Serj\My Documents\pos472.tmp
C:\Documents and Settings\Serj\My Documents\pos473.tmp
C:\Documents and Settings\Serj\My Documents\pos474.tmp
C:\Documents and Settings\Serj\My Documents\pos475.tmp
C:\Documents and Settings\Serj\My Documents\pos476.tmp
C:\Documents and Settings\Serj\My Documents\pos477.tmp
C:\Documents and Settings\Serj\My Documents\pos478.tmp
C:\Documents and Settings\Serj\My Documents\pos479.tmp
C:\Documents and Settings\Serj\My Documents\pos47A.tmp
C:\Documents and Settings\Serj\My Documents\pos47B.tmp
C:\Documents and Settings\Serj\My Documents\pos47C.tmp
C:\Documents and Settings\Serj\My Documents\pos47D.tmp
C:\Documents and Settings\Serj\My Documents\pos47E.tmp
C:\Documents and Settings\Serj\My Documents\pos47F.tmp
C:\Documents and Settings\Serj\My Documents\pos480.tmp
C:\Documents and Settings\Serj\My Documents\pos481.tmp
C:\Documents and Settings\Serj\My Documents\pos482.tmp
C:\Documents and Settings\Serj\My Documents\pos483.tmp
C:\Documents and Settings\Serj\My Documents\pos484.tmp
C:\Documents and Settings\Serj\My Documents\pos485.tmp
C:\Documents and Settings\Serj\My Documents\pos486.tmp
C:\Documents and Settings\Serj\My Documents\pos487.tmp
C:\Documents and Settings\Serj\My Documents\pos488.tmp
C:\Documents and Settings\Serj\My Documents\pos489.tmp
C:\Documents and Settings\Serj\My Documents\pos48A.tmp
C:\Documents and Settings\Serj\My Documents\pos48B.tmp
C:\Documents and Settings\Serj\My Documents\pos48C.tmp
C:\Documents and Settings\Serj\My Documents\pos48D.tmp
C:\Documents and Settings\Serj\My Documents\pos48E.tmp
C:\Documents and Settings\Serj\My Documents\pos48F.tmp
C:\Documents and Settings\Serj\My Documents\pos490.tmp
C:\Documents and Settings\Serj\My Documents\pos491.tmp
C:\Documents and Settings\Serj\My Documents\pos492.tmp
C:\Documents and Settings\Serj\My Documents\pos493.tmp
C:\Documents and Settings\Serj\My Documents\pos494.tmp
C:\Documents and Settings\Serj\My Documents\pos495.tmp
C:\Documents and Settings\Serj\My Documents\pos496.tmp
C:\Documents and Settings\Serj\My Documents\pos497.tmp
C:\Documents and Settings\Serj\My Documents\pos498.tmp
C:\Documents and Settings\Serj\My Documents\pos499.tmp
C:\Documents and Settings\Serj\My Documents\pos49A.tmp
C:\Documents and Settings\Serj\My Documents\pos49B.tmp
C:\Documents and Settings\Serj\My Documents\pos49C.tmp
C:\Documents and Settings\Serj\My Documents\pos49D.tmp
C:\Documents and Settings\Serj\My Documents\pos49E.tmp
C:\Documents and Settings\Serj\My Documents\pos49F.tmp
C:\Documents and Settings\Serj\My Documents\pos4A0.tmp
C:\Documents and Settings\Serj\My Documents\pos4A1.tmp
C:\Documents and Settings\Serj\My Documents\pos4A2.tmp
C:\Documents and Settings\Serj\My Documents\pos4A3.tmp
C:\Documents and Settings\Serj\My Documents\pos4A4.tmp
C:\Documents and Settings\Serj\My Documents\pos4A5.tmp
C:\Documents and Settings\Serj\My Documents\pos4A6.tmp
C:\Documents and Settings\Serj\My Documents\pos4A7.tmp
C:\Documents and Settings\Serj\My Documents\pos4A8.tmp
C:\Documents and Settings\Serj\My Documents\pos4A9.tmp
C:\Documents and Settings\Serj\My Documents\pos4AA.tmp
C:\Documents and Settings\Serj\My Documents\pos4AB.tmp
C:\Documents and Settings\Serj\My Documents\pos4AC.tmp
C:\Documents and Settings\Serj\My Documents\pos4AD.tmp
C:\Documents and Settings\Serj\My Documents\pos4AE.tmp
C:\Documents and Settings\Serj\My Documents\pos4AF.tmp
C:\Documents and Settings\Serj\My Documents\pos4B0.tmp
C:\Documents and Settings\Serj\My Documents\pos4B1.tmp
C:\Documents and Settings\Serj\My Documents\pos4B2.tmp
C:\Documents and Settings\Serj\My Documents\pos4B3.tmp
C:\Documents and Settings\Serj\My Documents\pos6CA.tmp
C:\Documents and Settings\Serj\My Documents\pos6CB.tmp
C:\Documents and Settings\Serj\My Documents\pos6CC.tmp
C:\Documents and Settings\Serj\My Documents\pos6CD.tmp
C:\Documents and Settings\Serj\My Documents\pos6CE.tmp
C:\Documents and Settings\Serj\My Documents\pos6CF.tmp
C:\Documents and Settings\Serj\My Documents\pos6D0.tmp
C:\Documents and Settings\Serj\My Documents\pos6D1.tmp
C:\Documents and Settings\Serj\My Documents\pos6D2.tmp
C:\Documents and Settings\Serj\My Documents\pos6D3.tmp
C:\Documents and Settings\Serj\My Documents\pos6D4.tmp
C:\Documents and Settings\Serj\My Documents\pos6D5.tmp
C:\Documents and Settings\Serj\My Documents\pos6D6.tmp
C:\Documents and Settings\Serj\My Documents\pos6D7.tmp
C:\Documents and Settings\Serj\My Documents\pos6D8.tmp
C:\Documents and Settings\Serj\My Documents\pos6D9.tmp
C:\Documents and Settings\Serj\My Documents\pos6DA.tmp
C:\Documents and Settings\Serj\My Documents\pos6DB.tmp
C:\Documents and Settings\Serj\My Documents\pos6DC.tmp
C:\Documents and Settings\Serj\My Documents\pos6DD.tmp
C:\Documents and Settings\Serj\My Documents\pos6DE.tmp
C:\Documents and Settings\Serj\My Documents\pos6DF.tmp
C:\Documents and Settings\Serj\My Documents\pos6E0.tmp
C:\Documents and Settings\Serj\My Documents\pos6E1.tmp
C:\Documents and Settings\Serj\My Documents\pos6E2.tmp
C:\Documents and Settings\Serj\My Documents\pos6E3.tmp
C:\Documents and Settings\Serj\My Documents\pos6E4.tmp
C:\Documents and Settings\Serj\My Documents\pos6E5.tmp
C:\Documents and Settings\Serj\My Documents\pos6E6.tmp
C:\Documents and Settings\Serj\My Documents\pos6E7.tmp
C:\Documents and Settings\Serj\My Documents\pos6E8.tmp
C:\Documents and Settings\Serj\My Documents\pos6E9.tmp
C:\Documents and Settings\Serj\My Documents\pos6EA.tmp
C:\Documents and Settings\Serj\My Documents\pos6EB.tmp
C:\Documents and Settings\Serj\My Documents\pos6EC.tmp
C:\Documents and Settings\Serj\My Documents\pos6ED.tmp
C:\Documents and Settings\Serj\My Documents\pos6EE.tmp
C:\Documents and Settings\Serj\My Documents\pos6EF.tmp
C:\Documents and Settings\Serj\My Documents\pos6F0.tmp
C:\Documents and Settings\Serj\My Documents\pos6F1.tmp
C:\Documents and Settings\Serj\My Documents\pos6F2.tmp
C:\Documents and Settings\Serj\My Documents\pos6F3.tmp
C:\Documents and Settings\Serj\My Documents\pos6F4.tmp
C:\Documents and Settings\Serj\My Documents\pos6F5.tmp
C:\Documents and Settings\Serj\My Documents\pos6F6.tmp
C:\Documents and Settings\Serj\My Documents\pos6F7.tmp
C:\Documents and Settings\Serj\My Documents\pos6F8.tmp
C:\Documents and Settings\Serj\My Documents\pos6F9.tmp
C:\Documents and Settings\Serj\My Documents\pos6FA.tmp
C:\Documents and Settings\Serj\My Documents\pos6FB.tmp
C:\Documents and Settings\Serj\My Documents\pos6FC.tmp
C:\Documents and Settings\Serj\My Documents\pos6FD.tmp
C:\Documents and Settings\Serj\My Documents\pos6FE.tmp
C:\Documents and Settings\Serj\My Documents\pos6FF.tmp
C:\Documents and Settings\Serj\My Documents\pos700.tmp
C:\Documents and Settings\Serj\My Documents\pos701.tmp
C:\Documents and Settings\Serj\My Documents\pos702.tmp
C:\Documents and Settings\Serj\My Documents\pos703.tmp
C:\Documents and Settings\Serj\My Documents\pos704.tmp
C:\Documents and Settings\Serj\My Documents\pos705.tmp
C:\Documents and Settings\Serj\My Documents\pos706.tmp
C:\Documents and Settings\Serj\My Documents\pos707.tmp
C:\Documents and Settings\Serj\My Documents\pos708.tmp
C:\Documents and Settings\Serj\My Documents\pos709.tmp
C:\Documents and Settings\Serj\My Documents\pos70A.tmp
C:\Documents and Settings\Serj\My Documents\pos70B.tmp
C:\Documents and Settings\Serj\My Documents\pos70C.tmp
C:\Documents and Settings\Serj\My Documents\pos70D.tmp
C:\Documents and Settings\Serj\My Documents\pos70E.tmp
C:\Documents and Settings\Serj\My Documents\pos70F.tmp
C:\Documents and Settings\Serj\My Documents\pos710.tmp
C:\Documents and Settings\Serj\My Documents\pos711.tmp
C:\Documents and Settings\Serj\My Documents\pos712.tmp
C:\Documents and Settings\Serj\My Documents\pos713.tmp
C:\Documents and Settings\Serj\My Documents\pos714.tmp
C:\Documents and Settings\Serj\My Documents\pos715.tmp
C:\Documents and Settings\Serj\My Documents\pos716.tmp
C:\Documents and Settings\Serj\My Documents\pos717.tmp
C:\Documents and Settings\Serj\My Documents\pos718.tmp
C:\Documents and Settings\Serj\My Documents\pos719.tmp
C:\Documents and Settings\Serj\My Documents\pos71A.tmp
C:\Documents and Settings\Serj\My Documents\pos71B.tmp
C:\Documents and Settings\Serj\My Documents\pos71C.tmp
C:\Documents and Settings\Serj\My Documents\pos71D.tmp
C:\Documents and Settings\Serj\My Documents\pos71E.tmp
C:\Documents and Settings\Serj\My Documents\pos71F.tmp
C:\Documents and Settings\Serj\My Documents\pos720.tmp
C:\Documents and Settings\Serj\My Documents\pos721.tmp
C:\Documents and Settings\Serj\My Documents\pos722.tmp
C:\Documents and Settings\Serj\My Documents\pos723.tmp
C:\Documents and Settings\Serj\My Documents\pos724.tmp
C:\Documents and Settings\Serj\My Documents\pos725.tmp
C:\Documents and Settings\Serj\My Documents\pos726.tmp
C:\Documents and Settings\Serj\My Documents\pos727.tmp
C:\Documents and Settings\Serj\My Documents\pos728.tmp
C:\Documents and Settings\Serj\My Documents\pos729.tmp
C:\Documents and Settings\Serj\My Documents\pos72A.tmp
C:\Documents and Settings\Serj\My Documents\pos72B.tmp
C:\Documents and Settings\Serj\My Documents\pos72C.tmp
C:\Documents and Settings\Serj\My Documents\pos72D.tmp
C:\Documents and Settings\Serj\My Documents\pos72E.tmp
C:\Documents and Settings\Serj\My Documents\pos72F.tmp
C:\Documents and Settings\Serj\My Documents\pos730.tmp
C:\Documents and Settings\Serj\My Documents\pos731.tmp
C:\Documents and Settings\Serj\My Documents\pos732.tmp
C:\Documents and Settings\Serj\My Documents\pos733.tmp
C:\Documents and Settings\Serj\My Documents\pos734.tmp
C:\Documents and Settings\Serj\My Documents\pos735.tmp
C:\Documents and Settings\Serj\My Documents\pos736.tmp
C:\Documents and Settings\Serj\My Documents\pos737.tmp
C:\Documents and Settings\Serj\My Documents\pos738.tmp
C:\Documents and Settings\Serj\My Documents\pos739.tmp
C:\Documents and Settings\Serj\My Documents\pos73A.tmp
C:\Documents and Settings\Serj\My Documents\pos73B.tmp
C:\Documents and Settings\Serj\My Documents\pos73C.tmp
C:\Documents and Settings\Serj\My Documents\pos73D.tmp
C:\Documents and Settings\Serj\My Documents\pos73E.tmp
C:\Documents and Settings\Serj\My Documents\pos73F.tmp
C:\Documents and Settings\Serj\My Documents\pos740.tmp
C:\Documents and Settings\Serj\My Documents\pos741.tmp
C:\Documents and Settings\Serj\My Documents\pos742.tmp
C:\Documents and Settings\Serj\My Documents\pos938.tmp
C:\Documents and Settings\Serj\My Documents\pos939.tmp
C:\Documents and Settings\Serj\My Documents\pos93A.tmp
C:\Documents and Settings\Serj\My Documents\pos93B.tmp
C:\Documents and Settings\Serj\My Documents\pos93C.tmp
C:\Documents and Settings\Serj\My Documents\pos93D.tmp
C:\Documents and Settings\Serj\My Documents\pos93E.tmp
C:\Documents and Settings\Serj\My Documents\pos93F.tmp
C:\Documents and Settings\Serj\My Documents\pos940.tmp
C:\Documents and Settings\Serj\My Documents\pos941.tmp
C:\Documents and Settings\Serj\My Documents\pos942.tmp
C:\Documents and Settings\Serj\My Documents\pos943.tmp
C:\Documents and Settings\Serj\My Documents\pos944.tmp
C:\Documents and Settings\Serj\My Documents\pos945.tmp
C:\Documents and Settings\Serj\My Documents\pos946.tmp
C:\Documents and Settings\Serj\My Documents\pos947.tmp
C:\Documents and Settings\Serj\My Documents\pos948.tmp
C:\Documents and Settings\Serj\My Documents\pos949.tmp
C:\Documents and Settings\Serj\My Documents\pos94A.tmp
C:\Documents and Settings\Serj\My Documents\pos94B.tmp
C:\Documents and Settings\Serj\My Documents\pos94C.tmp
C:\Documents and Settings\Serj\My Documents\pos94D.tmp
C:\Documents and Settings\Serj\My Documents\pos94E.tmp
C:\Documents and Settings\Serj\My Documents\pos94F.tmp
C:\Documents and Settings\Serj\My Documents\pos950.tmp
C:\Documents and Settings\Serj\My Documents\pos951.tmp
C:\Documents and Settings\Serj\My Documents\pos952.tmp
C:\Documents and Settings\Serj\My Documents\pos953.tmp
C:\Documents and Settings\Serj\My Documents\pos954.tmp
C:\Documents and Settings\Serj\My Documents\pos955.tmp
C:\Documents and Settings\Serj\My Documents\pos956.tmp
C:\Documents and Settings\Serj\My Documents\pos957.tmp
C:\Documents and Settings\Serj\My Documents\pos958.tmp
C:\Documents and Settings\Serj\My Documents\pos959.tmp
C:\Documents and Settings\Serj\My Documents\pos95A.tmp
C:\Documents and Settings\Serj\My Documents\pos95B.tmp
C:\Documents and Settings\Serj\My Documents\pos95C.tmp
C:\Documents and Settings\Serj\My Documents\pos95D.tmp
C:\Documents and Settings\Serj\My Documents\pos95E.tmp
C:\Documents and Settings\Serj\My Documents\pos95F.tmp
C:\Documents and Settings\Serj\My Documents\pos960.tmp
C:\Documents and Settings\Serj\My Documents\pos961.tmp
C:\Documents and Settings\Serj\My Documents\pos962.tmp
C:\Documents and Settings\Serj\My Documents\pos963.tmp
C:\Documents and Settings\Serj\My Documents\pos964.tmp
C:\Documents and Settings\Serj\My Documents\pos965.tmp
C:\Documents and Settings\Serj\My Documents\pos966.tmp
C:\Documents and Settings\Serj\My Documents\pos967.tmp
C:\Documents and Settings\Serj\My Documents\pos968.tmp
C:\Documents and Settings\Serj\My Documents\pos969.tmp
C:\Documents and Settings\Serj\My Documents\pos96A.tmp
C:\Documents and Settings\Serj\My Documents\pos96B.tmp
C:\Documents and Settings\Serj\My Documents\pos96C.tmp
C:\Documents and Settings\Serj\My Documents\pos96D.tmp
C:\Documents and Settings\Serj\My Documents\pos96E.tmp
C:\Documents and Settings\Serj\My Documents\pos96F.tmp
C:\Documents and Settings\Serj\My Documents\pos970.tmp
C:\Documents and Settings\Serj\My Documents\pos971.tmp
C:\Documents and Settings\Serj\My Documents\pos972.tmp
C:\Documents and Settings\Serj\My Documents\pos973.tmp
C:\Documents and Settings\Serj\My Documents\pos974.tmp
C:\Documents and Settings\Serj\My Documents\pos975.tmp
C:\Documents and Settings\Serj\My Documents\pos976.tmp
C:\Documents and Settings\Serj\My Documents\pos977.tmp
C:\Documents and Settings\Serj\My Documents\pos978.tmp
C:\Documents and Settings\Serj\My Documents\pos979.tmp
C:\Documents and Settings\Serj\My Documents\pos97A.tmp
C:\Documents and Settings\Serj\My Documents\pos97B.tmp
C:\Documents and Settings\Serj\My Documents\pos97C.tmp
C:\Documents and Settings\Serj\My Documents\pos97D.tmp
C:\Documents and Settings\Serj\My Documents\pos97E.tmp
C:\Documents and Settings\Serj\My Documents\pos97F.tmp
C:\Documents and Settings\Serj\My Documents\pos980.tmp
C:\Documents and Settings\Serj\My Documents\pos981.tmp
C:\Documents and Settings\Serj\My Documents\pos982.tmp
C:\Documents and Settings\Serj\My Documents\pos983.tmp
C:\Documents and Settings\Serj\My Documents\pos984.tmp
C:\Documents and Settings\Serj\My Documents\pos985.tmp
C:\Documents and Settings\Serj\My Documents\pos986.tmp
C:\Documents and Settings\Serj\My Documents\pos987.tmp
C:\Documents and Settings\Serj\My Documents\pos988.tmp
C:\Documents and Settings\Serj\My Documents\pos989.tmp
C:\Documents and Settings\Serj\My Documents\pos98A.tmp
C:\Documents and Settings\Serj\My Documents\pos98B.tmp
C:\Documents and Settings\Serj\My Documents\pos98C.tmp
C:\Documents and Settings\Serj\My Documents\pos98D.tmp
C:\Documents and Settings\Serj\My Documents\pos98E.tmp
C:\Documents and Settings\Serj\My Documents\pos98F.tmp
C:\Documents and Settings\Serj\My Documents\pos990.tmp
C:\Documents and Settings\Serj\My Documents\pos991.tmp
C:\Documents and Settings\Serj\My Documents\pos992.tmp
C:\Documents and Settings\Serj\My Documents\pos993.tmp
C:\Documents and Settings\Serj\My Documents\pos994.tmp
C:\Documents and Settings\Serj\My Documents\pos995.tmp
C:\Documents and Settings\Serj\My Documents\pos996.tmp
C:\Documents and Settings\Serj\My Documents\pos997.tmp
C:\Documents and Settings\Serj\My Documents\pos998.tmp
C:\Documents and Settings\Serj\My Documents\pos999.tmp
C:\Documents and Settings\Serj\My Documents\pos99A.tmp
C:\Documents and Settings\Serj\My Documents\pos99B.tmp
C:\Documents and Settings\Serj\My Documents\pos99C.tmp
C:\Documents and Settings\Serj\My Documents\pos99D.tmp
C:\Documents and Settings\Serj\My Documents\pos99E.tmp
C:\Documents and Settings\Serj\My Documents\pos99F.tmp
C:\Documents and Settings\Serj\My Documents\pos9A0.tmp
C:\Documents and Settings\Serj\My Documents\pos9A1.tmp
C:\Documents and Settings\Serj\My Documents\pos9A2.tmp
C:\Documents and Settings\Serj\My Documents\pos9A3.tmp
C:\Documents and Settings\Serj\My Documents\pos9A4.tmp
C:\Documents and Settings\Serj\My Documents\pos9A5.tmp
C:\Documents and Settings\Serj\My Documents\pos9A6.tmp
C:\Documents and Settings\Serj\My Documents\pos9A7.tmp
C:\Documents and Settings\Serj\My Documents\pos9A8.tmp
C:\Documents and Settings\Serj\My Documents\pos9A9.tmp
C:\Documents and Settings\Serj\My Documents\pos9AA.tmp
C:\Documents and Settings\Serj\My Documents\pos9AB.tmp
C:\Documents and Settings\Serj\My Documents\pos9AC.tmp
C:\Documents and Settings\Serj\My Documents\pos9AD.tmp
C:\Documents and Settings\Serj\My Documents\pos9AE.tmp
C:\Documents and Settings\Serj\My Documents\pos9AF.tmp
C:\Documents and Settings\Serj\My Documents\pos9B0.tmp
C:\Documents and Settings\Serj\My Documents\pos9B1.tmp
C:\Documents and Settings\Serj\My Documents\pos9B2.tmp
C:\Documents and Settings\Serj\My Documents\pos9B3.tmp
C:\Documents and Settings\Serj\My Documents\pos9B4.tmp
C:\Documents and Settings\Serj\My Documents\pos9B5.tmp
C:\Documents and Settings\Serj\My Documents\pos9B6.tmp
C:\Documents and Settings\Serj\My Documents\pos9B7.tmp
C:\Documents and Settings\Serj\My Documents\pos9B8.tmp
C:\Documents and Settings\Serj\My Documents\pos9B9.tmp
C:\Documents and Settings\Serj\My Documents\pos9BA.tmp
C:\Documents and Settings\Serj\My Documents\pos9BB.tmp
C:\Documents and Settings\Serj\My Documents\pos9BC.tmp
C:\Documents and Settings\Serj\My Documents\pos9BD.tmp
C:\Documents and Settings\Serj\My Documents\pos9BE.tmp
C:\Documents and Settings\Serj\My Documents\pos9BF.tmp
C:\Documents and Settings\Serj\My Documents\pos9C0.tmp
C:\Documents and Settings\Serj\My Documents\pos9C1.tmp
C:\Documents and Settings\Serj\My Documents\pos9C2.tmp
C:\Documents and Settings\Serj\My Documents\pos9C3.tmp
C:\Documents and Settings\Serj\My Documents\pos9C4.tmp
C:\Documents and Settings\Serj\My Documents\pos9C5.tmp
C:\Documents and Settings\Serj\My Documents\pos9C6.tmp
C:\Documents and Settings\Serj\My Documents\pos9C7.tmp
C:\Documents and Settings\Serj\My Documents\pos9C8.tmp
C:\Documents and Settings\Serj\My Documents\pos9C9.tmp
C:\Documents and Settings\Serj\My Documents\pos9CA.tmp
C:\Documents and Settings\Serj\My Documents\pos9CB.tmp
C:\Documents and Settings\Serj\My Documents\pos9CC.tmp
C:\Documents and Settings\Serj\My Documents\pos9CD.tmp
C:\Documents and Settings\Serj\My Documents\pos9CE.tmp
C:\Documents and Settings\Serj\My Documents\pos9CF.tmp
C:\Documents and Settings\Serj\My Documents\pos9D0.tmp
C:\Documents and Settings\Serj\My Documents\pos9D1.tmp
C:\Documents and Settings\Serj\My Documents\pos9D2.tmp
C:\Documents and Settings\Serj\My Documents\pos9D3.tmp
C:\Documents and Settings\Serj\My Documents\pos9D4.tmp
C:\Documents and Settings\Serj\My Documents\pos9D5.tmp
C:\Documents and Settings\Serj\My Documents\pos9D6.tmp
C:\Documents and Settings\Serj\My Documents\pos9D7.tmp
C:\Documents and Settings\Serj\My Documents\pos9D8.tmp
C:\Documents and Settings\Serj\My Documents\pos9D9.tmp
C:\Documents and Settings\Serj\My Documents\pos9DA.tmp
C:\Documents and Settings\Serj\My Documents\pos9DB.tmp
C:\Documents and Settings\Serj\My Documents\pos9DC.tmp
C:\Documents and Settings\Serj\My Documents\pos9DD.tmp
C:\Documents and Settings\Serj\My Documents\pos9DE.tmp
C:\Documents and Settings\Serj\My Documents\pos9DF.tmp
C:\Documents and Settings\Serj\My Documents\pos9E0.tmp
C:\Documents and Settings\Serj\My Documents\pos9E1.tmp
C:\Documents and Settings\Serj\My Documents\pos9E2.tmp
C:\Documents and Settings\Serj\My Documents\pos9E3.tmp
C:\Documents and Settings\Serj\My Documents\pos9E4.tmp
C:\Documents and Settings\Serj\My Documents\pos9E5.tmp
C:\Documents and Settings\Serj\My Documents\pos9E6.tmp
C:\Documents and Settings\Serj\My Documents\pos9E7.tmp
C:\Documents and Settings\Serj\My Documents\pos9E8.tmp
C:\Documents and Settings\Serj\My Documents\pos9E9.tmp
C:\Documents and Settings\Serj\My Documents\pos9EA.tmp
C:\Documents and Settings\Serj\My Documents\pos9EB.tmp
C:\Documents and Settings\Serj\My Documents\pos9EC.tmp
C:\Documents and Settings\Serj\My Documents\pos9ED.tmp
C:\Documents and Settings\Serj\My Documents\pos9EE.tmp
C:\Documents and Settings\Serj\My Documents\pos9EF.tmp
C:\Documents and Settings\Serj\My Documents\pos9F0.tmp
C:\Documents and Settings\Serj\My Documents\pos9F1.tmp
C:\Documents and Settings\Serj\My Documents\pos9F2.tmp
C:\Documents and Settings\Serj\My Documents\pos9F3.tmp
C:\Documents and Settings\Serj\My Documents\pos9F4.tmp
C:\Documents and Settings\Serj\My Documents\pos9F5.tmp
C:\Documents and Settings\Serj\My Documents\pos9F6.tmp
C:\Documents and Settings\Serj\My Documents\pos9F7.tmp
C:\Documents and Settings\Serj\My Documents\pos9F8.tmp
C:\Documents and Settings\Serj\My Documents\pos9F9.tmp
C:\Documents and Settings\Serj\My Documents\pos9FA.tmp
C:\Documents and Settings\Serj\My Documents\pos9FB.tmp
C:\Documents and Settings\Serj\My Documents\pos9FC.tmp
C:\Documents and Settings\Serj\My Documents\pos9FD.tmp
C:\Documents and Settings\Serj\My Documents\pos9FE.tmp
C:\Documents and Settings\Serj\My Documents\pos9FF.tmp
C:\Documents and Settings\Serj\My Documents\posA00.tmp
C:\Documents and Settings\Serj\My Documents\posA01.tmp
C:\Documents and Settings\Serj\My Documents\posA02.tmp
C:\Documents and Settings\Serj\My Documents\posA03.tmp
C:\Documents and Settings\Serj\My Documents\posA04.tmp
C:\Documents and Settings\Serj\My Documents\posA05.tmp
C:\Documents and Settings\Serj\My Documents\posA06.tmp
C:\Documents and Settings\Serj\My Documents\posA07.tmp
C:\Documents and Settings\Serj\My Documents\posA08.tmp
C:\Documents and Settings\Serj\My Documents\posA09.tmp
C:\Documents and Settings\Serj\My Documents\posA0A.tmp
C:\Documents and Settings\Serj\My Documents\posA0B.tmp
C:\Documents and Settings\Serj\My Documents\posA0C.tmp
C:\Documents and Settings\Serj\My Documents\posA0D.tmp
C:\Documents and Settings\Serj\My Documents\posA0E.tmp
C:\Documents and Settings\Serj\My Documents\posA0F.tmp
C:\Documents and Settings\Serj\My Documents\posA10.tmp
C:\Documents and Settings\Serj\My Documents\posA11.tmp
C:\Documents and Settings\Serj\My Documents\posA12.tmp
C:\Documents and Settings\Serj\My Documents\posA13.tmp
C:\Documents and Settings\Serj\My Documents\posA14.tmp
C:\Documents and Settings\Serj\My Documents\posA15.tmp
C:\Documents and Settings\Serj\My Documents\posA16.tmp
C:\Documents and Settings\Serj\My Documents\posA17.tmp
C:\Documents and Settings\Serj\My Documents\posA18.tmp
C:\Documents and Settings\Serj\My Documents\posA19.tmp
C:\Documents and Settings\Serj\My Documents\posA1A.tmp
C:\Documents and Settings\Serj\My Documents\posA1B.tmp
C:\Documents and Settings\Serj\My Documents\posA1C.tmp
C:\Documents and Settings\Serj\My Documents\posA1D.tmp
C:\Documents and Settings\Serj\My Documents\posA1E.tmp
C:\Documents and Settings\Serj\My Documents\posA1F.tmp
C:\Documents and Settings\Serj\My Documents\posA20.tmp
C:\Documents and Settings\Serj\My Documents\posA21.tmp
C:\Documents and Settings\Serj\My Documents\posA22.tmp
C:\Documents and Settings\Serj\My Documents\posA23.tmp
C:\Documents and Settings\Serj\My Documents\posA24.tmp
C:\Documents and Settings\Serj\My Documents\posA25.tmp
C:\Documents and Settings\Serj\My Documents\posA26.tmp
C:\Documents and Settings\Serj\My Documents\posA27.tmp
C:\Documents and Settings\Serj\My Documents\posA28.tmp
C:\Documents and Settings\Serj\My Documents\posA29.tmp
C:\Documents and Settings\Serj\My Documents\posA2A.tmp
C:\Documents and Settings\Serj\My Documents\posA2B.tmp
C:\Documents and Settings\Serj\My Documents\posA2C.tmp
C:\Documents and Settings\Serj\My Documents\posA2D.tmp
C:\Documents and Settings\Serj\My Documents\posA2E.tmp
C:\Documents and Settings\Serj\My Documents\posA2F.tmp
C:\Documents and Settings\Serj\My Documents\posA30.tmp
C:\Documents and Settings\Serj\My Documents\posA31.tmp
C:\Documents and Settings\Serj\My Documents\posA32.tmp
C:\Documents and Settings\Serj\My Documents\posA33.tmp
C:\Documents and Settings\Serj\My Documents\posA34.tmp
C:\Documents and Settings\Serj\My Documents\posA35.tmp
C:\Documents and Settings\Serj\My Documents\posA36.tmp
C:\Documents and Settings\Serj\My Documents\posA37.tmp
C:\Documents and Settings\Serj\My Documents\posA38.tmp
C:\Documents and Settings\Serj\My Documents\posA39.tmp
C:\Documents and Settings\Serj\My Documents\posA3A.tmp
C:\Documents and Settings\Serj\My Documents\posA3B.tmp
C:\Documents and Settings\Serj\My Documents\posA3C.tmp
C:\Documents and Settings\Serj\My Documents\posA3D.tmp
C:\Documents and Settings\Serj\My Documents\posA3E.tmp
C:\Documents and Settings\Serj\My Documents\posA3F.tmp
C:\Documents and Settings\Serj\My Documents\posA40.tmp
C:\Documents and Settings\Serj\My Documents\posA41.tmp
C:\Documents and Settings\Serj\My Documents\posA42.tmp
C:\Documents and Settings\Serj\My Documents\posA43.tmp
C:\Documents and Settings\Serj\My Documents\posA44.tmp
C:\Documents and Settings\Serj\My Documents\posA45.tmp
C:\Documents and Settings\Serj\My Documents\posA46.tmp
C:\Documents and Settings\Serj\My Documents\posA47.tmp
C:\Documents and Settings\Serj\My Documents\posA48.tmp
C:\Documents and Settings\Serj\My Documents\posA49.tmp
C:\Documents and Settings\Serj\My Documents\posA4A.tmp
C:\Documents and Settings\Serj\My Documents\posA4B.tmp
C:\Documents and Settings\Serj\My Documents\posA4C.tmp
C:\Documents and Settings\Serj\My Documents\posA4D.tmp
C:\Documents and Settings\Serj\My Documents\posA4E.tmp
C:\Documents and Settings\Serj\My Documents\posA4F.tmp
C:\Documents and Settings\Serj\My Documents\posA50.tmp
C:\Documents and Settings\Serj\My Documents\posA51.tmp
C:\Documents and Settings\Serj\My Documents\posA52.tmp
C:\Documents and Settings\Serj\My Documents\posA53.tmp
C:\Documents and Settings\Serj\My Documents\posA54.tmp
C:\Documents and Settings\Serj\My Documents\posA55.tmp
C:\Documents and Settings\Serj\My Documents\posA56.tmp
C:\Documents and Settings\Serj\My Documents\posA57.tmp
C:\Documents and Settings\Serj\My Documents\posA58.tmp
C:\Documents and Settings\Serj\My Documents\posA59.tmp
C:\Documents and Settings\Serj\My Documents\posA5A.tmp
C:\Documents and Settings\Serj\My Documents\posA5B.tmp
C:\Documents and Settings\Serj\My Documents\posA5C.tmp
C:\Documents and Settings\Serj\My Documents\posA5D.tmp
C:\Documents and Settings\Serj\My Documents\posA5E.tmp
C:\Documents and Settings\Serj\My Documents\posA5F.tmp
C:\Documents and Settings\Serj\My Documents\posA60.tmp
C:\Documents and Settings\Serj\My Documents\posA61.tmp
C:\Documents and Settings\Serj\My Documents\posA62.tmp
C:\Documents and Settings\Serj\My Documents\posA63.tmp
C:\Documents and Settings\Serj\My Documents\posA64.tmp
C:\Documents and Settings\Serj\My Documents\posA65.tmp
C:\Documents and Settings\Serj\My Documents\posA66.tmp
C:\Documents and Settings\Serj\My Documents\posA67.tmp
C:\Documents and Settings\Serj\My Documents\posA68.tmp
C:\Documents and Settings\Serj\My Documents\posA69.tmp
C:\Documents and Settings\Serj\My Documents\posA6A.tmp
C:\Documents and Settings\Serj\My Documents\posA6B.tmp
C:\Documents and Settings\Serj\My Documents\posA6C.tmp
C:\Documents and Settings\Serj\My Documents\posA6D.tmp
C:\Documents and Settings\Serj\My Documents\posA6E.tmp
C:\Documents and Settings\Serj\My Documents\posA6F.tmp
C:\Documents and Settings\Serj\My Documents\posA70.tmp
C:\Documents and Settings\Serj\My Documents\posA71.tmp
C:\Documents and Settings\Serj\My Documents\posA72.tmp
C:\Documents and Settings\Serj\My Documents\posA73.tmp
C:\Documents and Settings\Serj\My Documents\posA74.tmp
C:\Documents and Settings\Serj\My Documents\posA75.tmp
C:\Documents and Settings\Serj\My Documents\posA76.tmp
C:\Documents and Settings\Serj\My Documents\posA77.tmp
C:\Documents and Settings\Serj\My Documents\posA78.tmp
C:\Documents and Settings\Serj\My Documents\posA79.tmp
C:\Documents and Settings\Serj\My Documents\posA7A.tmp
C:\Documents and Settings\Serj\My Documents\posA7B.tmp
C:\Documents and Settings\Serj\My Documents\posA7C.tmp
C:\Documents and Settings\Serj\My Documents\posA7D.tmp
C:\Documents and Settings\Serj\My Documents\posA7E.tmp
C:\Documents and Settings\Serj\My Documents\posA7F.tmp
C:\Documents and Settings\Serj\My Documents\posA80.tmp
C:\Documents and Settings\Serj\My Documents\posA81.tmp
C:\Documents and Settings\Serj\My Documents\posA82.tmp
C:\Documents and Settings\Serj\My Documents\posA83.tmp
C:\Documents and Settings\Serj\My Documents\posA84.tmp
C:\Documents and Settings\Serj\My Documents\posA85.tmp
C:\Documents and Settings\Serj\My Documents\posA86.tmp
C:\Documents and Settings\Serj\My Documents\posA87.tmp
C:\Documents and Settings\Serj\My Documents\posA88.tmp
C:\Documents and Settings\Serj\My Documents\posA89.tmp
C:\Documents and Settings\Serj\My Documents\posA8A.tmp
C:\Documents and Settings\Serj\My Documents\posA8B.tmp
C:\Documents and Settings\Serj\My Documents\posA8C.tmp
C:\Documents and Settings\Serj\My Documents\posA8D.tmp
C:\Documents and Settings\Serj\My Documents\posA8E.tmp
C:\Documents and Settings\Serj\My Documents\posA8F.tmp
C:\Documents and Settings\Serj\My Documents\posA90.tmp
C:\Documents and Settings\Serj\My Documents\posA91.tmp
C:\Documents and Settings\Serj\My Documents\posA92.tmp
C:\Documents and Settings\Serj\My Documents\posA93.tmp
C:\Documents and Settings\Serj\My Documents\posA94.tmp
C:\Documents and Settings\Serj\My Documents\posA95.tmp
C:\Documents and Settings\Serj\My Documents\posA96.tmp
C:\Documents and Settings\Serj\My Documents\posA97.tmp
C:\Documents and Settings\Serj\My Documents\posA98.tmp
C:\Documents and Settings\Serj\My Documents\posA99.tmp
C:\Documents and Settings\Serj\My Documents\posA9A.tmp
C:\Documents and Settings\Serj\My Documents\posA9B.tmp
C:\Documents and Settings\Serj\My Documents\posA9C.tmp
C:\Documents and Settings\Serj\My Documents\posA9D.tmp
C:\Documents and Settings\Serj\My Documents\posA9E.tmp
C:\Documents and Settings\Serj\My Documents\posA9F.tmp
C:\Documents and Settings\Serj\My Documents\posAA0.tmp
C:\Documents and Settings\Serj\My Documents\posAA1.tmp
C:\Documents and Settings\Serj\My Documents\posAA2.tmp
C:\Documents and Settings\Serj\My Documents\posAA3.tmp
C:\Documents and Settings\Serj\My Documents\posAA4.tmp
C:\Documents and Settings\Serj\My Documents\posAA5.tmp
C:\Documents and Settings\Serj\My Documents\posAA6.tmp
C:\Documents and Settings\Serj\My Documents\posAA7.tmp
C:\Documents and Settings\Serj\My Documents\posAA8.tmp
C:\Documents and Settings\Serj\My Documents\posAA9.tmp
C:\Documents and Settings\Serj\My Documents\posAAA.tmp
C:\Documents and Settings\Serj\My Documents\posAAB.tmp
C:\Documents and Settings\Serj\My Documents\posAAC.tmp
C:\Documents and Settings\Serj\My Documents\posAAD.tmp
C:\Documents and Settings\Serj\My Documents\posAAE.tmp
C:\Documents and Settings\Serj\My Documents\posAAF.tmp
C:\Documents and Settings\Serj\My Documents\posAB0.tmp
C:\Documents and Settings\Serj\My Documents\posAB1.tmp
C:\Documents and Settings\Serj\My Documents\posAB2.tmp
C:\Documents and Settings\Serj\My Documents\posAB3.tmp
C:\Documents and Settings\Serj\My Documents\posAB4.tmp
C:\Documents and Settings\Serj\My Documents\posAB5.tmp
C:\Documents and Settings\Serj\My Documents\posAB6.tmp
C:\Documents and Settings\Serj\My Documents\posAB7.tmp
C:\Documents and Settings\Serj\My Documents\posAB8.tmp
C:\Documents and Settings\Serj\My Documents\posAB9.tmp
C:\Documents and Settings\Serj\My Documents\posABA.tmp
C:\Documents and Settings\Serj\My Documents\posABB.tmp
C:\Documents and Settings\Serj\My Documents\posABC.tmp
C:\Documents and Settings\Serj\My Documents\posABD.tmp
C:\Documents and Settings\Serj\My Documents\posABE.tmp
C:\Documents and Settings\Serj\My Documents\posABF.tmp
C:\Documents and Settings\Serj\My Documents\posAC0.tmp
C:\Documents and Settings\Serj\My Documents\posAC1.tmp
C:\Documents and Settings\Serj\My Documents\posAC2.tmp
C:\Documents and Settings\Serj\My Documents\posAC3.tmp
C:\Documents and Settings\Serj\My Documents\posAC4.tmp
C:\Documents and Settings\Serj\My Documents\posAC5.tmp
C:\Documents and Settings\Serj\My Documents\posAC6.tmp
C:\Documents and Settings\Serj\My Documents\posAC7.tmp
C:\Documents and Settings\Serj\My Documents\posAC8.tmp
C:\Documents and Settings\Serj\My Documents\posAC9.tmp
C:\Documents and Settings\Serj\My Documents\posACA.tmp
C:\Documents and Settings\Serj\My Documents\posACB.tmp
C:\Documents and Settings\Serj\My Documents\posACC.tmp
C:\Documents and Settings\Serj\My Documents\posACD.tmp
C:\Documents and Settings\Serj\My Documents\posACE.tmp
C:\Documents and Settings\Serj\My Documents\posACF.tmp
C:\Documents and Settings\Serj\My Documents\posAD0.tmp
C:\Documents and Settings\Serj\My Documents\posAD1.tmp
C:\Documents and Settings\Serj\My Documents\posAD2.tmp
C:\Documents and Settings\Serj\My Documents\posAD3.tmp
C:\Documents and Settings\Serj\My Documents\posAD4.tmp
C:\Documents and Settings\Serj\My Documents\posAD5.tmp
C:\Documents and Settings\Serj\My Documents\posAD6.tmp
C:\Documents and Settings\Serj\My Documents\posAD7.tmp
C:\Documents and Settings\Serj\My Documents\posAD8.tmp
C:\Documents and Settings\Serj\My Documents\posAD9.tmp
C:\Documents and Settings\Serj\My Documents\posADA.tmp
C:\Documents and Settings\Serj\My Documents\posADB.tmp
C:\Documents and Settings\Serj\My Documents\posADC.tmp
C:\Documents and Settings\Serj\My Documents\posADD.tmp
C:\Documents and Settings\Serj\My Documents\posADE.tmp
C:\Documents and Settings\Serj\My Documents\posADF.tmp
C:\Documents and Settings\Serj\My Documents\posAE0.tmp
C:\Documents and Settings\Serj\My Documents\posAE1.tmp
C:\Documents and Settings\Serj\My Documents\posAE2.tmp
C:\Documents and Settings\Serj\My Documents\posAE3.tmp
C:\Documents and Settings\Serj\My Documents\posAE4.tmp
C:\Documents and Settings\Serj\My Documents\posAE5.tmp
C:\Documents and Settings\Serj\My Documents\posAE6.tmp
C:\Documents and Settings\Serj\My Documents\posAE7.tmp
C:\Documents and Settings\Serj\My Documents\posAE8.tmp
C:\Documents and Settings\Serj\My Documents\posAE9.tmp
C:\Documents and Settings\Serj\My Documents\posAEA.tmp
C:\Documents and Settings\Serj\My Documents\posAEB.tmp
C:\Documents and Settings\Serj\My Documents\posAEC.tmp
C:\Documents and Settings\Serj\My Documents\posAED.tmp
C:\Documents and Settings\Serj\My Documents\posAEE.tmp
C:\Documents and Settings\Serj\My Documents\posAEF.tmp
C:\Documents and Settings\Serj\My Documents\posAF0.tmp
C:\Documents and Settings\Serj\My Documents\posAF1.tmp
C:\Documents and Settings\Serj\My Documents\posAF2.tmp
C:\Documents and Settings\Serj\My Documents\posAF3.tmp
C:\Documents and Settings\Serj\My Documents\posAF4.tmp
C:\Documents and Settings\Serj\My Documents\posAF5.tmp
C:\Documents and Settings\Serj\My Documents\posAF6.tmp
C:\Documents and Settings\Serj\My Documents\posAF7.tmp
C:\Documents and Settings\Serj\My Documents\posAF8.tmp
C:\Documents and Settings\Serj\My Documents\posAF9.tmp
C:\Documents and Settings\Serj\My Documents\posAFA.tmp
C:\Documents and Settings\Serj\My Documents\posAFB.tmp
C:\Documents and Settings\Serj\My Documents\posAFC.tmp
C:\Documents and Settings\Serj\My Documents\posAFD.tmp
C:\Documents and Settings\Serj\My Documents\posAFE.tmp
C:\Documents and Settings\Serj\My Documents\posAFF.tmp
C:\Documents and Settings\Serj\My Documents\posB00.tmp
C:\Documents and Settings\Serj\My Documents\posB01.tmp
C:\Documents and Settings\Serj\My Documents\posB02.tmp
C:\Documents and Settings\Serj\My Documents\posB03.tmp
C:\Documents and Settings\Serj\My Documents\posB04.tmp
C:\Documents and Settings\Serj\My Documents\posB05.tmp
C:\Documents and Settings\Serj\My Documents\posB06.tmp
C:\Documents and Settings\Serj\My Documents\posB07.tmp
C:\Documents and Settings\Serj\My Documents\posB08.tmp
C:\Documents and Settings\Serj\My Documents\posB09.tmp
C:\Documents and Settings\Serj\My Documents\posB0A.tmp
C:\Documents and Settings\Serj\My Documents\posB0B.tmp
C:\Documents and Settings\Serj\My Documents\posB0C.tmp
C:\Documents and Settings\Serj\My Documents\posB0D.tmp
C:\Documents and Settings\Serj\My Documents\posB0E.tmp
C:\Documents and Settings\Serj\My Documents\posB0F.tmp
C:\Documents and Settings\Serj\My Documents\posB10.tmp
C:\Documents and Settings\Serj\My Documents\posB11.tmp
C:\Documents and Settings\Serj\My Documents\posB12.tmp
C:\Documents and Settings\Serj\My Documents\posB13.tmp
C:\Documents and Settings\Serj\My Documents\posB14.tmp
C:\Documents and Settings\Serj\My Documents\posB15.tmp
C:\Documents and Settings\Serj\My Documents\posB16.tmp
C:\Documents and Settings\Serj\My Documents\posB17.tmp
C:\Documents and Settings\Serj\My Documents\posB18.tmp
C:\Documents and Settings\Serj\My Documents\posB19.tmp
C:\Documents and Settings\Serj\My Documents\posB1A.tmp
C:\Documents and Settings\Serj\My Documents\posB1B.tmp
C:\Documents and Settings\Serj\My Documents\posB1C.tmp
C:\Documents and Settings\Serj\My Documents\posB1D.tmp
C:\Documents and Settings\Serj\My Documents\posB1E.tmp
C:\Documents and Settings\Serj\My Documents\posB1F.tmp
C:\Documents and Settings\Serj\My Documents\posB20.tmp
C:\Documents and Settings\Serj\My Documents\posB21.tmp
C:\Documents and Settings\Serj\My Documents\posB22.tmp
C:\Documents and Settings\Serj\My Documents\posB23.tmp
C:\Documents and Settings\Serj\My Documents\posB24.tmp
C:\Documents and Settings\Serj\My Documents\posB25.tmp
C:\Documents and Settings\Serj\My Documents\posB26.tmp
C:\Documents and Settings\Serj\My Documents\posB27.tmp
C:\Documents and Settings\Serj\My Documents\posB28.tmp
C:\Documents and Settings\Serj\My Documents\posB29.tmp
C:\Documents and Settings\Serj\My Documents\posB2A.tmp
C:\Documents and Settings\Serj\My Documents\posB2B.tmp
C:\pos1.tmp
C:\pos10.tmp
C:\pos100.tmp
C:\pos101.tmp
C:\pos102.tmp
C:\pos103.tmp
C:\pos104.tmp
C:\pos105.tmp
C:\pos106.tmp
C:\pos107.tmp
C:\pos108.tmp
C:\pos109.tmp
C:\pos10A.tmp
C:\pos10B.tmp
C:\pos10C.tmp
C:\pos10D.tmp
C:\pos10E.tmp
C:\pos10F.tmp
C:\pos11.tmp
C:\pos110.tmp
C:\pos111.tmp
C:\pos112.tmp
C:\pos113.tmp
C:\pos114.tmp
C:\pos115.tmp
C:\pos116.tmp
C:\pos117.tmp
C:\pos118.tmp
C:\pos119.tmp
C:\pos11A.tmp
C:\pos11B.tmp
C:\pos11C.tmp
C:\pos11D.tmp
C:\pos11E.tmp
C:\pos11F.tmp
C:\pos12.tmp
C:\pos120.tmp
C:\pos121.tmp
C:\pos122.tmp
C:\pos123.tmp
C:\pos124.tmp
C:\pos125.tmp
C:\pos126.tmp
C:\pos127.tmp
C:\pos128.tmp
C:\pos129.tmp
C:\pos12A.tmp
C:\pos12B.tmp
C:\pos12C.tmp
C:\pos12D.tmp
C:\pos12E.tmp
C:\pos12F.tmp
C:\pos13.tmp
C:\pos130.tmp
C:\pos131.tmp
C:\pos132.tmp
C:\pos133.tmp
C:\pos134.tmp
C:\pos135.tmp
C:\pos136.tmp
C:\pos137.tmp
C:\pos138.tmp
C:\pos139.tmp
C:\pos13A.tmp
C:\pos13B.tmp
C:\pos13C.tmp
C:\pos13D.tmp
C:\pos13E.tmp
C:\pos13F.tmp
C:\pos14.tmp
C:\pos140.tmp
C:\pos141.tmp
C:\pos142.tmp
C:\pos143.tmp
C:\pos144.tmp
C:\pos145.tmp
C:\pos146.tmp
C:\pos147.tmp
C:\pos148.tmp
C:\pos149.tmp
C:\pos14A.tmp
C:\pos14B.tmp
C:\pos14C.tmp
C:\pos14D.tmp
C:\pos14E.tmp
C:\pos14F.tmp
C:\pos15.tmp
C:\pos150.tmp
C:\pos151.tmp
C:\pos152.tmp
C:\pos153.tmp
C:\pos154.tmp
C:\pos155.tmp
C:\pos156.tmp
C:\pos157.tmp
C:\pos158.tmp
C:\pos159.tmp
C:\pos15A.tmp
C:\pos15B.tmp
C:\pos15C.tmp
C:\pos15D.tmp
C:\pos15E.tmp
C:\pos15F.tmp
C:\pos16.tmp
C:\pos160.tmp
C:\pos161.tmp
C:\pos162.tmp
C:\pos163.tmp
C:\pos164.tmp
C:\pos165.tmp
C:\pos166.tmp
C:\pos167.tmp
C:\pos168.tmp
C:\pos169.tmp
C:\pos16A.tmp
C:\pos16B.tmp
C:\pos16C.tmp
C:\pos16D.tmp
C:\pos16E.tmp
C:\pos16F.tmp
C:\pos17.tmp
C:\pos170.tmp
C:\pos171.tmp
C:\pos172.tmp
C:\pos173.tmp
C:\pos174.tmp
C:\pos175.tmp
C:\pos176.tmp
C:\pos177.tmp
C:\pos178.tmp
C:\pos179.tmp
C:\pos17A.tmp
C:\pos17B.tmp
C:\pos17C.tmp
C:\pos17D.tmp
C:\pos17E.tmp
C:\pos17F.tmp
C:\pos18.tmp
C:\pos180.tmp
C:\pos181.tmp
C:\pos182.tmp
C:\pos183.tmp
C:\pos184.tmp
C:\pos185.tmp
C:\pos186.tmp
C:\pos187.tmp
C:\pos188.tmp
C:\pos189.tmp
C:\pos18A.tmp
C:\pos18B.tmp
C:\pos18C.tmp
C:\pos18D.tmp
C:\pos18E.tmp
C:\pos18F.tmp
C:\pos19.tmp
C:\pos190.tmp
C:\pos191.tmp
C:\pos192.tmp
C:\pos193.tmp
C:\pos194.tmp
C:\pos195.tmp
C:\pos196.tmp
C:\pos197.tmp
C:\pos198.tmp
C:\pos199.tmp
C:\pos19A.tmp
C:\pos19B.tmp
C:\pos19C.tmp
C:\pos19D.tmp
C:\pos19E.tmp
C:\pos19F.tmp
C:\pos1A.tmp
C:\pos1A0.tmp
C:\pos1A1.tmp
C:\pos1A2.tmp
C:\pos1A3.tmp
C:\pos1A4.tmp
C:\pos1A5.tmp
C:\pos1A6.tmp
C:\pos1A7.tmp
C:\pos1A8.tmp
C:\pos1A9.tmp
C:\pos1AA.tmp
C:\pos1AB.tmp
C:\pos1AC.tmp
C:\pos1AD.tmp
C:\pos1AE.tmp
C:\pos1AF.tmp
C:\pos1B.tmp
C:\pos1B0.tmp
C:\pos1B1.tmp
C:\pos1B2.tmp
C:\pos1B3.tmp
C:\pos1B4.tmp
C:\pos1B5.tmp
C:\pos1B6.tmp
C:\pos1B7.tmp
C:\pos1B8.tmp
C:\pos1B9.tmp
C:\pos1BA.tmp
C:\pos1BB.tmp
C:\pos1BC.tmp
C:\pos1BD.tmp
C:\pos1BE.tmp
C:\pos1BF.tmp
C:\pos1C.tmp
C:\pos1C0.tmp
C:\pos1C1.tmp
C:\pos1C2.tmp
C:\pos1C3.tmp
C:\pos1C4.tmp
C:\pos1C5.tmp
C:\pos1C6.tmp
C:\pos1C7.tmp
C:\pos1C8.tmp
C:\pos1C9.tmp
C:\pos1CA.tmp
C:\pos1CB.tmp
C:\pos1CC.tmp
C:\pos1CD.tmp
C:\pos1CE.tmp
C:\pos1CF.tmp
C:\pos1D.tmp
C:\pos1D0.tmp
C:\pos1D1.tmp
C:\pos1D2.tmp
C:\pos1D3.tmp
C:\pos1D4.tmp
C:\pos1D5.tmp
C:\pos1D6.tmp
C:\pos1D7.tmp
C:\pos1D8.tmp
C:\pos1D9.tmp
C:\pos1DA.tmp
C:\pos1DB.tmp
C:\pos1DC.tmp
C:\pos1DD.tmp
C:\pos1DE.tmp
C:\pos1DF.tmp
C:\pos1E.tmp
C:\pos1E0.tmp
C:\pos1E1.tmp
C:\pos1E2.tmp
C:\pos1E3.tmp
C:\pos1E4.tmp
C:\pos1E5.tmp
C:\pos1E6.tmp
C:\pos1E7.tmp
C:\pos1E8.tmp
C:\pos1E9.tmp
C:\pos1EA.tmp
C:\pos1EB.tmp
C:\pos1EC.tmp
C:\pos1ED.tmp
C:\pos1EE.tmp
C:\pos1EF.tmp
C:\pos1F.tmp
C:\pos1F0.tmp
C:\pos1F1.tmp
C:\pos1F2.tmp
C:\pos1F3.tmp
C:\pos1F4.tmp
C:\pos1F5.tmp
C:\pos1F6.tmp
C:\pos1F7.tmp
C:\pos1F8.tmp
C:\pos1F9.tmp
C:\pos1FA.tmp
C:\pos1FB.tmp
C:\pos1FC.tmp
C:\pos1FD.tmp
C:\pos1FE.tmp
C:\pos1FF.tmp
C:\pos20.tmp
C:\pos200.tmp
C:\pos201.tmp
C:\pos202.tmp
C:\pos203.tmp
C:\pos204.tmp
C:\pos205.tmp
C:\pos206.tmp
C:\pos207.tmp
C:\pos208.tmp
C:\pos209.tmp
C:\pos20A.tmp
C:\pos20B.tmp
C:\pos20C.tmp
C:\pos20D.tmp
C:\pos20E.tmp
C:\pos20F.tmp
C:\pos21.tmp
C:\pos210.tmp
C:\pos211.tmp
C:\pos212.tmp
C:\pos213.tmp
C:\pos214.tmp
C:\pos215.tmp
C:\pos216.tmp
C:\pos217.tmp
C:\pos218.tmp
C:\pos219.tmp
C:\pos21A.tmp
C:\pos21B.tmp
C:\pos21C.tmp
C:\pos21D.tmp
C:\pos21E.tmp
C:\pos21F.tmp
C:\pos22.tmp
C:\pos220.tmp
C:\pos221.tmp
C:\pos222.tmp
C:\pos223.tmp
C:\pos224.tmp
C:\pos225.tmp
C:\pos226.tmp
C:\pos227.tmp
C:\pos228.tmp
C:\pos229.tmp
C:\pos22A.tmp
C:\pos22B.tmp
C:\pos22C.tmp
C:\pos22D.tmp
C:\pos22E.tmp
C:\pos22F.tmp
C:\pos23.tmp
C:\pos230.tmp
C:\pos231.tmp
C:\pos232.tmp
C:\pos233.tmp
C:\pos234.tmp
C:\pos235.tmp
C:\pos236.tmp
C:\pos237.tmp
C:\pos238.tmp
C:\pos239.tmp
C:\pos23A.tmp
C:\pos23B.tmp
C:\pos23C.tmp
C:\pos23D.tmp
C:\pos23E.tmp
C:\pos23F.tmp
C:\pos24.tmp
C:\pos240.tmp
C:\pos241.tmp
C:\pos242.tmp
C:\pos243.tmp
C:\pos244.tmp
C:\pos245.tmp
C:\pos246.tmp
C:\pos247.tmp
C:\pos248.tmp
C:\pos249.tmp
C:\pos24A.tmp
C:\pos24B.tmp
C:\pos24C.tmp
C:\pos24D.tmp
C:\pos24E.tmp
C:\pos24F.tmp
C:\pos25.tmp
C:\pos250.tmp
C:\pos251.tmp
C:\pos252.tmp
C:\pos253.tmp
C:\pos254.tmp
C:\pos255.tmp
C:\pos256.tmp
C:\pos257.tmp
C:\pos258.tmp
C:\pos259.tmp
C:\pos25A.tmp
C:\pos25B.tmp
C:\pos25C.tmp
C:\pos25D.tmp
C:\pos25E.tmp
C:\pos25F.tmp
C:\pos26.tmp
C:\pos260.tmp
C:\pos261.tmp
C:\pos262.tmp
C:\pos263.tmp
C:\pos264.tmp
C:\pos265.tmp
C:\pos266.tmp
C:\pos267.tmp
C:\pos268.tmp
C:\pos269.tmp
C:\pos26A.tmp
C:\pos26B.tmp
C:\pos26C.tmp
C:\pos26D.tmp
C:\pos26E.tmp
C:\pos26F.tmp
C:\pos27.tmp
C:\pos270.tmp
C:\pos271.tmp
C:\pos272.tmp
C:\pos273.tmp
C:\pos274.tmp
C:\pos275.tmp
C:\pos276.tmp
C:\pos277.tmp
C:\pos278.tmp
C:\pos279.tmp
C:\pos27A.tmp
C:\pos27B.tmp
C:\pos27C.tmp
C:\pos27D.tmp
C:\pos27E.tmp
C:\pos27F.tmp
C:\pos28.tmp
C:\pos280.tmp
C:\pos281.tmp
C:\pos282.tmp
C:\pos283.tmp
C:\pos284.tmp
C:\pos285.tmp
C:\pos286.tmp
C:\pos287.tmp
C:\pos288.tmp
C:\pos289.tmp
C:\pos28A.tmp
C:\pos28B.tmp
C:\pos28C.tmp
C:\pos28D.tmp
C:\pos28E.tmp
C:\pos28F.tmp
C:\pos29.tmp
C:\pos290.tmp
C:\pos291.tmp
C:\pos292.tmp
C:\pos293.tmp
C:\pos294.tmp
C:\pos295.tmp
C:\pos296.tmp
C:\pos297.tmp
C:\pos298.tmp
C:\pos299.tmp
C:\pos29A.tmp
C:\pos29B.tmp
C:\pos29C.tmp
C:\pos29D.tmp
C:\pos29E.tmp
C:\pos29F.tmp
C:\pos2A.tmp
C:\pos2A0.tmp
C:\pos2A1.tmp
C:\pos2A2.tmp
C:\pos2A3.tmp
C:\pos2A4.tmp
C:\pos2A5.tmp
C:\pos2A6.tmp
C:\pos2A7.tmp
C:\pos2A8.tmp
C:\pos2A9.tmp
C:\pos2AA.tmp
C:\pos2AB.tmp
C:\pos2AC.tmp
C:\pos2AD.tmp
C:\pos2AE.tmp
C:\pos2AF.tmp
C:\pos2B.tmp
C:\pos2B0.tmp
C:\pos2B1.tmp
C:\pos2B2.tmp
C:\pos2B3.tmp
C:\pos2B4.tmp
C:\pos2B5.tmp
C:\pos2B6.tmp
C:\pos2B7.tmp
C:\pos2B8.tmp
C:\pos2B9.tmp
C:\pos2BA.tmp
C:\pos2BB.tmp
C:\pos2BC.tmp
C:\pos2BD.tmp
C:\pos2BE.tmp
C:\pos2BF.tmp
C:\pos2C.tmp
C:\pos2C0.tmp
C:\pos2C1.tmp
C:\pos2C2.tmp
C:\pos2C3.tmp
C:\pos2C4.tmp
C:\pos2C5.tmp
C:\pos2C6.tmp
C:\pos2C7.tmp
C:\pos2C8.tmp
C:\pos2C9.tmp
C:\pos2CA.tmp
C:\pos2CB.tmp
C:\pos2CC.tmp
C:\pos2CD.tmp
C:\pos2CE.tmp
C:\pos2CF.tmp
C:\pos2D.tmp
C:\pos2D0.tmp
C:\pos2D1.tmp
C:\pos2D2.tmp
C:\pos2D3.tmp
C:\pos2D4.tmp
C:\pos2D5.tmp
C:\pos2D6.tmp
C:\pos2D7.tmp
C:\pos2D8.tmp
C:\pos2D9.tmp
C:\pos2DA.tmp
C:\pos2DB.tmp
C:\pos2DC.tmp
C:\pos2DD.tmp
C:\pos2DE.tmp
C:\pos2DF.tmp
C:\pos2E.tmp
C:\pos2E0.tmp
C:\pos2E1.tmp
C:\pos2E2.tmp
C:\pos2E3.tmp
C:\pos2E4.tmp
C:\pos2E5.tmp
C:\pos2E6.tmp
C:\pos2E7.tmp
C:\pos2E8.tmp
C:\pos2E9.tmp
C:\pos2EA.tmp
C:\pos2EB.tmp
C:\pos2EC.tmp
C:\pos2ED.tmp
C:\pos2EE.tmp
C:\pos2EF.tmp
C:\pos2F.tmp
C:\pos2F0.tmp
C:\pos2F1.tmp
C:\pos2F2.tmp
C:\pos2F3.tmp
C:\pos2F4.tmp
C:\pos2F5.tmp
C:\pos2F6.tmp
C:\pos2F7.tmp
C:\pos2F8.tmp
C:\pos2F9.tmp
C:\pos2FA.tmp
C:\pos2FB.tmp
C:\pos2FC.tmp
C:\pos2FD.tmp
C:\pos2FE.tmp
C:\pos2FF.tmp
C:\pos3.tmp
C:\pos30.tmp
C:\pos300.tmp
C:\pos301.tmp
C:\pos302.tmp
C:\pos303.tmp
C:\pos304.tmp
C:\pos305.tmp
C:\pos306.tmp
C:\pos307.tmp
C:\pos308.tmp
C:\pos309.tmp
C:\pos30A.tmp
C:\pos30B.tmp
C:\pos30C.tmp
C:\pos30D.tmp
C:\pos30E.tmp
C:\pos30F.tmp
C:\pos31.tmp
C:\pos310.tmp
C:\pos311.tmp
C:\pos312.tmp
C:\pos313.tmp
C:\pos314.tmp
C:\pos315.tmp
C:\pos316.tmp
C:\pos317.tmp
C:\pos318.tmp
C:\pos319.tmp
C:\pos31A.tmp
C:\pos31B.tmp
C:\pos31C.tmp
C:\pos31D.tmp
C:\pos31E.tmp
C:\pos31F.tmp
C:\pos32.tmp
C:\pos320.tmp
C:\pos321.tmp
C:\pos322.tmp
C:\pos323.tmp
C:\pos324.tmp
C:\pos325.tmp
C:\pos326.tmp
C:\pos327.tmp
C:\pos328.tmp
C:\pos329.tmp
C:\pos32A.tmp
C:\pos32B.tmp
C:\pos32C.tmp
C:\pos32D.tmp
C:\pos32E.tmp
C:\pos32F.tmp
C:\pos33.tmp
C:\pos330.tmp
C:\pos331.tmp
C:\pos332.tmp
C:\pos333.tmp
C:\pos334.tmp
C:\pos335.tmp
C:\pos336.tmp
C:\pos337.tmp
C:\pos338.tmp
C:\pos339.tmp
C:\pos33A.tmp
C:\pos33B.tmp
C:\pos33C.tmp
C:\pos33D.tmp
C:\pos33E.tmp
C:\pos33F.tmp
C:\pos34.tmp
C:\pos340.tmp
C:\pos341.tmp
C:\pos342.tmp
C:\pos343.tmp
C:\pos344.tmp
C:\pos345.tmp
C:\pos346.tmp
C:\pos347.tmp
C:\pos348.tmp
C:\pos349.tmp
C:\pos34A.tmp
C:\pos34B.tmp
C:\pos34C.tmp
C:\pos34D.tmp
C:\pos34E.tmp
C:\pos34F.tmp
C:\pos35.tmp
C:\pos350.tmp
C:\pos351.tmp
C:\pos352.tmp
C:\pos353.tmp
C:\pos354.tmp
C:\pos355.tmp
C:\pos356.tmp
C:\pos357.tmp
C:\pos358.tmp
C:\pos359.tmp
C:\pos35A.tmp
C:\pos35C.tmp
C:\pos35D.tmp
C:\pos35E.tmp
C:\pos36.tmp
C:\pos361.tmp
C:\pos363.tmp
C:\pos364.tmp
C:\pos365.tmp
C:\pos366.tmp
C:\pos367.tmp
C:\pos368.tmp
C:\pos369.tmp
C:\pos36A.tmp
C:\pos36B.tmp
C:\pos36C.tmp
C:\pos36D.tmp
C:\pos36F.tmp
C:\pos37.tmp
C:\pos370.tmp
C:\pos371.tmp
C:\pos372.tmp
C:\pos373.tmp
C:\pos374.tmp
C:\pos375.tmp
C:\pos376.tmp
C:\pos377.tmp
C:\pos378.tmp
C:\pos379.tmp
C:\pos37A.tmp
C:\pos37B.tmp
C:\pos37C.tmp
C:\pos37D.tmp
C:\pos37E.tmp
C:\pos37F.tmp
C:\pos38.tmp
C:\pos380.tmp
C:\pos381.tmp
C:\pos383.tmp
C:\pos384.tmp
C:\pos385.tmp
C:\pos386.tmp
C:\pos387.tmp
C:\pos388.tmp
C:\pos389.tmp
C:\pos38A.tmp
C:\pos38B.tmp
C:\pos38C.tmp
C:\pos38D.tmp
C:\pos38E.tmp
C:\pos38F.tmp
C:\pos39.tmp
C:\pos390.tmp
C:\pos391.tmp
C:\pos392.tmp
C:\pos393.tmp
C:\pos394.tmp
C:\pos395.tmp
C:\pos396.tmp
C:\pos397.tmp
C:\pos398.tmp
C:\pos399.tmp
C:\pos39A.tmp
C:\pos39B.tmp
C:\pos39C.tmp
C:\pos39D.tmp
C:\pos39E.tmp
C:\pos39F.tmp
C:\pos3A.tmp
C:\pos3A0.tmp
C:\pos3A1.tmp
C:\pos3A2.tmp
C:\pos3A3.tmp
C:\pos3A4.tmp
C:\pos3A5.tmp
C:\pos3A6.tmp
C:\pos3A7.tmp
C:\pos3A8.tmp
C:\pos3A9.tmp
C:\pos3AA.tmp
C:\pos3AB.tmp
C:\pos3AC.tmp
C:\pos3AD.tmp
C:\pos3AE.tmp
C:\pos3AF.tmp
C:\pos3B.tmp
C:\pos3B0.tmp
C:\pos3B1.tmp
C:\pos3B2.tmp
C:\pos3B3.tmp
C:\pos3B4.tmp
C:\pos3B5.tmp
C:\pos3B6.tmp
C:\pos3B7.tmp
C:\pos3B8.tmp
C:\pos3B9.tmp
C:\pos3BA.tmp
C:\pos3BB.tmp
C:\pos3BC.tmp
C:\pos3BD.tmp
C:\pos3BE.tmp
C:\pos3BF.tmp
C:\pos3C.tmp
C:\pos3C0.tmp
C:\pos3C1.tmp
C:\pos3C2.tmp
C:\pos3C3.tmp
C:\pos3C4.tmp
C:\pos3C5.tmp
C:\pos3C6.tmp
C:\pos3C7.tmp
C:\pos3C8.tmp
C:\pos3C9.tmp
C:\pos3CA.tmp
C:\pos3CB.tmp
C:\pos3CC.tmp
C:\pos3CD.tmp
C:\pos3CE.tmp
C:\pos3CF.tmp
C:\pos3D.tmp
C:\pos3D0.tmp
C:\pos3D1.tmp
C:\pos3D2.tmp
C:\pos3D3.tmp
C:\pos3D4.tmp
C:\pos3D5.tmp
C:\pos3D6.tmp
C:\pos3D7.tmp
C:\pos3D8.tmp
C:\pos3D9.tmp
C:\pos3DA.tmp
C:\pos3DB.tmp
C:\pos3DC.tmp
C:\pos3DD.tmp
C:\pos3DE.tmp
C:\pos3DF.tmp
C:\pos3E.tmp
C:\pos3E0.tmp
C:\pos3E1.tmp
C:\pos3E2.tmp
C:\pos3E3.tmp
C:\pos3E4.tmp
C:\pos3E5.tmp
C:\pos3E6.tmp
C:\pos3E7.tmp
C:\pos3E8.tmp
C:\pos3E9.tmp
C:\pos3EA.tmp
C:\pos3EB.tmp
C:\pos3EC.tmp
C:\pos3ED.tmp
C:\pos3EE.tmp
C:\pos3EF.tmp
C:\pos3F.tmp
C:\pos3F0.tmp
C:\pos4.tmp
C:\pos40.tmp
C:\pos41.tmp
C:\pos42.tmp
C:\pos43.tmp
C:\pos44.tmp
C:\pos45.tmp
C:\pos46.tmp
C:\pos47.tmp
C:\pos48.tmp
C:\pos49.tmp
C:\pos4A.tmp
C:\pos4B.tmp
C:\pos4C.tmp
C:\pos4D.tmp
C:\pos4D4.tmp
C:\pos4D5.tmp
C:\pos4D6.tmp
C:\pos4D7.tmp
C:\pos4D8.tmp
C:\pos4D9.tmp
C:\pos4DA.tmp
C:\pos4DB.tmp
C:\pos4DC.tmp
C:\pos4DD.tmp
C:\pos4DE.tmp
C:\pos4DF.tmp
C:\pos4E.tmp
C:\pos4E0.tmp
C:\pos4E1.tmp
C:\pos4E2.tmp
C:\pos4E3.tmp
C:\pos4E4.tmp
C:\pos4E5.tmp
C:\pos4E6.tmp
C:\pos4E7.tmp
C:\pos4E8.tmp
C:\pos4E9.tmp
C:\pos4EA.tmp
C:\pos4EB.tmp
C:\pos4EC.tmp
C:\pos4ED.tmp
C:\pos4EE.tmp
C:\pos4EF.tmp
C:\pos4F.tmp
C:\pos4F0.tmp
C:\pos4F1.tmp
C:\pos4F2.tmp
C:\pos4F3.tmp
C:\pos4F4.tmp
C:\pos4F5.tmp
C:\pos4F6.tmp
C:\pos4F7.tmp
C:\pos4F8.tmp
C:\pos4F9.tmp
C:\pos4FA.tmp
C:\pos4FB.tmp
C:\pos4FC.tmp
C:\pos4FD.tmp
C:\pos4FE.tmp
C:\pos4FF.tmp
C:\pos5.tmp
C:\pos50.tmp
C:\pos500.tmp
C:\pos501.tmp
C:\pos502.tmp
C:\pos503.tmp
C:\pos504.tmp
C:\pos505.tmp
C:\pos506.tmp
C:\pos507.tmp
C:\pos508.tmp
C:\pos509.tmp
C:\pos50A.tmp
C:\pos50B.tmp
C:\pos50C.tmp
C:\pos50D.tmp
C:\pos50E.tmp
C:\pos50F.tmp
C:\pos51.tmp
C:\pos510.tmp
C:\pos511.tmp
C:\pos512.tmp
C:\pos513.tmp
C:\pos514.tmp
C:\pos515.tmp
C:\pos516.tmp
C:\pos517.tmp
C:\pos518.tmp
C:\pos519.tmp
C:\pos51A.tmp
C:\pos51B.tmp
C:\pos51C.tmp
C:\pos51D.tmp
C:\pos51E.tmp
C:\pos51F.tmp
C:\pos52.tmp
C:\pos520.tmp
C:\pos521.tmp
C:\pos522.tmp
C:\pos523.tmp
C:\pos524.tmp
C:\pos525.tmp
C:\pos526.tmp
C:\pos527.tmp
C:\pos528.tmp
C:\pos529.tmp
C:\pos52A.tmp
C:\pos52B.tmp
C:\pos52C.tmp
C:\pos52D.tmp
C:\pos52E.tmp
C:\pos52F.tmp
C:\pos53.tmp
C:\pos530.tmp
C:\pos531.tmp
C:\pos532.tmp
C:\pos533.tmp
C:\pos534.tmp
C:\pos535.tmp
C:\pos536.tmp
C:\pos537.tmp
C:\pos538.tmp
C:\pos539.tmp
C:\pos53A.tmp
C:\pos53B.tmp
C:\pos53C.tmp
C:\pos53D.tmp
C:\pos53E.tmp
C:\pos53F.tmp
C:\pos54.tmp
C:\pos540.tmp
C:\pos541.tmp
C:\pos542.tmp
C:\pos543.tmp
C:\pos544.tmp
C:\pos545.tmp
C:\pos546.tmp
C:\pos547.tmp
C:\pos548.tmp
C:\pos549.tmp
C:\pos54A.tmp
C:\pos54B.tmp
C:\pos54C.tmp
C:\pos54D.tmp
C:\pos54E.tmp
C:\pos54F.tmp
C:\pos55.tmp
C:\pos550.tmp
C:\pos551.tmp
C:\pos552.tmp
C:\pos553.tmp
C:\pos554.tmp
C:\pos555.tmp
C:\pos556.tmp
C:\pos557.tmp
C:\pos558.tmp
C:\pos559.tmp
C:\pos55A.tmp
C:\pos55B.tmp
C:\pos55C.tmp
C:\pos55D.tmp
C:\pos55E.tmp
C:\pos55F.tmp
C:\pos56.tmp
C:\pos560.tmp
C:\pos561.tmp
C:\pos562.tmp
C:\pos563.tmp
C:\pos564.tmp
C:\pos565.tmp
C:\pos566.tmp
C:\pos567.tmp
C:\pos568.tmp
C:\pos569.tmp
C:\pos56A.tmp
C:\pos56B.tmp
C:\pos56C.tmp
C:\pos56D.tmp
C:\pos56E.tmp
C:\pos56F.tmp
C:\pos57.tmp
C:\pos570.tmp
C:\pos571.tmp
C:\pos572.tmp
C:\pos573.tmp
C:\pos574.tmp
C:\pos575.tmp
C:\pos576.tmp
C:\pos577.tmp
C:\pos578.tmp
C:\pos579.tmp
C:\pos57A.tmp
C:\pos57B.tmp
C:\pos57C.tmp
C:\pos57D.tmp
C:\pos57E.tmp
C:\pos57F.tmp
C:\pos58.tmp
C:\pos580.tmp
C:\pos581.tmp
C:\pos582.tmp
C:\pos583.tmp
C:\pos584.tmp
C:\pos585.tmp
C:\pos586.tmp
C:\pos587.tmp
C:\pos588.tmp
C:\pos589.tmp
C:\pos58A.tmp
C:\pos58B.tmp
C:\pos58C.tmp
C:\pos58D.tmp
C:\pos58E.tmp
C:\pos58F.tmp
C:\pos59.tmp
C:\pos590.tmp
C:\pos591.tmp
C:\pos592.tmp
C:\pos593.tmp
C:\pos594.tmp
C:\pos595.tmp
C:\pos596.tmp
C:\pos597.tmp
C:\pos598.tmp
C:\pos599.tmp
C:\pos59A.tmp
C:\pos59B.tmp
C:\pos59C.tmp
C:\pos59D.tmp
C:\pos59E.tmp
C:\pos59F.tmp
C:\pos5A.tmp
C:\pos5A0.tmp
C:\pos5A1.tmp
C:\pos5A2.tmp
C:\pos5A3.tmp
C:\pos5A4.tmp
C:\pos5A5.tmp
C:\pos5A6.tmp
C:\pos5A7.tmp
C:\pos5A8.tmp
C:\pos5A9.tmp
C:\pos5AA.tmp
C:\pos5AB.tmp
C:\pos5AC.tmp
C:\pos5AD.tmp
C:\pos5AE.tmp
C:\pos5AF.tmp
C:\pos5B.tmp
C:\pos5B0.tmp
C:\pos5B1.tmp
C:\pos5B2.tmp
C:\pos5B3.tmp
C:\pos5B4.tmp
C:\pos5B5.tmp
C:\pos5B6.tmp
C:\pos5B7.tmp
C:\pos5B8.tmp
C:\pos5B9.tmp
C:\pos5BA.tmp
C:\pos5BB.tmp
C:\pos5BC.tmp
C:\pos5BD.tmp
C:\pos5BE.tmp
C:\pos5BF.tmp
C:\pos5C.tmp
C:\pos5C0.tmp
C:\pos5C1.tmp
C:\pos5C2.tmp
C:\pos5C3.tmp
C:\pos5C4.tmp
C:\pos5C5.tmp
C:\pos5C6.tmp
C:\pos5C7.tmp
C:\pos5C8.tmp
C:\pos5C9.tmp
C:\pos5CA.tmp
C:\pos5CB.tmp
C:\pos5CC.tmp
C:\pos5CD.tmp
C:\pos5CE.tmp
C:\pos5CF.tmp
C:\pos5D.tmp
C:\pos5D0.tmp
C:\pos5D1.tmp
C:\pos5D2.tmp
C:\pos5D3.tmp
C:\pos5D4.tmp
C:\pos5D5.tmp
C:\pos5D6.tmp
C:\pos5D7.tmp
C:\pos5D8.tmp
C:\pos5D9.tmp
C:\pos5DA.tmp
C:\pos5DB.tmp
C:\pos5DC.tmp
C:\pos5DD.tmp
C:\pos5DE.tmp
C:\pos5DF.tmp
C:\pos5E.tmp
C:\pos5E0.tmp
C:\pos5E1.tmp
C:\pos5E2.tmp
C:\pos5E3.tmp
C:\pos5E4.tmp
C:\pos5E5.tmp
C:\pos5E6.tmp
C:\pos5E7.tmp
C:\pos5E8.tmp
C:\pos5E9.tmp
C:\pos5EA.tmp
C:\pos5EB.tmp
C:\pos5EC.tmp
C:\pos5ED.tmp
C:\pos5EE.tmp
C:\pos5EF.tmp
C:\pos5F.tmp
C:\pos5F0.tmp
C:\pos5F1.tmp
C:\pos5F2.tmp
C:\pos5F3.tmp
C:\pos5F4.tmp
C:\pos5F5.tmp
C:\pos5F6.tmp
C:\pos5F7.tmp
C:\pos5F8.tmp
C:\pos5F9.tmp
C:\pos5FA.tmp
C:\pos5FB.tmp
C:\pos5FC.tmp
C:\pos5FD.tmp
C:\pos5FE.tmp
C:\pos5FF.tmp
C:\pos6.tmp
C:\pos60.tmp
C:\pos600.tmp
C:\pos601.tmp
C:\pos602.tmp
C:\pos603.tmp
C:\pos604.tmp
C:\pos605.tmp
C:\pos606.tmp
C:\pos607.tmp
C:\pos608.tmp
C:\pos609.tmp
C:\pos60A.tmp
C:\pos60B.tmp
C:\pos60C.tmp
C:\pos60D.tmp
C:\pos60E.tmp
C:\pos60F.tmp
C:\pos61.tmp
C:\pos610.tmp
C:\pos611.tmp
C:\pos612.tmp
C:\pos613.tmp
C:\pos614.tmp
C:\pos615.tmp
C:\pos616.tmp
C:\pos617.tmp
C:\pos618.tmp
C:\pos619.tmp
C:\pos61A.tmp
C:\pos61B.tmp
C:\pos61C.tmp
C:\pos61D.tmp
C:\pos61E.tmp
C:\pos61F.tmp
C:\pos62.tmp
C:\pos620.tmp
C:\pos621.tmp
C:\pos622.tmp
C:\pos623.tmp
C:\pos624.tmp
C:\pos625.tmp
C:\pos626.tmp
C:\pos627.tmp
C:\pos628.tmp
C:\pos629.tmp
C:\pos62A.tmp
C:\pos62B.tmp
C:\pos62C.tmp
C:\pos62D.tmp
C:\pos62E.tmp
C:\pos62F.tmp
C:\pos63.tmp
C:\pos630.tmp
C:\pos631.tmp
C:\pos632.tmp
C:\pos633.tmp
C:\pos634.tmp
C:\pos635.tmp
C:\pos636.tmp
C:\pos637.tmp
C:\pos638.tmp
C:\pos639.tmp
C:\pos63A.tmp
C:\pos63B.tmp
C:\pos63C.tmp
C:\pos63D.tmp
C:\pos63E.tmp
C:\pos63F.tmp
C:\pos64.tmp
C:\pos640.tmp
C:\pos641.tmp
C:\pos642.tmp
C:\pos643.tmp
C:\pos644.tmp
C:\pos645.tmp
C:\pos646.tmp
C:\pos647.tmp
C:\pos648.tmp
C:\pos649.tmp
C:\pos64A.tmp
C:\pos64B.tmp
C:\pos64C.tmp
C:\pos64D.tmp
C:\pos64E.tmp
C:\pos64F.tmp
C:\pos65.tmp
C:\pos650.tmp
C:\pos651.tmp
C:\pos652.tmp
C:\pos653.tmp
C:\pos654.tmp
C:\pos655.tmp
C:\pos656.tmp
C:\pos657.tmp
C:\pos658.tmp
C:\pos659.tmp
C:\pos65A.tmp
C:\pos65B.tmp
C:\pos65C.tmp
C:\pos65D.tmp
C:\pos65E.tmp
C:\pos65F.tmp
C:\pos66.tmp
C:\pos660.tmp
C:\pos661.tmp
C:\pos662.tmp
C:\pos663.tmp
C:\pos664.tmp
C:\pos665.tmp
C:\pos666.tmp
C:\pos667.tmp
C:\pos668.tmp
C:\pos669.tmp
C:\pos66A.tmp
C:\pos66B.tmp
C:\pos66C.tmp
C:\pos66D.tmp
C:\pos66E.tmp
C:\pos66F.tmp
C:\pos67.tmp
C:\pos670.tmp
C:\pos671.tmp
C:\pos672.tmp
C:\pos673.tmp
C:\pos674.tmp
C:\pos675.tmp
C:\pos676.tmp
C:\pos677.tmp
C:\pos678.tmp
C:\pos679.tmp
C:\pos67A.tmp
C:\pos67B.tmp
C:\pos67C.tmp
C:\pos67D.tmp
C:\pos67E.tmp
C:\pos67F.tmp
C:\pos68.tmp
C:\pos680.tmp
C:\pos681.tmp
C:\pos682.tmp
C:\pos683.tmp
C:\pos684.tmp
C:\pos685.tmp
C:\pos686.tmp
C:\pos687.tmp
C:\pos688.tmp
C:\pos689.tmp
C:\pos68A.tmp
C:\pos68B.tmp
C:\pos68C.tmp
C:\pos68D.tmp
C:\pos68E.tmp
C:\pos68F.tmp
C:\pos69.tmp
C:\pos690.tmp
C:\pos691.tmp
C:\pos692.tmp
C:\pos693.tmp
C:\pos694.tmp
C:\pos695.tmp
C:\pos696.tmp
C:\pos697.tmp
C:\pos698.tmp
C:\pos699.tmp
C:\pos69A.tmp
C:\pos69B.tmp
C:\pos69C.tmp
C:\pos69D.tmp
C:\pos69E.tmp
C:\pos69F.tmp
C:\pos6A.tmp
C:\pos6A1.tmp
C:\pos6A2.tmp
C:\pos6A3.tmp
C:\pos6A4.tmp
C:\pos6A5.tmp
C:\pos6A6.tmp
C:\pos6A7.tmp
C:\pos6A8.tmp
C:\pos6A9.tmp
C:\pos6AA.tmp
C:\pos6AB.tmp
C:\pos6AC.tmp
C:\pos6AD.tmp
C:\pos6AE.tmp
C:\pos6AF.tmp
C:\pos6B.tmp
C:\pos6B0.tmp
C:\pos6B1.tmp
C:\pos6B2.tmp
C:\pos6B3.tmp
C:\pos6B4.tmp
C:\pos6B5.tmp
C:\pos6B6.tmp
C:\pos6B7.tmp
C:\pos6B8.tmp
C:\pos6B9.tmp
C:\pos6BA.tmp
C:\pos6BB.tmp
C:\pos6BC.tmp
C:\pos6BD.tmp
C:\pos6BE.tmp
C:\pos6BF.tmp
C:\pos6C.tmp
C:\pos6C0.tmp
C:\pos6C1.tmp
C:\pos6C2.tmp
C:\pos6C3.tmp
C:\pos6C4.tmp
C:\pos6C5.tmp
C:\pos6C6.tmp
C:\pos6C7.tmp
C:\pos6C8.tmp
C:\pos6D.tmp
C:\pos6E.tmp
C:\pos6F.tmp
C:\pos7.tmp
C:\pos70.tmp
C:\pos71.tmp
C:\pos72.tmp
C:\pos73.tmp
C:\pos74.tmp
C:\pos743.tmp
C:\pos744.tmp
C:\pos745.tmp
C:\pos746.tmp
C:\pos747.tmp
C:\pos748.tmp
C:\pos749.tmp
C:\pos74A.tmp
C:\pos74B.tmp
C:\pos74C.tmp
C:\pos74D.tmp
C:\pos74E.tmp
C:\pos74F.tmp
C:\pos75.tmp
C:\pos750.tmp
C:\pos751.tmp
C:\pos752.tmp
C:\pos753.tmp
C:\pos754.tmp
C:\pos755.tmp
C:\pos756.tmp
C:\pos757.tmp
C:\pos758.tmp
C:\pos759.tmp
C:\pos75A.tmp
C:\pos75B.tmp
C:\pos75C.tmp
C:\pos75D.tmp
C:\pos75E.tmp
C:\pos75F.tmp
C:\pos76.tmp
C:\pos760.tmp
C:\pos761.tmp
C:\pos762.tmp
C:\pos763.tmp
C:\pos764.tmp
C:\pos765.tmp
C:\pos766.tmp
C:\pos767.tmp
C:\pos768.tmp
C:\pos769.tmp
C:\pos76A.tmp
C:\pos76B.tmp
C:\pos76C.tmp
C:\pos76D.tmp
C:\pos76E.tmp
C:\pos76F.tmp
C:\pos77.tmp
C:\pos770.tmp
C:\pos771.tmp
C:\pos772.tmp
C:\pos773.tmp
C:\pos774.tmp
C:\pos775.tmp
C:\pos776.tmp
C:\pos777.tmp
C:\pos778.tmp
C:\pos779.tmp
C:\pos77A.tmp
C:\pos77B.tmp
C:\pos77C.tmp
C:\pos77D.tmp
C:\pos77E.tmp
C:\pos77F.tmp
C:\pos78.tmp
C:\pos780.tmp
C:\pos781.tmp
C:\pos782.tmp
C:\pos783.tmp
C:\pos784.tmp
C:\pos785.tmp
C:\pos786.tmp
C:\pos787.tmp
C:\pos788.tmp
C:\pos789.tmp
C:\pos78A.tmp
C:\pos78B.tmp
C:\pos78C.tmp
C:\pos78D.tmp
C:\pos78E.tmp
C:\pos78F.tmp
C:\pos79.tmp
C:\pos790.tmp
C:\pos791.tmp
C:\pos792.tmp
C:\pos793.tmp
C:\pos794.tmp
C:\pos795.tmp
C:\pos796.tmp
C:\pos797.tmp
C:\pos798.tmp
C:\pos799.tmp
C:\pos79A.tmp
C:\pos79B.tmp
C:\pos79C.tmp
C:\pos79D.tmp
C:\pos79E.tmp
C:\pos79F.tmp
C:\pos7A.tmp
C:\pos7A0.tmp
C:\pos7A1.tmp
C:\pos7A2.tmp
C:\pos7A3.tmp
C:\pos7A4.tmp
C:\pos7A5.tmp
C:\pos7A6.tmp
C:\pos7A7.tmp
C:\pos7A8.tmp
C:\pos7A9.tmp
C:\pos7AA.tmp
C:\pos7AB.tmp
C:\pos7AC.tmp
C:\pos7AD.tmp
C:\pos7AE.tmp
C:\pos7AF.tmp
C:\pos7B.tmp
C:\pos7B0.tmp
C:\pos7B1.tmp
C:\pos7B2.tmp
C:\pos7B3.tmp
C:\pos7B4.tmp
C:\pos7B5.tmp
C:\pos7B6.tmp
C:\pos7B7.tmp
C:\pos7B8.tmp
C:\pos7B9.tmp
C:\pos7BA.tmp
C:\pos7BB.tmp
C:\pos7BC.tmp
C:\pos7BD.tmp
C:\pos7BE.tmp
C:\pos7BF.tmp
C:\pos7C.tmp
C:\pos7C0.tmp
C:\pos7C1.tmp
C:\pos7C2.tmp
C:\pos7C3.tmp
C:\pos7C4.tmp
C:\pos7C5.tmp
C:\pos7C6.tmp
C:\pos7C7.tmp
C:\pos7C8.tmp
C:\pos7C9.tmp
C:\pos7CA.tmp
C:\pos7CB.tmp
C:\pos7CC.tmp
C:\pos7CD.tmp
C:\pos7CE.tmp
C:\pos7CF.tmp
C:\pos7D.tmp
C:\pos7D0.tmp
C:\pos7D1.tmp
C:\pos7D2.tmp
C:\pos7D3.tmp
C:\pos7D4.tmp
C:\pos7D5.tmp
C:\pos7D6.tmp
C:\pos7D7.tmp
C:\pos7D8.tmp
C:\pos7D9.tmp
C:\pos7DA.tmp
C:\pos7DB.tmp
C:\pos7DC.tmp
C:\pos7DD.tmp
C:\pos7DE.tmp
C:\pos7DF.tmp
C:\pos7E.tmp
C:\pos7E0.tmp
C:\pos7E1.tmp
C:\pos7E2.tmp
C:\pos7E3.tmp
C:\pos7E4.tmp
C:\pos7E5.tmp
C:\pos7E6.tmp
C:\pos7E7.tmp
C:\pos7E8.tmp
C:\pos7E9.tmp
C:\pos7EA.tmp
C:\pos7EB.tmp
C:\pos7EC.tmp
C:\pos7ED.tmp
C:\pos7EE.tmp
C:\pos7EF.tmp
C:\pos7F.tmp
C:\pos7F0.tmp
C:\pos7F1.tmp
C:\pos7F2.tmp
C:\pos7F3.tmp
C:\pos7F4.tmp
C:\pos7F5.tmp
C:\pos7F6.tmp
C:\pos7F7.tmp
C:\pos7F8.tmp
C:\pos7F9.tmp
C:\pos7FA.tmp
C:\pos7FB.tmp
C:\pos7FC.tmp
C:\pos7FD.tmp
C:\pos7FE.tmp
C:\pos7FF.tmp
C:\pos8.tmp
C:\pos80.tmp
C:\pos800.tmp
C:\pos801.tmp
C:\pos802.tmp
C:\pos803.tmp
C:\pos804.tmp
C:\pos805.tmp
C:\pos806.tmp
C:\pos807.tmp
C:\pos808.tmp
C:\pos809.tmp
C:\pos80A.tmp
C:\pos80B.tmp
C:\pos80C.tmp
C:\pos80D.tmp
C:\pos80E.tmp
C:\pos80F.tmp
C:\pos81.tmp
C:\pos810.tmp
C:\pos811.tmp
C:\pos812.tmp
C:\pos813.tmp
C:\pos814.tmp
C:\pos815.tmp
C:\pos816.tmp
C:\pos817.tmp
C:\pos818.tmp
C:\pos819.tmp
C:\pos81A.tmp
C:\pos81B.tmp
C:\pos81C.tmp
C:\pos81D.tmp
C:\pos81E.tmp
C:\pos81F.tmp
C:\pos82.tmp
C:\pos820.tmp
C:\pos821.tmp
C:\pos822.tmp
C:\pos823.tmp
C:\pos824.tmp
C:\pos825.tmp
C:\pos826.tmp
C:\pos827.tmp
C:\pos828.tmp
C:\pos829.tmp
C:\pos82A.tmp
C:\pos82B.tmp
C:\pos82C.tmp
C:\pos82D.tmp
C:\pos82E.tmp
C:\pos82F.tmp
C:\pos83.tmp
C:\pos830.tmp
C:\pos831.tmp
C:\pos832.tmp
C:\pos833.tmp
C:\pos834.tmp
C:\pos835.tmp
C:\pos836.tmp
C:\pos837.tmp
C:\pos838.tmp
C:\pos83A.tmp
C:\pos83B.tmp
C:\pos83C.tmp
C:\pos83D.tmp
C:\pos83E.tmp
C:\pos83F.tmp
C:\pos84.tmp
C:\pos840.tmp
C:\pos841.tmp
C:\pos842.tmp
C:\pos843.tmp
C:\pos844.tmp
C:\pos845.tmp
C:\pos846.tmp
C:\pos847.tmp
C:\pos848.tmp
C:\pos849.tmp
C:\pos84A.tmp
C:\pos84B.tmp
C:\pos84C.tmp
C:\pos84D.tmp
C:\pos84E.tmp
C:\pos84F.tmp
C:\pos85.tmp
C:\pos850.tmp
C:\pos851.tmp
C:\pos852.tmp
C:\pos853.tmp
C:\pos854.tmp
C:\pos855.tmp
C:\pos856.tmp
C:\pos857.tmp
C:\pos858.tmp
C:\pos859.tmp
C:\pos85A.tmp
C:\pos85B.tmp
C:\pos85C.tmp
C:\pos85D.tmp
C:\pos85E.tmp
C:\pos85F.tmp
C:\pos86.tmp
C:\pos860.tmp
C:\pos861.tmp
C:\pos862.tmp
C:\pos863.tmp
C:\pos864.tmp
C:\pos865.tmp
C:\pos866.tmp
C:\pos867.tmp
C:\pos868.tmp
C:\pos869.tmp
C:\pos86A.tmp
C:\pos86B.tmp
C:\pos86C.tmp
C:\pos86D.tmp
C:\pos86E.tmp
C:\pos86F.tmp
C:\pos87.tmp
C:\pos870.tmp
C:\pos871.tmp
C:\pos872.tmp
C:\pos873.tmp
C:\pos874.tmp
C:\pos875.tmp
C:\pos876.tmp
C:\pos877.tmp
C:\pos878.tmp
C:\pos879.tmp
C:\pos87A.tmp
C:\pos87B.tmp
C:\pos87C.tmp
C:\pos87D.tmp
C:\pos87E.tmp
C:\pos87F.tmp
C:\pos88.tmp
C:\pos880.tmp
C:\pos881.tmp
C:\pos882.tmp
C:\pos883.tmp
C:\pos884.tmp
C:\pos885.tmp
C:\pos886.tmp
C:\pos887.tmp
C:\pos888.tmp
C:\pos889.tmp
C:\pos88A.tmp
C:\pos88B.tmp
C:\pos88C.tmp
C:\pos88D.tmp
C:\pos88E.tmp
C:\pos88F.tmp
C:\pos89.tmp
C:\pos890.tmp
C:\pos891.tmp
C:\pos892.tmp
C:\pos893.tmp
C:\pos894.tmp
C:\pos895.tmp
C:\pos896.tmp
C:\pos897.tmp
C:\pos898.tmp
C:\pos899.tmp
C:\pos89A.tmp
C:\pos89B.tmp
C:\pos89C.tmp
C:\pos89D.tmp
C:\pos89E.tmp
C:\pos89F.tmp
C:\pos8A.tmp
C:\pos8A0.tmp
C:\pos8A1.tmp
C:\pos8A2.tmp
C:\pos8A3.tmp
C:\pos8A4.tmp
C:\pos8A5.tmp
C:\pos8A6.tmp
C:\pos8A7.tmp
C:\pos8A8.tmp
C:\pos8A9.tmp
C:\pos8AA.tmp
C:\pos8AB.tmp
C:\pos8AC.tmp
C:\pos8AD.tmp
C:\pos8AE.tmp
C:\pos8AF.tmp
C:\pos8B.tmp
C:\pos8B0.tmp
C:\pos8B1.tmp
C:\pos8B2.tmp
C:\pos8B3.tmp
C:\pos8B4.tmp
C:\pos8B5.tmp
C:\pos8B6.tmp
C:\pos8B7.tmp
C:\pos8B8.tmp
C:\pos8B9.tmp
C:\pos8BA.tmp
C:\pos8BB.tmp
C:\pos8BC.tmp
C:\pos8BD.tmp
C:\pos8BE.tmp
C:\pos8BF.tmp
C:\pos8C.tmp
C:\pos8C0.tmp
C:\pos8C1.tmp
C:\pos8C2.tmp
C:\pos8C3.tmp
C:\pos8C4.tmp
C:\pos8C5.tmp
C:\pos8C6.tmp
C:\pos8C7.tmp
C:\pos8C8.tmp
C:\pos8C9.tmp
C:\pos8CA.tmp
C:\pos8CB.tmp
C:\pos8CC.tmp
C:\pos8CD.tmp
C:\pos8CE.tmp
C:\pos8CF.tmp
C:\pos8D.tmp
C:\pos8D0.tmp
C:\pos8D1.tmp
C:\pos8D2.tmp
C:\pos8D3.tmp
C:\pos8D4.tmp
C:\pos8D5.tmp
C:\pos8D6.tmp
C:\pos8D7.tmp
C:\pos8D8.tmp
C:\pos8D9.tmp
C:\pos8DA.tmp
C:\pos8DB.tmp
C:\pos8DC.tmp
C:\pos8DD.tmp
C:\pos8DE.tmp
C:\pos8DF.tmp
C:\pos8E.tmp
C:\pos8E0.tmp
C:\pos8E1.tmp
C:\pos8E2.tmp
C:\pos8E3.tmp
C:\pos8E4.tmp
C:\pos8E5.tmp
C:\pos8E6.tmp
C:\pos8E7.tmp
C:\pos8E8.tmp
C:\pos8E9.tmp
C:\pos8EA.tmp
C:\pos8EB.tmp
C:\pos8EC.tmp
C:\pos8ED.tmp
C:\pos8EE.tmp
C:\pos8EF.tmp
C:\pos8F.tmp
C:\pos8F0.tmp
C:\pos8F1.tmp
C:\pos8F2.tmp
C:\pos8F3.tmp
C:\pos8F4.tmp
C:\pos8F5.tmp
C:\pos8F6.tmp
C:\pos8F7.tmp
C:\pos8F8.tmp
C:\pos8F9.tmp
C:\pos8FA.tmp
C:\pos8FB.tmp
C:\pos8FC.tmp
C:\pos8FD.tmp
C:\pos8FE.tmp
C:\pos8FF.tmp
C:\pos90.tmp
C:\pos900.tmp
C:\pos901.tmp
C:\pos902.tmp
C:\pos903.tmp
C:\pos904.tmp
C:\pos905.tmp
C:\pos906.tmp
C:\pos907.tmp
C:\pos908.tmp
C:\pos909.tmp
C:\pos90A.tmp
C:\pos90B.tmp
C:\pos90C.tmp
C:\pos90D.tmp
C:\pos90E.tmp
C:\pos90F.tmp
C:\pos91.tmp
C:\pos910.tmp
C:\pos911.tmp
C:\pos912.tmp
C:\pos913.tmp
C:\pos914.tmp
C:\pos915.tmp
C:\pos916.tmp
C:\pos917.tmp
C:\pos918.tmp
C:\pos919.tmp
C:\pos91A.tmp
C:\pos91B.tmp
C:\pos91C.tmp
C:\pos91D.tmp
C:\pos91E.tmp
C:\pos91F.tmp
C:\pos92.tmp
C:\pos920.tmp
C:\pos921.tmp
C:\pos922.tmp
C:\pos923.tmp
C:\pos924.tmp
C:\pos925.tmp
C:\pos926.tmp
C:\pos927.tmp
C:\pos928.tmp
C:\pos929.tmp
C:\pos92A.tmp
C:\pos92B.tmp
C:\pos92C.tmp
C:\pos92D.tmp
C:\pos92E.tmp
C:\pos92F.tmp
C:\pos93.tmp
C:\pos930.tmp
C:\pos931.tmp
C:\pos932.tmp
C:\pos933.tmp
C:\pos934.tmp
C:\pos935.tmp
C:\pos936.tmp
C:\pos937.tmp
C:\pos94.tmp
C:\pos95.tmp
C:\pos96.tmp
C:\pos97.tmp
C:\pos98.tmp
C:\pos99.tmp
C:\pos9A.tmp
C:\pos9B.tmp
C:\pos9C.tmp
C:\pos9D.tmp
C:\pos9E.tmp
C:\pos9F.tmp
C:\posA.tmp
C:\posA0.tmp
C:\posA1.tmp
C:\posA2.tmp
C:\posA3.tmp
C:\posA4.tmp
C:\posA5.tmp
C:\posA6.tmp
C:\posA7.tmp
C:\posA8.tmp
C:\posA9.tmp
C:\posAA.tmp
C:\posAB.tmp
C:\posAC.tmp
C:\posAD.tmp
C:\posAE.tmp
C:\posAF.tmp
C:\posB.tmp
C:\posB0.tmp
C:\posB1.tmp
C:\posB2.tmp
C:\posB3.tmp
C:\posB4.tmp
C:\posB5.tmp
C:\posB6.tmp
C:\posB7.tmp
C:\posB8.tmp
C:\posB9.tmp
C:\posBA.tmp
C:\posBB.tmp
C:\posBC.tmp
C:\posBD.tmp
C:\posBE.tmp
C:\posBF.tmp
C:\posC.tmp
C:\posC0.tmp
C:\posC1.tmp
C:\posC2.tmp
C:\posC3.tmp
C:\posC4.tmp
C:\posC5.tmp
C:\posC6.tmp
C:\posC7.tmp
C:\posC8.tmp
C:\posC9.tmp
C:\posCA.tmp
C:\posCB.tmp
C:\posCC.tmp
C:\posCD.tmp
C:\posCE.tmp
C:\posCF.tmp
C:\posD.tmp
C:\posD0.tmp
C:\posD1.tmp
C:\posD2.tmp
C:\posD3.tmp
C:\posD4.tmp
C:\posD5.tmp
C:\posD6.tmp
C:\posD7.tmp
C:\posD8.tmp
C:\posD9.tmp
C:\posDA.tmp
C:\posDB.tmp
C:\posDC.tmp
C:\posDD.tmp
C:\posDE.tmp
C:\posDF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE1.tmp
C:\posE2.tmp
C:\posE3.tmp
C:\posE4.tmp
C:\posE5.tmp
C:\posE6.tmp
C:\posE7.tmp
C:\posE8.tmp
C:\posE9.tmp
C:\posEA.tmp
C:\posEB.tmp
C:\posEC.tmp
C:\posED.tmp
C:\posEE.tmp
C:\posEF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF1.tmp
C:\posF2.tmp
C:\posF3.tmp
C:\posF4.tmp
C:\posF5.tmp
C:\posF6.tmp
C:\posF7.tmp
C:\posF8.tmp
C:\posF9.tmp
C:\posFA.tmp
C:\posFB.tmp
C:\posFC.tmp
C:\posFD.tmp
C:\posFE.tmp
C:\posFF.tmp
C:\Program Files\Common Files\{208C4~1
C:\Program Files\Common Files\{308C4~1
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Instant Messenger Names
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\fcccdbc.dll
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljjj.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-26 16:48 . 2008-01-26 16:48 3,638 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-26 15:40 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-26 15:40 . 2006-11-10 16:25 211 --a------ C:\Boot.bak
2008-01-26 15:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 15:09 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-26 15:08 . 2008-01-26 15:09 <DIR> d-------- C:\Program Files\Java
2008-01-26 15:08 . 2008-01-26 15:08 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-26 02:14 . 2008-01-26 14:22 <DIR> d-------- C:\VundoFix Backups
2008-01-26 00:06 . 2008-01-26 00:06 <DIR> d-------- C:\Program Files\Paint.NET
2008-01-25 21:53 . 2008-01-26 02:04 1,142,632 --ahs---- C:\WINDOWS\system32\rvhpaixx.ini
2008-01-25 21:51 . 2008-01-25 21:51 1,142,572 --ahs---- C:\WINDOWS\system32\sdwydnvf.ini
2008-01-25 02:24 . 2008-01-25 02:24 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-01-25 01:31 . 2008-01-25 01:31 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-01-25 01:31 . 2008-01-25 01:31 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-25 01:31 . 2008-01-25 01:31 <DIR> d-------- C:\Program Files\Windows Media Components
2008-01-25 00:32 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-01-25 00:32 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-01-25 00:06 . 2008-01-25 00:18 <DIR> d-------- C:\Program Files\Strokeit
2008-01-24 23:53 . 2008-01-24 23:54 <DIR> d-------- C:\Program Files\Rainmeter
2008-01-24 23:13 . 2008-01-25 19:58 <DIR> d-------- C:\Program Files\AvaFind
2008-01-24 22:48 . 2008-01-24 22:48 <DIR> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 23:43 --------- d-----w C:\Program Files\McAfee
2008-01-25 07:18 --------- d-----w C:\Program Files\LimeWire
2008-01-25 07:18 --------- d-----w C:\Program Files\Incomplete
2008-01-22 03:46 --------- d-----w C:\Program Files\Microsoft Games
2008-01-08 01:52 --------- d-----w C:\Program Files\Dl_cats
2007-12-21 03:24 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-18 08:46 --------- d-----w C:\Program Files\SWAT 4
2007-12-18 08:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 08:30 --------- d-----w C:\Program Files\Reflexive Arcade Games - Shooter
2007-12-18 08:28 --------- d-----w C:\Program Files\Reflexive Arcade Games - Puzzle
2007-12-18 08:24 --------- d-----w C:\Program Files\Reflexive Arcade Games - Strategy
2007-12-18 08:19 --------- d-----w C:\Program Files\Reflexive Arcade Games - Action
2007-12-18 08:11 --------- d-----w C:\Program Files\Jasc Software Inc
2007-12-18 08:07 --------- d-----w C:\Program Files\Half-Life
2007-12-18 08:06 --------- d-----w C:\Program Files\Dell Support
2007-12-18 08:05 --------- d-----w C:\Program Files\Dell
2007-12-18 08:03 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-12-18 07:19 --------- d-----w C:\Program Files\PokerStars.NET
2007-12-16 18:59 --------- d-----w C:\Program Files\McAfee.com
2007-12-16 18:54 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-06 05:02 2,486,784 ----a-w C:\WINDOWS\system32\AnipUninst1.exe
2007-11-30 05:07 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 09:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 21:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 21:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2002-07-26 21:02 153,088 ----a-w C:\WINDOWS\Fonts\UNWISE.EXE
2007-06-18 17:56 168 --sh--r C:\WINDOWS\system32\44AA50DB4B.sys
2007-06-18 17:56 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49D63E18-33B1-46F2-82C2-39431FB94794}]
C:\WINDOWS\system32\fcccdbc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9409C592-4615-497F-88A7-DFADEB532F2D}]
C:\WINDOWS\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98CA534E-E739-4D46-88B1-3AA2E7AD7A4C}]
C:\WINDOWS\system32\mljjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b41dd05c-a4e1-4c76-8e10-1d7ee2fed09a}]
C:\WINDOWS\system32\utuddbyf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDF6C1D2-FCEB-456B-B1FA-D78DE83DD642}]
C:\WINDOWS\system32\geeba.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-11-16 18:04 139264]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-08-31 20:27 1658592]
"Logomulti"="C:\DOCUME~1\Serj\APPLIC~1\BROWSE~1\Mode loud.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"DLCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 14:56 73728]
"dlcgmon.exe"="C:\Program Files\Dell AIO 810\dlcgmon.exe" [2005-10-21 11:42 425984]
"NWEReboot"="" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17 118784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2005-11-14 18:47 110592]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-11-16 16:14 344064]
"AnimatedWallpaper"="C:\Program Files\3d Animated Wallpaper\AnimWallpaper.exe" [ ]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30 152144]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 17:57 36640]
"208c45d4"="C:\WINDOWS\system32\xxiaphvr.dll" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 06:00 388608]

C:\Documents and Settings\Serj\Start Menu\Programs\Startup\
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe [2006-01-21 07:41:56 118784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-09-28 11:37:29 24576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 00000000
"NoUserNameInStartMenu"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{49D63E18-33B1-46F2-82C2-39431FB94794}"= C:\WINDOWS\system32\fcccdbc.dll [ ]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 18:29]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 21:00:01 C:\WINDOWS\Tasks\A2DBC7C090B8467C.job"
- c:\docume~1\serj\applic~1\browse~1\blue seek wait.exe
"2008-01-21 01:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-26 19:56:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-28 22:30:01 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DARKSTAR-Steve).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-01-15 05:34:33 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-01 05:56:02 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-01-26 21:00:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 17:13:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 17:14:44
ComboFix-quarantined-files.txt 2008-01-26 21:14:41
.
2008-01-24 20:52:31 --- E O F ---

Edited by Serj27, 26 January 2008 - 04:34 PM.


#4 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:38 PM

Posted 07 February 2008 - 03:44 PM

Hi Serj27, :thumbsup:

Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist.

If you still need help please post a new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide for use before posting a HijackThis Log , and I'll be happy to look at it for you.

Thanks for your patience. :blink:

#5 Serj27

Serj27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 18 February 2008 - 10:36 PM

Hey Falu thanks for the responce, :thumbsup:

I did everything that it said to do in the "Preparation Guide for use before posting a HijackThis Log"

this is my HijackThis log,

P.S. sorry for the late reply


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:53 PM, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Documents and Settings\Serj\My Documents\BitTorrent Downloads\Alcohol 120% 1.9.5.4521\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Serj\Desktop\Spyware killers\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0060928
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9409C592-4615-497F-88A7-DFADEB532F2D} - C:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: {a90def2e-e7d1-01e8-67c4-1e4ac50dd14b} - {b41dd05c-a4e1-4c76-8e10-1d7ee2fed09a} - C:\WINDOWS\system32\utuddbyf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {EDF6C1D2-FCEB-456B-B1FA-D78DE83DD642} - C:\WINDOWS\system32\geeba.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [AnimatedWallpaper] C:\Program Files\3d Animated Wallpaper\AnimWallpaper.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [208c45d4] rundll32.exe "C:\WINDOWS\system32\xxiaphvr.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Logomulti] C:\DOCUME~1\Serj\APPLIC~1\BROWSE~1\Mode loud.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?7b2568cf37e844c3a8819539266af065
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?7b2568cf37e844c3a8819539266af065
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\

--
End of file - 14177 bytes

#6 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:38 PM

Posted 20 February 2008 - 12:47 PM

Hi Serj27, :thumbsup:

Hey Falu thanks for the responce, thumbup2.gif


You're very welcome.

I want you to delete Combofix from your desktop since there's a newer version. Then follow instructions for downloading and running ComboFix in: How to use ComboFix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

#7 Serj27

Serj27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 20 February 2008 - 02:52 PM

Ok I followed the guide and ran Combofix here is my log


ComboFix 08-02-20.2 - Serj 2008-02-20 15:39:25.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.527 [GMT -4:00]
Running from: C:\Documents and Settings\Serj\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Serj\Application Data\inst.exe
C:\WINDOWS\system32\rvhpaixx.ini
C:\WINDOWS\system32\sdwydnvf.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-20 00:16 . 2008-02-20 00:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-20 00:16 . 2008-02-20 00:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-18 14:14 . 2008-02-18 14:57 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-18 13:34 . 2008-02-18 13:34 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-18 13:34 . 2008-02-18 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-18 03:33 . 2008-02-18 03:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-18 03:33 . 2008-02-18 03:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-14 22:58 . 2008-02-14 22:58 <DIR> d--h----- C:\Documents and Settings\Serj\QMCache00
2008-02-14 22:58 . 2008-02-14 22:58 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\Move Networks
2008-02-10 13:37 . 2008-02-14 18:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-08 23:48 . 2007-06-25 22:30 86,016 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2008-02-08 23:48 . 2007-04-24 19:33 32,768 --a------ C:\WINDOWS\system32\FrogASPI.DLL
2008-02-07 08:05 . 2008-02-07 08:05 <DIR> d-------- C:\WINDOWS\system32\logs
2008-02-06 03:59 . 2008-02-06 03:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-02-05 21:53 . 2008-02-05 21:53 <DIR> d-------- C:\Program Files\VSO
2008-02-05 21:53 . 2008-02-14 19:57 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\Vso
2008-02-05 21:53 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-02-05 21:53 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-02-05 21:53 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-02-05 21:53 . 2008-02-05 21:53 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-05 21:53 . 2008-02-05 21:53 47,360 --a------ C:\Documents and Settings\Serj\Application Data\pcouffin.sys
2008-02-05 17:50 . 2006-10-16 03:10 131,546 --a------ C:\charlize-theron.jpg
2008-02-05 17:38 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-02-05 17:38 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-02-05 17:38 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-02-05 17:38 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
2008-02-05 17:38 . 2008-02-05 17:38 1,024 --a------ C:\.rnd
2008-02-04 13:29 . 2008-02-04 13:29 <DIR> d-------- C:\Documents and Settings\Steve.DARKSTAR\Application Data\Logitech
2008-02-03 18:54 . 2008-02-03 18:54 <DIR> d-------- C:\Program Files\TVUPlayer
2008-02-03 18:54 . 2008-02-03 18:54 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\TVU Networks
2008-02-03 18:14 . 2008-02-03 18:14 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\Logitech
2008-02-03 18:13 . 2008-02-03 18:13 <DIR> d-------- C:\Program Files\Common Files\LogiShared
2008-02-03 17:54 . 2008-02-03 17:54 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-03 17:54 . 2008-02-03 17:54 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-02-03 17:54 . 2008-02-03 17:54 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-02-03 17:53 . 2007-04-11 15:33 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-02-03 17:53 . 2007-04-11 15:32 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-02-03 17:53 . 2007-04-11 15:32 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-02-03 17:53 . 2007-04-11 15:32 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-02-03 17:53 . 2007-04-11 15:33 28,688 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys
2008-02-03 17:52 . 2008-02-03 17:52 <DIR> d-------- C:\Program Files\Logitech
2008-02-03 17:52 . 2008-02-03 17:53 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-02-03 17:52 . 2008-02-03 17:52 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\InstallShield
2008-02-03 17:52 . 2008-02-03 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-03 17:52 . 2008-02-03 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-03 17:52 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-02-03 17:52 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-02-03 17:52 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-02-03 17:52 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-02-03 11:58 . 2008-02-03 19:15 <DIR> d-------- C:\WINDOWS\uninstall
2008-02-03 02:56 . 2008-02-03 02:56 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-30 16:32 . 2008-01-30 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-27 23:30 . 2008-01-28 23:49 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-27 12:34 . 2008-02-18 22:34 72,872 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-01-26 18:26 . 2008-01-26 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-26 17:57 . 2008-01-26 17:57 <DIR> d-------- C:\Program Files\Bonjour
2008-01-26 17:43 . 2008-01-26 17:43 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-26 16:48 . 2008-01-26 16:48 3,638 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-26 15:09 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-26 15:08 . 2008-01-26 15:09 <DIR> d-------- C:\Program Files\Java
2008-01-26 15:08 . 2008-01-26 15:08 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-26 02:14 . 2008-02-08 16:06 <DIR> d-------- C:\VundoFix Backups
2008-01-26 00:06 . 2008-01-26 00:06 <DIR> d-------- C:\Program Files\Paint.NET
2008-01-25 02:24 . 2008-01-25 02:24 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-01-25 01:31 . 2008-01-25 01:31 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-01-25 01:31 . 2008-01-25 01:31 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-25 01:31 . 2008-01-25 01:31 <DIR> d-------- C:\Program Files\Windows Media Components
2008-01-25 00:32 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-01-25 00:32 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-01-25 00:06 . 2008-01-25 00:18 <DIR> d-------- C:\Program Files\Strokeit
2008-01-24 23:53 . 2008-01-24 23:54 <DIR> d-------- C:\Program Files\Rainmeter
2008-01-24 23:13 . 2008-01-25 19:58 <DIR> d-------- C:\Program Files\AvaFind
2008-01-24 23:13 . 2008-01-24 23:16 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\AvaFind Data
2008-01-24 22:48 . 2008-01-24 22:48 <DIR> d-------- C:\Program Files\CCleaner
2008-01-23 17:25 . 2008-01-23 17:25 27,136 --a------ C:\WINDOWS\system32\drivers\tapvpn.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 19:22 --------- d-----w C:\Documents and Settings\Serj\Application Data\uTorrent
2008-02-20 18:39 --------- d-----w C:\Program Files\McAfee
2008-02-18 07:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-15 03:56 --------- d-----w C:\Program Files\Dl_cats
2008-02-14 01:50 --------- d-----w C:\Program Files\Trillian
2008-02-03 21:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 16:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-02 14:40 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-02-02 14:40 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-02 14:40 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-29 03:41 --------- d-----w C:\Documents and Settings\Serj\Application Data\AdobeUM
2008-01-25 07:18 --------- d-----w C:\Program Files\LimeWire
2008-01-25 07:18 --------- d-----w C:\Program Files\Incomplete
2008-01-22 03:46 --------- d-----w C:\Program Files\Microsoft Games
2008-01-20 05:34 --------- d-----w C:\Documents and Settings\Serj\Application Data\SiteAdvisor
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-09 19:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-09 04:19 --------- d-----w C:\Documents and Settings\Serj\Application Data\Ahead
2008-01-09 03:22 --------- d-----w C:\Documents and Settings\Serj\Application Data\Nero
2007-12-21 12:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 12:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 12:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-21 03:24 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 15:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:21 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 05:02 2,486,784 ----a-w C:\WINDOWS\system32\AnipUninst1.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-08-09 02:03 124 ----a-w C:\Documents and Settings\Serj\Application Data\wklnhst.dat
2007-05-01 21:19 1,132,112 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-04-23 21:03 1 ----a-w C:\Documents and Settings\Serj\SI.bin
2002-07-26 21:02 153,088 ----a-w C:\WINDOWS\Fonts\UNWISE.EXE
2007-06-18 17:56 168 --sh--r C:\WINDOWS\system32\44AA50DB4B.sys
2007-06-18 17:56 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9409C592-4615-497F-88A7-DFADEB532F2D}]
C:\WINDOWS\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b41dd05c-a4e1-4c76-8e10-1d7ee2fed09a}]
C:\WINDOWS\system32\utuddbyf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDF6C1D2-FCEB-456B-B1FA-D78DE83DD642}]
C:\WINDOWS\system32\geeba.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-11-16 18:04 139264]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-08-31 20:27 1658592]
"Logomulti"="C:\DOCUME~1\Serj\APPLIC~1\BROWSE~1\Mode loud.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"DLCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 14:56 73728]
"dlcgmon.exe"="C:\Program Files\Dell AIO 810\dlcgmon.exe" [2005-10-21 11:42 425984]
"NWEReboot"="" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17 118784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2005-11-14 18:47 110592]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-11-16 16:14 344064]
"AnimatedWallpaper"="C:\Program Files\3d Animated Wallpaper\AnimWallpaper.exe" [ ]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30 152144]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 17:57 36640]
"208c45d4"="C:\WINDOWS\system32\xxiaphvr.dll" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\Serj\Start Menu\Programs\Startup\
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe [2006-01-21 07:41:56 118784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-09-28 11:37:29 24576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 00000000
"NoUserNameInStartMenu"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 18:29]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 17:25]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 19:00:01 C:\WINDOWS\Tasks\A2DBC7C090B8467C.job"
- c:\docume~1\serj\applic~1\browse~1\blue seek wait.exe
"2008-02-18 01:44:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-20 18:56:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-15 22:30:01 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DARKSTAR-Steve).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-02-15 05:24:09 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 05:01:04 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-02-20 18:56:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 15:43:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-20 15:45:10
ComboFix-quarantined-files.txt 2008-02-20 19:45:07
ComboFix2.txt 2008-01-26 21:14:45
.
2008-02-20 14:08:51 --- E O F ---





And this is my HighjackThis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:30 PM, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Documents and Settings\Serj\My Documents\BitTorrent Downloads\Alcohol 120% 1.9.5.4521\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcgcoms.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Serj\Desktop\Spyware killers\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0060928
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9409C592-4615-497F-88A7-DFADEB532F2D} - C:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: {a90def2e-e7d1-01e8-67c4-1e4ac50dd14b} - {b41dd05c-a4e1-4c76-8e10-1d7ee2fed09a} - C:\WINDOWS\system32\utuddbyf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {EDF6C1D2-FCEB-456B-B1FA-D78DE83DD642} - C:\WINDOWS\system32\geeba.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [AnimatedWallpaper] C:\Program Files\3d Animated Wallpaper\AnimWallpaper.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [208c45d4] rundll32.exe "C:\WINDOWS\system32\xxiaphvr.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Logomulti] C:\DOCUME~1\Serj\APPLIC~1\BROWSE~1\Mode loud.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?7b2568cf37e844c3a8819539266af065
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?7b2568cf37e844c3a8819539266af065
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\

--
End of file - 13731 bytes





Thanks again for your help in this :thumbsup:

#8 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:38 PM

Posted 22 February 2008 - 04:21 AM

Hi Serj27,

1. We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

2. Download Findlop by Metallica.
1. Unzip/extract the file and double-click on findlop.bat.
2. The tool will scan your system and create a log named findlop.txt in C:\findlop.txt.
3. Notepad will also open with results.
4. Post the contents of findlop.txt along with fresh hijackthis log in your next reply.

3. Run HijackThis, click Scan and checkmark the following entries:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {9409C592-4615-497F-88A7-DFADEB532F2D} - C:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: {a90def2e-e7d1-01e8-67c4-1e4ac50dd14b} - {b41dd05c-a4e1-4c76-8e10-1d7ee2fed09a} - C:\WINDOWS\system32\utuddbyf.dll (file missing)
O2 - BHO: (no name) - {EDF6C1D2-FCEB-456B-B1FA-D78DE83DD642} - C:\WINDOWS\system32\geeba.dll (file missing)
O4 - HKLM\..\Run: [208c45d4] rundll32.exe "C:\WINDOWS\system32\xxiaphvr.dll",b
O4 - HKCU\..\Run: [Logomulti] C:\DOCUME~1\Serj\APPLIC~1\BROWSE~1\Mode loud.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

4. 1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\44AA50DB4B.sys
C:\WINDOWS\system32\xxiaphvr.dll
C:\DOCUME~1\Serj\APPLIC~1\BROWSE~1\Mode loud.exe
C:\WINDOWS\Tasks\A2DBC7C090B8467C.job
c:\docume~1\serj\applic~1\browse~1\blue seek wait.exe

Folder::
C:\VundoFix Backups
C:\Program Files\PartyGaming.Net


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


5. Download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.
  • Open a command window by going to Start > Run and typing: cmd
  • Copy/paste or type the following in the command window: C:\fsbl.exe /expert
  • Hit "Enter" to start the program and then close the cmd box.
  • Accept the user agreement and click "Next".
  • Click "Scan".
  • After the scan is complete, click "Next", then "Exit".
  • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
  • The log will have a list of all items found. Do not choose to rename any yet!
    I want to see the log first because legitimate items can also be present...like "wbemtest.exe" and "tcptest.exe.
  • Exit Blacklight and post the contents of the log in your next reply.
Pease reboot and post the F-Secure report along with "C:\ComboFix.txt" and a fresh HijackThis log.

#9 Serj27

Serj27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 23 February 2008 - 02:27 AM

Hey Falu,

F-Secure report

02/23/08 02:28:49 [Info]: BlackLight Engine 1.0.67 initialized
02/23/08 02:28:49 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/23/08 02:28:49 [Note]: 7019 4
02/23/08 02:28:49 [Note]: 7005 0
02/23/08 02:28:59 [Note]: 7006 0
02/23/08 02:28:59 [Note]: 7022 0
02/23/08 02:28:59 [Note]: 7011 1708
02/23/08 02:28:59 [Note]: 7026 0
02/23/08 02:29:00 [Note]: 7026 0
02/23/08 02:29:06 [Note]: FSRAW library version 1.7.1024
02/23/08 03:15:43 [Note]: 7007 0


Findlop

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A2DBC7C090B8467C.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\serj\applic~1\browse~1\blue seek wait.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Serj'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 05/22/2007 17:00:00
NextRun: 02/23/2008 2:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/09/2001
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-Task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 02/17/2008 21:44:00
NextRun: 02/24/2008 21:44:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: U......
StartDate: 10/19/2006
EndDate: 00/00/0000
StartTime: 21:44
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Check Updates for Windows Live Toolbar.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 02/23/2008 0:56:00
NextRun: 02/23/2008 1:56:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 11/30/2007
EndDate: 00/00/0000
StartTime: 10:56
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'McAfee.com Scan for Viruses - My Computer (DARKSTAR-Ste
ve).job'
[TRACE] Printing all job properties

ApplicationName: 'c:\program files\mcafee.com\vso\mcmnhdlr.exe'
Parameters: '/runtask:0'
WorkingDirectory: ''
Comment: 'McAfee.com Scan for Viruses - My Computer'
Creator: 'Steve'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 02/29/2008 18:30:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 10/11/2006
EndDate: 00/00/0000
StartTime: 18:30
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'McDefragTask.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
Parameters: '"C:\WINDOWS\system32\defrag.exe" C: -f'
WorkingDirectory: ''
Comment: 'Disk Defragmenter'
Creator: 'Serj'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 02/15/2008 1:00:01
NextRun: 03/15/2008 1:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 15
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 12/16/2007
EndDate: 00/00/0000
StartTime: 01:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'McQcTask.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
Parameters: '14 0'
WorkingDirectory: 'c:\PROGRA~1\mcafee\mqc'
Comment: 'McAfee McAfee QuickClean'
Creator: 'Serj'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 02/01/2008 1:00:01
NextRun: 03/01/2008 1:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 1
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 12/16/2007
EndDate: 00/00/0000
StartTime: 01:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'MP Scheduled Scan.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Windows Defender\MpCmdRun.exe'
Parameters: 'Scan -RestrictPrivileges'
WorkingDirectory: ''
Comment: 'Scheduled Scan'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 02/22/2008 2:16:00
NextRun: 02/23/2008 2:16:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 1
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/21/2008
EndDate: 00/00/0000
StartTime: 02:16
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0




Combofix

ComboFix 08-02-20.2 - Serj 2008-02-23 1:40:20.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.414 [GMT -4:00]
Running from: C:\Documents and Settings\Serj\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Serj\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\docume~1\serj\applic~1\browse~1\blue seek wait.exe
C:\DOCUME~1\Serj\APPLIC~1\BROWSE~1\Mode loud.exe
C:\WINDOWS\system32\44AA50DB4B.sys
C:\WINDOWS\system32\xxiaphvr.dll
C:\WINDOWS\Tasks\A2DBC7C090B8467C.job
File::C:\WINDOWS\system32\tmp.reg
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PartyGaming.Net
C:\Program Files\PartyGaming.Net\images\habeas_webseal.gif
C:\Program Files\PartyGaming.Net\INSTALL.LOG
C:\Program Files\PartyGaming.Net\PartyPokerNet\Images\lhn_bar_prize.jpg
C:\Program Files\PartyGaming.Net\PartyPokerNet\Images\prize_numbers.jpg
C:\Program Files\PartyGaming.Net\PartyPokerNet\Language\en_US\articles\7.html
C:\Program Files\PartyGaming.Net\PartyPokerNet\Language\en_US\articles\8317.atc
C:\Program Files\PartyGaming.Net\PartyPokerNet\Language\en_US\articles\8319.atc
C:\Program Files\PartyGaming.Net\PartyPokerNet\Language\en_US\articles\8445.atc
C:\Program Files\PartyGaming.Net\PartyPokerNet\Language\en_US\articles\8447.atc
C:\Program Files\PartyGaming.Net\PartyPokerNet\Language\en_US\articles\9.html
C:\Program Files\PartyGaming.Net\PartyPokerNet\Notes.txt
C:\Program Files\PartyGaming.Net\PartyPokerNet\tmpUpgrade\upgradepf105-106man.exe
C:\Program Files\PartyGaming.Net\PartyPokerNet\Uninstall.exe
C:\Program Files\PartyGaming.Net\PartyPokerNet\usertab.txt
C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet105-106man.exe
C:\Program Files\PartyGaming.Net\tmpUpgrade\upgradePGNet108-109man.exe
C:\VundoFix Backups
C:\VundoFix Backups\abeeg.ini.bad
C:\VundoFix Backups\abeeg.ini2.bad
C:\VundoFix Backups\geeba.dll.bad
C:\VundoFix Backups\mmllm.ini.bad
C:\VundoFix Backups\mmllm.ini2.bad
C:\VundoFix Backups\utuddbyf.dll.bad
C:\VundoFix Backups\zgovbrjg.dllbox.bad
C:\WINDOWS\system32\44AA50DB4B.sys
C:\WINDOWS\Tasks\A2DBC7C090B8467C.job

.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-22 09:01 . 2008-02-22 09:01 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-20 00:16 . 2008-02-22 01:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-20 00:16 . 2008-02-20 00:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-18 14:14 . 2008-02-18 14:57 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-18 13:34 . 2008-02-18 13:34 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-18 13:34 . 2008-02-18 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-18 03:33 . 2008-02-18 03:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-18 03:33 . 2008-02-18 03:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-14 22:58 . 2008-02-14 22:58 <DIR> d--h----- C:\Documents and Settings\Serj\QMCache00
2008-02-14 22:58 . 2008-02-14 22:58 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\Move Networks
2008-02-10 13:37 . 2008-02-14 18:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-08 23:48 . 2007-06-25 22:30 86,016 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2008-02-08 23:48 . 2007-04-24 19:33 32,768 --a------ C:\WINDOWS\system32\FrogASPI.DLL
2008-02-07 08:05 . 2008-02-07 08:05 <DIR> d-------- C:\WINDOWS\system32\logs
2008-02-06 03:59 . 2008-02-06 03:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-02-05 21:53 . 2008-02-05 21:53 <DIR> d-------- C:\Program Files\VSO
2008-02-05 21:53 . 2008-02-21 20:48 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\Vso
2008-02-05 21:53 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-02-05 21:53 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-02-05 21:53 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-02-05 21:53 . 2008-02-05 21:53 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-05 21:53 . 2008-02-05 21:53 47,360 --a------ C:\Documents and Settings\Serj\Application Data\pcouffin.sys
2008-02-05 17:50 . 2006-10-16 03:10 131,546 --a------ C:\charlize-theron.jpg
2008-02-05 17:38 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-02-05 17:38 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-02-05 17:38 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-02-05 17:38 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
2008-02-05 17:38 . 2008-02-05 17:38 1,024 --a------ C:\.rnd
2008-02-04 13:29 . 2008-02-04 13:29 <DIR> d-------- C:\Documents and Settings\Steve.DARKSTAR\Application Data\Logitech
2008-02-03 18:54 . 2008-02-03 18:54 <DIR> d-------- C:\Program Files\TVUPlayer
2008-02-03 18:54 . 2008-02-03 18:54 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\TVU Networks
2008-02-03 18:14 . 2008-02-03 18:14 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\Logitech
2008-02-03 18:13 . 2008-02-03 18:13 <DIR> d-------- C:\Program Files\Common Files\LogiShared
2008-02-03 17:54 . 2008-02-03 17:54 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-03 17:54 . 2008-02-03 17:54 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-02-03 17:54 . 2008-02-03 17:54 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-02-03 17:53 . 2007-04-11 15:33 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-02-03 17:53 . 2007-04-11 15:32 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-02-03 17:53 . 2007-04-11 15:32 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-02-03 17:53 . 2007-04-11 15:32 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-02-03 17:53 . 2007-04-11 15:33 28,688 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys
2008-02-03 17:52 . 2008-02-03 17:52 <DIR> d-------- C:\Program Files\Logitech
2008-02-03 17:52 . 2008-02-03 17:53 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-02-03 17:52 . 2008-02-03 17:52 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\InstallShield
2008-02-03 17:52 . 2008-02-03 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-03 17:52 . 2008-02-03 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-03 17:52 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-02-03 17:52 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-02-03 17:52 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-02-03 17:52 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-02-03 11:58 . 2008-02-03 19:15 <DIR> d-------- C:\WINDOWS\uninstall
2008-02-03 02:56 . 2008-02-03 02:56 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-30 16:32 . 2008-01-30 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-27 23:30 . 2008-01-28 23:49 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-27 12:34 . 2008-02-18 22:34 72,872 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-01-26 18:26 . 2008-01-26 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-26 17:57 . 2008-01-26 17:57 <DIR> d-------- C:\Program Files\Bonjour
2008-01-26 17:43 . 2008-01-26 17:43 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-26 16:48 . 2008-01-26 16:48 3,638 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-26 15:09 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-26 15:08 . 2008-01-26 15:09 <DIR> d-------- C:\Program Files\Java
2008-01-26 15:08 . 2008-01-26 15:08 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-26 00:06 . 2008-01-26 00:06 <DIR> d-------- C:\Program Files\Paint.NET
2008-01-25 02:24 . 2008-01-25 02:24 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-01-25 01:31 . 2008-01-25 01:31 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-01-25 01:31 . 2008-01-25 01:31 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-25 01:31 . 2008-01-25 01:31 <DIR> d-------- C:\Program Files\Windows Media Components
2008-01-25 00:32 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-01-25 00:32 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-01-25 00:06 . 2008-01-25 00:18 <DIR> d-------- C:\Program Files\Strokeit
2008-01-24 23:53 . 2008-01-24 23:54 <DIR> d-------- C:\Program Files\Rainmeter
2008-01-24 23:13 . 2008-01-25 19:58 <DIR> d-------- C:\Program Files\AvaFind
2008-01-24 23:13 . 2008-01-24 23:16 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\AvaFind Data
2008-01-24 22:48 . 2008-01-24 22:48 <DIR> d-------- C:\Program Files\CCleaner
2008-01-23 17:25 . 2008-01-23 17:25 27,136 --a------ C:\WINDOWS\system32\drivers\tapvpn.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 05:36 --------- d-----w C:\Documents and Settings\Serj\Application Data\uTorrent
2008-02-23 05:05 --------- d-----w C:\Program Files\Incomplete
2008-02-23 05:02 --------- d-----w C:\Program Files\LimeWire
2008-02-22 13:01 --------- d-----w C:\Program Files\McAfee
2008-02-18 07:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-15 03:56 --------- d-----w C:\Program Files\Dl_cats
2008-02-14 01:50 --------- d-----w C:\Program Files\Trillian
2008-02-03 21:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 16:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-02 14:40 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-02-02 14:40 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-02 14:40 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-29 03:41 --------- d-----w C:\Documents and Settings\Serj\Application Data\AdobeUM
2008-01-22 03:46 --------- d-----w C:\Program Files\Microsoft Games
2008-01-20 05:34 --------- d-----w C:\Documents and Settings\Serj\Application Data\SiteAdvisor
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-09 19:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-09 04:19 --------- d-----w C:\Documents and Settings\Serj\Application Data\Ahead
2008-01-09 03:22 --------- d-----w C:\Documents and Settings\Serj\Application Data\Nero
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 15:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:21 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 05:02 2,486,784 ----a-w C:\WINDOWS\system32\AnipUninst1.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-08-09 02:03 124 ----a-w C:\Documents and Settings\Serj\Application Data\wklnhst.dat
2007-05-01 21:19 1,132,112 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-04-23 21:03 1 ----a-w C:\Documents and Settings\Serj\SI.bin
2002-07-26 21:02 153,088 ----a-w C:\WINDOWS\Fonts\UNWISE.EXE
2007-06-18 17:56 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-11-16 18:04 139264]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-08-31 20:27 1658592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"DLCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 14:56 73728]
"dlcgmon.exe"="C:\Program Files\Dell AIO 810\dlcgmon.exe" [2005-10-21 11:42 425984]
"NWEReboot"="" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17 118784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2005-11-14 18:47 110592]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-11-16 16:14 344064]
"AnimatedWallpaper"="C:\Program Files\3d Animated Wallpaper\AnimWallpaper.exe" [ ]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30 152144]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 17:57 36640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\Serj\Start Menu\Programs\Startup\
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe [2006-01-21 07:41:56 118784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-09-28 11:37:29 24576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 00000000
"NoUserNameInStartMenu"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
S2 0115381203685300mcinstcleanup;McAfee Application Installer Cleanup (0115381203685300);C:\WINDOWS\TEMP\011538~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 18:29]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 17:25]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-18 01:44:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-23 04:56:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-22 22:30:01 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DARKSTAR-Steve).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-02-15 05:24:09 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 05:01:04 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-02-22 06:16:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 01:45:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-23 1:46:39
ComboFix-quarantined-files.txt 2008-02-23 05:46:36
ComboFix2.txt 2008-02-20 19:45:11
ComboFix3.txt 2008-01-26 21:14:45
.
2008-02-22 05:14:37 --- E O F ---



HijackThis Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:59 AM, on 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Documents and Settings\Serj\My Documents\BitTorrent Downloads\Alcohol 120% 1.9.5.4521\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Documents and Settings\Serj\Desktop\Spyware killers\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0060928
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [AnimatedWallpaper] C:\Program Files\3d Animated Wallpaper\AnimWallpaper.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-2999231879-703145174-3309079590-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2999231879-703145174-3309079590-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2999231879-703145174-3309079590-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2999231879-703145174-3309079590-1008\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized (User '?')
O4 - HKUS\S-1-5-21-2999231879-703145174-3309079590-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2999231879-703145174-3309079590-1008\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User '?')
O4 - S-1-5-21-2999231879-703145174-3309079590-1008 Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Steve\My Documents\LimeWire\LimeWire.exe (User '?')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?7b2568cf37e844c3a8819539266af065
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?7b2568cf37e844c3a8819539266af065
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: McAfee Application Installer Cleanup (0198121203748040) (0198121203748040mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\019812~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\

--
End of file - 14039 bytes

#10 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:38 PM

Posted 23 February 2008 - 05:54 PM

Hi Serj27, :thumbsup:

Logs are looking better since the malware appears to be gone. How are things running now?

1. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following file in bold:

C:\WINDOWS\system32\tmp.reg

2. Would like to check something so download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

3. Run HijackThis again, click the Config... button, then go to the Misc Tools section and click Open Uninstall Manager. You'll see a list of programs; click on Save List...

The file "uninstall_list.txt" will be created. Copy and paste the contents of this file to your next reply.

Please post the uninstall_list.txt along with the Smitfraud report and let me know how things are running now.

#11 Serj27

Serj27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 23 February 2008 - 08:56 PM

Hey Falu :thumbsup:,

Things seem to be running fine now thanks to you :blink:

Here is my uninstall_list.txt

µTorrent
ABBYY FineReader 6.0 Sprint
AC3Filter (remove only)
Ad-Aware 2007
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.0.9
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AGEIA PhysX v6.10.25
Apple Software Update
Ava Find
AVIcodec (remove only)
CCleaner (remove only)
CDDRV_Installer
Conexant D850 56K V.9x DFVc Modem
ConvertXtoDVD 2.2.3.258h
Dell AIO 810
Dell Driver Reset Tool
Diablo II
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
Final Fantasy VII - Ultima Edition
Flash Player Pro V3.1
Fraps (remove only)
Google Earth
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Image Resizer Powertoy for Windows XP
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Jasc Paint Shop Photo Album 5
Java™ 6 Update 4
KhalInstallWrapper
LimeWire 4.12.6
LiveUpdate 2.6 (Symantec Corporation)
Logitech Registration
Logitech SetPoint
Magnifier Powertoy for Windows XP
McAfee SecurityCenter
McAfee Uninstaller
MCU
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Halo Trial
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Helper
Mozilla Firefox (2.0.0.12)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Nero 7 Ultra Edition
NetWaiting
Norton Spyware Scan provided by Yahoo!
Paint.NET v3.22
PDF Settings
PokerStars.net
Project64 1.6
PS to USB convert cable
QuickTime
Rainmeter (remove only)
Real Alternative 1.51
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Smart Menus (Windows Live Toolbar)
Snes9x
Sonic Activation Module
Sonic Update Manager
Spybot - Search & Destroy
Starcraft
Tabbed Browsing (Windows Live Toolbar)
Timershot Powertoy for Windows XP
Trillian
TVUPlayer 2.3.3.2
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
URL Assistant
USB2.0 PC Camera (SN9C201&202)
VideoLAN VLC media player 0.8.5
Virtual Desktop Manager Powertoy for Windows XP
Windows Defender
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Messenger 5.1
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinPcap 3.1
WinRAR archiver
World of Warcraft



And my Smitfraud report



SmitFraudFix v2.274

Scan done at 21:47:49.64, 23/02/2008
Run from C:\Documents and Settings\Serj\Desktop\Spyware killers\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Documents and Settings\Serj\My Documents\BitTorrent Downloads\Alcohol 120% 1.9.5.4521\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Serj\My Documents\utorrent.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Serj


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Serj\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Serj\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 64.71.255.198

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5AFD3F63-0BE6-4CC9-B948-B2AB0BAC45E3}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5AFD3F63-0BE6-4CC9-B948-B2AB0BAC45E3}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5AFD3F63-0BE6-4CC9-B948-B2AB0BAC45E3}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#12 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:38 PM

Posted 24 February 2008 - 03:23 AM

Hi Serj27, :thumbsup:

Sorry but forgot to ask for a fresh HijackThis log. :blink:

#13 Serj27

Serj27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 24 February 2008 - 04:31 AM

Hey Falu,

It's no problem at all :thumbsup:

Here is my latest HijackThis log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:25 AM, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Documents and Settings\Serj\My Documents\BitTorrent Downloads\Alcohol 120% 1.9.5.4521\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Rainmeter\Rainmeter.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Serj\Desktop\Spyware killers\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0060928
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [AnimatedWallpaper] C:\Program Files\3d Animated Wallpaper\AnimWallpaper.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?7b2568cf37e844c3a8819539266af065
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?7b2568cf37e844c3a8819539266af065
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: McAfee Application Installer Cleanup (0198121203748040) (0198121203748040mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\019812~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\

--
End of file - 13134 bytes

#14 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:38 PM

Posted 26 February 2008 - 12:33 PM

Hi Serj27, :thumbsup:

Things seem to be running fine now


Well that's good to hear!!

1. Okay your uninstall list shows some applications you need to reconsider:

> Limewire 4.12.6 and µTorrent may be legitimate and clean versions of P2P applications but take a look at these articles:

ID THIEVES' NEW HANGOUT: FILE-SHARING SOFTWARE and
Risks of File-Sharing Technology

and be warned.

> As you can see PokerStars.net is considered an unwanted program. The reason is that PokerStars and such programmes are often supported by malware and get installed without consent.

If you installed it yourself and wish to use it then let it be.

Okay so it's up to you but if you want to get rid of them:

Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall one or more of the following programs:

Limewire 4.12.6
µTorrent
PokerStars.net

2. You have Messenger Plus! Live & Sponsor (CiD) installed. The sponsor is a form of LOP, which is a large part of what we just cleaned up. Does Messenger Plus! work correctly now? Many times the main applications will be disabled when you remove the sponsor.

Even though MP can be installed without the Sponsor, I recommend you uninstall MP and find another IM client. If you really want to use MP, you can either leave it as is if it is working correctly, or reinstall it without the sponsor. A re-install would be better so you would have a correct entry in Add/Remove programs.

Since we have just removed the sponsor program (LOP), you may receive some message that it is no longer there to be uninstalled if you decide to do this. You should be able to uninstall the rest of MP, but if you have any problems let me know. You can also follow the instruction in the MP FAQ's but at this point I advise against reinstalling the program with sponsor and then uninstalling the sponsor that is mentioned in the FAQ.

3. Be sure to reboot, if you didn't allready after uninstalling one or more of the above programms.

4. You have a few leftovers from previously installed programs, so please do the following for a bit of housekeeping:

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys

Driver::
epfwtdir
StarWindService


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Please post "C:\ComboFix.txt" along with a fresh HijackThis log.

#15 Serj27

Serj27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 26 February 2008 - 09:47 PM

hey Falu :thumbsup:

Messenger Plus seems to be working fine, the same as it was before.


Here is my combofix log


ComboFix 08-02-20.2 - Serj 2008-02-26 22:16:05.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.449 [GMT -4:00]
Running from: C:\Documents and Settings\Serj\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Serj\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\DRIVERS\epfwtdir.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_EPFWTDIR
-------\LEGACY_STARWINDSERVICE
-------\epfwtdir
-------\StarWindService


((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-24 21:45 . 2008-02-24 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-23 21:47 . 2008-02-23 21:47 3,458 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-23 02:26 . 2008-02-23 02:26 916,072 --a------ C:\fsbl.exe
2008-02-18 14:14 . 2008-02-18 14:57 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-18 13:34 . 2008-02-18 13:34 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-18 13:34 . 2008-02-18 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-18 03:33 . 2008-02-18 03:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-18 03:33 . 2008-02-18 03:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-14 22:58 . 2008-02-14 22:58 <DIR> d--h----- C:\Documents and Settings\Serj\QMCache00
2008-02-14 22:58 . 2008-02-14 22:58 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\Move Networks
2008-02-10 13:37 . 2008-02-14 18:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-08 23:48 . 2007-06-25 22:30 86,016 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2008-02-08 23:48 . 2007-04-24 19:33 32,768 --a------ C:\WINDOWS\system32\FrogASPI.DLL
2008-02-07 08:05 . 2008-02-07 08:05 <DIR> d-------- C:\WINDOWS\system32\logs
2008-02-06 03:59 . 2008-02-06 03:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-02-05 21:53 . 2008-02-05 21:53 <DIR> d-------- C:\Program Files\VSO
2008-02-05 21:53 . 2008-02-21 20:48 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\Vso
2008-02-05 21:53 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-02-05 21:53 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-02-05 21:53 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-02-05 21:53 . 2008-02-05 21:53 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-05 21:53 . 2008-02-05 21:53 47,360 --a------ C:\Documents and Settings\Serj\Application Data\pcouffin.sys
2008-02-05 17:50 . 2006-10-16 03:10 131,546 --a------ C:\charlize-theron.jpg
2008-02-05 17:38 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-02-05 17:38 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-02-05 17:38 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-02-05 17:38 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
2008-02-05 17:38 . 2008-02-05 17:38 1,024 --a------ C:\.rnd
2008-02-04 13:29 . 2008-02-04 13:29 <DIR> d-------- C:\Documents and Settings\Steve.DARKSTAR\Application Data\Logitech
2008-02-03 18:54 . 2008-02-03 18:54 <DIR> d-------- C:\Program Files\TVUPlayer
2008-02-03 18:54 . 2008-02-03 18:54 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\TVU Networks
2008-02-03 18:14 . 2008-02-03 18:14 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\Logitech
2008-02-03 18:13 . 2008-02-03 18:13 <DIR> d-------- C:\Program Files\Common Files\LogiShared
2008-02-03 17:54 . 2008-02-03 17:54 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-03 17:54 . 2008-02-03 17:54 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-02-03 17:54 . 2008-02-03 17:54 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-02-03 17:53 . 2007-04-11 15:33 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-02-03 17:53 . 2007-04-11 15:32 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-02-03 17:53 . 2007-04-11 15:32 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-02-03 17:53 . 2007-04-11 15:32 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-02-03 17:53 . 2007-04-11 15:33 28,688 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys
2008-02-03 17:52 . 2008-02-03 17:52 <DIR> d-------- C:\Program Files\Logitech
2008-02-03 17:52 . 2008-02-03 17:53 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-02-03 17:52 . 2008-02-03 17:52 <DIR> d-------- C:\Documents and Settings\Serj\Application Data\InstallShield
2008-02-03 17:52 . 2008-02-03 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-03 17:52 . 2008-02-03 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-03 17:52 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-02-03 17:52 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-02-03 17:52 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-02-03 17:52 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-02-03 11:58 . 2008-02-03 19:15 <DIR> d-------- C:\WINDOWS\uninstall
2008-02-03 02:56 . 2008-02-03 02:56 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-30 16:32 . 2008-01-30 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-27 23:30 . 2008-01-28 23:49 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-27 12:34 . 2008-02-18 22:34 72,872 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 02:23 --------- d-----w C:\Program Files\McAfee
2008-02-27 02:13 --------- d-----w C:\Documents and Settings\Serj\Application Data\uTorrent
2008-02-27 01:48 --------- d-----w C:\Program Files\Incomplete
2008-02-27 01:32 --------- d-----w C:\Program Files\LimeWire
2008-02-25 01:45 --------- d-----w C:\Program Files\Apple Software Update
2008-02-18 07:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-15 03:56 --------- d-----w C:\Program Files\Dl_cats
2008-02-14 01:50 --------- d-----w C:\Program Files\Trillian
2008-02-06 13:51 171,400 ----a-w C:\WINDOWS\system32\drivers\mfehidk.sys
2008-02-03 21:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 16:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-02 14:40 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-01-29 03:41 --------- d-----w C:\Documents and Settings\Serj\Application Data\AdobeUM
2008-01-26 22:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-26 21:57 --------- d-----w C:\Program Files\Bonjour
2008-01-26 21:43 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-26 19:09 --------- d-----w C:\Program Files\Java
2008-01-26 19:08 --------- d-----w C:\Program Files\Common Files\Java
2008-01-26 04:06 --------- d-----w C:\Program Files\Paint.NET
2008-01-25 23:58 --------- d-----w C:\Program Files\AvaFind
2008-01-25 05:31 --------- d-----w C:\Program Files\Windows Media Components
2008-01-25 04:18 --------- d-----w C:\Program Files\Strokeit
2008-01-25 03:54 --------- d-----w C:\Program Files\Rainmeter
2008-01-25 03:16 --------- d-----w C:\Documents and Settings\Serj\Application Data\AvaFind Data
2008-01-25 02:48 --------- d-----w C:\Program Files\CCleaner
2008-01-23 21:25 27,136 ----a-w C:\WINDOWS\system32\drivers\tapvpn.sys
2008-01-22 03:46 --------- d-----w C:\Program Files\Microsoft Games
2008-01-20 05:34 --------- d-----w C:\Documents and Settings\Serj\Application Data\SiteAdvisor
2008-01-09 19:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-09 04:19 --------- d-----w C:\Documents and Settings\Serj\Application Data\Ahead
2008-01-09 03:22 --------- d-----w C:\Documents and Settings\Serj\Application Data\Nero
2007-08-09 02:03 124 ----a-w C:\Documents and Settings\Serj\Application Data\wklnhst.dat
2007-05-01 21:19 1,132,112 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-04-23 21:03 1 ----a-w C:\Documents and Settings\Serj\SI.bin
2002-07-26 21:02 153,088 ----a-w C:\WINDOWS\Fonts\UNWISE.EXE
2007-06-18 17:56 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-11-16 18:04 139264]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-08-31 20:27 1658592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"DLCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 14:56 73728]
"dlcgmon.exe"="C:\Program Files\Dell AIO 810\dlcgmon.exe" [2005-10-21 11:42 425984]
"NWEReboot"="" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17 118784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2005-11-14 18:47 110592]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-11-16 16:14 344064]
"AnimatedWallpaper"="C:\Program Files\3d Animated Wallpaper\AnimWallpaper.exe" [ ]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30 152144]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 17:57 36640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-04 06:00 388608]

C:\Documents and Settings\Serj\Start Menu\Programs\Startup\
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe [2006-01-21 07:41:56 118784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-09-28 11:37:29 24576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 00000000
"NoUserNameInStartMenu"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 18:29]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 17:25]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-25 01:56:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-27 01:56:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-22 22:30:01 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DARKSTAR-Steve).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-02-15 05:24:09 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 05:01:04 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-02-27 02:26:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 22:29:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\dlcgcoms.exe
.
**************************************************************************
.
Completion time: 2008-02-26 22:33:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-27 02:33:51
ComboFix2.txt 2008-02-23 05:46:40
ComboFix3.txt 2008-02-20 19:45:11
ComboFix4.txt 2008-01-26 21:14:45
.
2008-02-22 05:14:37 --- E O F ---



And my fresh HijackThis log.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:29 PM, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Serj\Desktop\Spyware killers\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0060928
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [AnimatedWallpaper] C:\Program Files\3d Animated Wallpaper\AnimWallpaper.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?7b2568cf37e844c3a8819539266af065
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?7b2568cf37e844c3a8819539266af065
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 12638 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users