Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Receive Error Messages When Downloading .avis


  • This topic is locked This topic is locked
7 replies to this topic

#1 applesauce1234

applesauce1234

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:28 AM

Posted 27 January 2008 - 03:40 PM

Hi

I was referred to here from "Am I infected? What do I do?" I had posted in here earlier, but was moved to "Am I Infected..." But as I said, I was referred here, so hopefully this is the right forum for me.

An annoying thing keeps happening. I will download videos (primarily .avi) from torrent sites, and when I open the folder that contains the files, an error message will come up. Downloading other types of files, such as .mp3s does not seem to produce the error.

I use BitTorrent 6.0.1 and www.torrentreactor.net, although I have used other programs and torrent sites, but the result is the same...

This only seems to happen when I download torrents of videos. There can be one .avi file in a folder, and after two seconds an error message will come up with three options, "OK", "Copy to Clipboard" and "Submit Report"... the text of the error msg is at the end of my post (it is long). The error messages are relentless, and will keep on popping up every second or so, after I click OK. Usually I just have to Ctrl-Alt-Del, and shutdown the not responding folder.

I can view and move the contents of the folders if I use another program, such as GOM player. I will go into GOM player and click open file, and then I can browse the contents of the folders. There, I am even able to cut and paste them to new folders, and no error msgs will appear. Yet if I try to do this just using My Computer, the error msgs will appear.

I checked with AdAware and SpyBot and they found nothing... AVG antivirus, and antispyware found nothing, nor did the McAfee Stinger program... I use Kerio Sunbelt Firewall (the free version)... I have Windows XP, and the Windows Defender tool found nothing too... I checked with BitDefender, and it found nothing.

I updated windows, but was unable to install Microsoft .NET Framework 2.0 Service Pack 1, nor could I install version 3.0... i tried it several times, but it just kept saying that it could not install... rebooted, and still the same thing... all the other updates seemed to install.

Below is the HJT logfile, and underneath that is the error msg that I receive (its long)... Any ideas?? Thanks!

Here is the HJT logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:54 PM, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AlfaClock\AlfaClock.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\NetFx20SP1_x86.exe
c:\a165e5d38f5e72722eed\setup.exe
C:\WINDOWS\system32\msiexec.exe
c:\WINDOWS\system32\MsiExec.exe
c:\WINDOWS\system32\MsiExec.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Program Files\CDBurnerXP Pro 3\cdbxp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 127.0.1.254 stlupdate.rs4u.com #rs4u_uninstall_mark
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Program Files\AlfaClock\AlfaClock.exe" /startup
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: AlfaClock.lnk = C:\Program Files\AlfaClock\AlfaClock.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://applesaucedelight.spaces.live.com//...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maps.city.peterborough.on.ca/MapGui...13/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124729924656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141870139125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by114fd.bay114.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (P) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - http://www.mgforums.com/forums/images/smilies/banana.gif

--
End of file - 9946 bytes


ERROR MSG BELOW:

OS: Windows XP Home Edition, SP2
CPU: GenuineIntel, Intel Pentium 4, MMX @ 0 MHz

Application data:
VmVyc2lvbjogV2xGQlhVSlFWRlphUkU1RFJrTlZKQ2xTT3lRN1ZpQXN
BQWRWUHlFOEl6QnpaSHQrZHpNa0lqc2tJelpGY25SOWVHcC9SemM3Uj
NKNGIzRkRNUT09DQpJbWFnZUJhc2U6IDBCOTEwMDAwDQpFaXA6IDY1Q
jk3RDANCkVheDogQTAzMDAwMA0KRWN4OiBDMjM1NjE4DQpFZHg6IDAN
CkVieDogMA0KRXNpOiBDMjM1NTYwDQpFZGk6IDlGRDAwMDANCkVicDo
gNDk2RTY0Qw0KRXNwOiA0OTZFNTIwDQotMQ0KQ29kZSA9IFsyMDRdDQ
otIDANCi0gMjA0DQotIDIyNw0KLSAwDQotIFtdDQo+IEM6XFdJTkRPV
1NcZXhwbG9yZXIuZXhlDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbnRk
bGwuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJca2VybmVsMzIuZGx
sDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQURWQVBJMzIuZGxsDQo+IE
M6XFdJTkRPV1Ncc3lzdGVtMzJcUlBDUlQ0LmRsbA0KPiBDOlxXSU5ET
1dTXHN5c3RlbTMyXEJST1dTRVVJLmRsbA0KPiBDOlxXSU5ET1dTXHN5
c3RlbTMyXEdESTMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFV
TRVIzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxtc3ZjcnQuZG
xsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcb2xlMzIuZGxsDQo+IEM6X
FdJTkRPV1Ncc3lzdGVtMzJcU0hMV0FQSS5kbGwNCj4gQzpcV0lORE9X
U1xzeXN0ZW0zMlxPTEVBVVQzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN
0ZW0zMlxTSERPQ1ZXLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE
NSWVBUMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTVNBU04xL
mRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXENSWVBUVUkuZGxsDQo+
IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV0lOVFJVU1QuZGxsDQo+IEM6XFd
JTkRPV1Ncc3lzdGVtMzJcSU1BR0VITFAuZGxsDQo+IEM6XFdJTkRPV1
Ncc3lzdGVtMzJcTkVUQVBJMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzd
GVtMzJcV0lOSU5FVC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxO
b3JtYWxpei5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxpZXJ0dXR
pbC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxXTERBUDMyLmRsbA
0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFZFUlNJT04uZGxsDQo+IEM6X
FdJTkRPV1Ncc3lzdGVtMzJcU0hFTEwzMi5kbGwNCj4gQzpcV0lORE9X
U1xzeXN0ZW0zMlxVeFRoZW1lLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3R
lbTMyXFNoaW1FbmcuZGxsDQo+IEM6XFdJTkRPV1NcQXBwUGF0Y2hcQW
NHZW5yYWwuRExMDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV0lOTU0uZ
GxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTVNBQ00zMi5kbGwNCj4g
QzpcV0lORE9XU1xzeXN0ZW0zMlxVU0VSRU5WLmRsbA0KPiBDOlxXSU5
ET1dTXHN5c3RlbTMyXElNTTMyLkRMTA0KPiBDOlxXSU5ET1dTXFdpbl
N4U1x4ODZfTWljcm9zb2Z0LldpbmRvd3MuQ29tbW9uLUNvbnRyb2xzX
zY1OTViNjQxNDRjY2YxZGZfNi4wLjI2MDAuMjk4Ml94LXd3X2FjM2Y5
YzAzXGNvbWN0bDMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGN
vbWN0bDMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE1TQ1RGLm
RsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGFwcGhlbHAuZGxsDQo+I
EM6XFdJTkRPV1Ncc3lzdGVtMzJcbXNjdGZpbWUuaW1lDQo+IEM6XFdJ
TkRPV1Ncc3lzdGVtMzJcQ0xCQ0FUUS5ETEwNCj4gQzpcV0lORE9XU1x
zeXN0ZW0zMlxDT01SZXMuZGxsDQo+IEM6XFdJTkRPV1NcU3lzdGVtMz
JcY3NjdWkuZGxsDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcQ1NDRExML
mRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXHRoZW1ldWkuZGxsDQo+
IEM6XFdJTkRPV1Ncc3lzdGVtMzJcU2VjdXIzMi5kbGwNCj4gQzpcV0l
ORE9XU1xzeXN0ZW0zMlxNU0lNRzMyLmRsbA0KPiBDOlxXSU5ET1dTXH
N5c3RlbTMyXHhwc3AycmVzLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3Rlb
TMyXGFjdHhwcnh5LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG1z
dXRiLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXExJTktJTkZPLmR
sbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG50c2hydWkuZGxsDQo+IE
M6XFdJTkRPV1Ncc3lzdGVtMzJcQVRMLkRMTA0KPiBDOlxXSU5ET1dTX
HN5c3RlbTMyXGllZnJhbWUuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVt
MzJcUFNBUEkuRExMDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcdXJsbW9
uLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG1zaS5kbGwNCj4gQz
pcV0lORE9XU1xzeXN0ZW0zMlxNTEFORy5kbGwNCj4gQzpcV0lORE9XU
1xzeXN0ZW0zMlxXSU5TVEEuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVt
MzJcd2ViY2hlY2suZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcU0V
UVVBBUEkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcc3RvYmplY3
QuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQmF0TWV0ZXIuZGxsD
Qo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcUE9XUlBST0YuZGxsDQo+IEM6
XFdJTkRPV1Ncc3lzdGVtMzJcV1RTQVBJMzIuZGxsDQo+IEM6XFdJTkR
PV1Ncc3lzdGVtMzJcV1BEU2hTZXJ2aWNlT2JqLmRsbA0KPiBDOlxXSU
5ET1dTXHN5c3RlbTMyXFdJTkhUVFAuZGxsDQo+IEM6XFdJTkRPV1Ncc
3lzdGVtMzJcbXlkb2NzLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMy
XFBvcnRhYmxlRGV2aWNlVHlwZXMuZGxsDQo+IEM6XFdJTkRPV1Ncc3l
zdGVtMzJcUG9ydGFibGVEZXZpY2VBcGkuZGxsDQo+IEM6XFdJTkRPV1
Ncc3lzdGVtMzJcd2RtYXVkLmRydg0KPiBDOlxXSU5ET1dTXHN5c3Rlb
TMyXG1zYWNtMzIuZHJ2DQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbWlk
aW1hcC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxORVRTSEVMTC5
kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxydHV0aWxzLmRsbA0KPi
BDOlxXSU5ET1dTXHN5c3RlbTMyXGNyZWR1aS5kbGwNCj4gQzpcV0lOR
E9XU1xzeXN0ZW0zMlxXUzJfMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lz
dGVtMzJcV1MySEVMUC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlx
pcGhscGFwaS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxjdGFnZW
50LmRsbA0KDQpDcmVhdGl2ZSBUZWNobm9sb2d5IEx0ZA0KY3RhZ2Vud
A0KMSwgMCwgMCwgMTINCmN0YWdlbnQNCkNvcHlyaWdodCCpIDIwMDIt
MjAwNA0KY3RhZ2VudC5kbGwNCjEsIDAsIDAsIDEyDQogIGN0YWdlbnQ
NCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG1zbGJ1aS5kbGwNCj4gQz
pcV0lORE9XU1xzeXN0ZW0zMlxicm93c2VsYy5kbGwNCj4gQzpcV0lOR
E9XU1xzeXN0ZW0zMlxEVVNFUi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0
ZW0zMlxtc2Ntcy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxXSU5
TUE9PTC5EUlYNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxpY20zMi5kbG
wNCg0KTWljcm9zb2Z0IENvcnBvcmF0aW9uDQpNaWNyb3NvZnQgQ29sb
3IgTWFuYWdlbWVudCBNb2R1bGUgKENNTSkNCjUuMS4yNjAwLjI3MDkg
KHhwc3Bfc3AyX2dkci4wNTA2MjgtMTUxOCkNCklDTTMyLkRMTA0KQ29
weXJpZ2h0IKkxOTk1LTE5OTcgSGVpZGVsYmVyZ2VyIERydWNrbWFzY2
hpbmVuIEFHDQpJQ00zMi5ETEwNCjUuMS4yNjAwLjI3MDkNCk1pY3Jvc
29mdK4gV2luZG93c64gT3BlcmF0aW5nIFN5c3RlbQ0KDQo+IEM6XFdJ
TkRPV1Ncc3lzdGVtMzJcY29tZGxnMzIuZGxsDQo+IEM6XFdJTkRPV1N
cc3lzdGVtMzJcZGRyYXcuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMz
JcRENJTUFOMzIuZGxsDQo+IEM6XFByb2dyYW0gRmlsZXNcQ29tbW9uI
EZpbGVzXEFoZWFkXERTRmlsdGVyXG1zdmNwNzEuZGxsDQo+IEM6XFBy
b2dyYW0gRmlsZXNcQ29tbW9uIEZpbGVzXEFoZWFkXERTRmlsdGVyXE1
TVkNSNzEuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcd3NvY2szMi
5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1xDb21tb24gRmlsZXNcQWhlY
WRcTGliXEFkdnJDbnRyMi5kbGwNCg0KTmVybyBBRw0KQWR2ckNudHIg
TW9kdWxlDQo1LDE2LDEsIDkwMDANCkFkdnJDbnRyDQpDb3B5cmlnaHQ
gMjAwNiBOZXJvIEFHIGFuZCBpdHMgbGljZW5zb3JzDQpBZHZyQ250ci
5ETEwNCjUsMTYsMSwgOTAwMA0KQWR2ckNudHIgTW9kdWxlDQoNCj4gQ
zpcV0lORE9XU1xzeXN0ZW0zMlxGYXVsdHJlcC5kbGwNCj4gQzpcV0lO
RE9XU1xzeXN0ZW0zMlxNRkM3MS5ETEwNCj4gQzpcUHJvZ3JhbSBGaWx
lc1xOZXJvXE5lcm8gN1xOZXJvIEJhY2tJdFVwXE5CU2hlbGwuZGxsDQ
pDcmVhdGUgYmFja3VwcyBvZiBzZWxlY3RlZCBmaWxlcy9mb2xkZXJzL
3BhcnRpdGlvbnMvY29tcGxldGUgaGFyZCBkaXNrIHRvIGhhcmQgZGlz
aywgbmV0d29yayBkcml2ZSwgQ0QvRFZEIG9yIEZUUC4NCk5lcm8gQUc
NCk5lcm8gQmFja0l0VXANCjIsIDcsIDIsIDANCk5lcm8gQmFja0l0VX
ANCkNvcHlyaWdodCAoYykgMTk5NS0yMDA2IE5lcm8gQUcgYW5kIGl0c
yBsaWNlbnNvcnMNCk5CU2hlbGwuZGxsDQoyLCA3LCAyLCAwDQpOZXJv
IEJhY2tJdFVwDQoyLCA3LCAyLCAwDQoNCj4gQzpcUHJvZ3JhbSBGaWx
lc1xOZXJvXE5lcm8gN1xOZXJvIEJhY2tJdFVwXE1GQzcxVS5ETEwNCj
4gQzpcUFJPR1JBfjFcV2luWmlwXFdaU0hMU1RCLkRMTA0KU3RyaW5nR
mlsZUluZm86IFUuUy4gRW5nbGlzaA0KV2luWmlwIENvbXB1dGluZywg
SW5jLg0KV2luWmlwIFNoZWxsIEV4dGVuc2lvbiBETEwNCjMuMCAoMzI
tYml0KQ0KV1pTVFVCU0UuRExMDQpDb3B5cmlnaHQgKGMpIFdpblppcC
BDb21wdXRpbmcsIEluYy4gMTk5MS0yMDAwIC0gQWxsIFJpZ2h0cyBSZ
XNlcnZlZA0KV2luWmlwIGlzIGEgcmVnaXN0ZXJlZCB0cmFkZW1hcmsg
b2YgV2luWmlwIENvbXB1dGluZywgSW5jDQpXWlNUVUJTRS5ETEwNCjg
uMCAgKDMwODEpDQpXaW5aaXANCg0KPiBDOlxQcm9ncmFtIEZpbGVzXF
dpblJBUlxyYXJleHQuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcb
nZjcGwuZGxsDQoNCk5WSURJQSBDb3Jwb3JhdGlvbg0KTlZJRElBIERp
c3BsYXkgUHJvcGVydGllcyBFeHRlbnNpb24NCjYuMTQuMTAuNjY5Mw0
KTnZDcGwNCihDKSBOVklESUEgQ29ycG9yYXRpb24uIEFsbCByaWdodH
MgcmVzZXJ2ZWQuDQpOVkNQTC5ETEwNCjYuMTQuMTAuNjY5Mw0KTlZJR
ElBIENvbXBhdGlibGUgV2luZG93cyAyMDAwIERpc3BsYXkgZHJpdmVy
LCBWZXJzaW9uIDY2LjkzIA0KDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJ
cT0xFQUNDLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE1TVkNQNj
AuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTlRNQVJUQS5ETEwNC
j4gQzpcV0lORE9XU1xzeXN0ZW0zMlxTQU1MSUIuZGxsDQo+IEM6XFdJ
TkRPV1Ncc3lzdGVtMzJcaWdmeHBwaC5kbGwNCg0KSW50ZWwgQ29ycG9
yYXRpb24NCmlnZnhwcGggTW9kdWxlDQozLjAuMC40Mzk2DQpJR0ZYUF
BIDQpDb3B5cmlnaHQgMTk5OS0yMDA0LCBJbnRlbCBDb3Jwb3JhdGlvb
g0KSUdGWFBQSC5ETEwNCjcuMC4wLjQzOTYNCkludGVsKFIpIENvbW1v
biBVc2VyIEludGVyZmFjZQ0KDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJ
caGNjdXRpbHMuRExMDQoNCkludGVsIENvcnBvcmF0aW9uDQpoY2N1dG
lscyBNb2R1bGUNCjMuMC4wLjQzOTYNCkhDQ1VUSUxTDQpDb3B5cmlna
HQgMTk5OS0yMDA0LCBJbnRlbCBDb3Jwb3JhdGlvbg0KSENDVVRJTFMu
RExMDQo3LjAuMC40Mzk2DQpJbnRlbChSKSBDb21tb24gVXNlciBJbnR
lcmZhY2UNCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGlnZnhyZXMuZG
xsDQoNCkludGVsIENvcnBvcmF0aW9uDQppZ2Z4cmVzIE1vZHVsZQ0KM
y4wLjAuNDM5Ng0KSUdGWFJFUw0KQ29weXJpZ2h0IDE5OTktMjAwNCwg
SW50ZWwgQ29ycG9yYXRpb24NCklHRlhSRVMuRExMDQo3LjAuMC40Mzk
2DQpJbnRlbChSKSBDb21tb24gVXNlciBJbnRlcmZhY2UNCg0KPiBDOl
xXSU5ET1dTXHN5c3RlbTMyXGlnZnhyZXNzLmRsbA0KDQpJbnRlbCBDb
3Jwb3JhdGlvbg0KaWdmeHJlc3MgTW9kdWxlDQozLjAuMC40Mzk2DQpJ
R0ZYUkVTUw0KQ29weXJpZ2h0IDE5OTktMjAwNCwgSW50ZWwgQ29ycG9
yYXRpb24NCklHRlhSRVNTLkRMTA0KNy4wLjAuNDM5Ng0KSW50ZWwoUi
kgQ29tbW9uIFVzZXIgSW50ZXJmYWNlDQoNCj4gQzpcV0lORE9XU1xze
XN0ZW0zMlxpZ2Z4c3J2Yy5kbGwNCg0KSW50ZWwgQ29ycG9yYXRpb24N
CmlnZnhzcnZjIE1vZHVsZQ0KMy4wLjAuNDM5Ng0KSUdGWFNSVkMNCkN
vcHlyaWdodCAxOTk5LTIwMDQsIEludGVsIENvcnBvcmF0aW9uDQpJR0
ZYU1JWQy5FWEUNCjcuMC4wLjQzOTYNCkludGVsKFIpIENvbW1vbiBVc
2VyIEludGVyZmFjZQ0KDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbnZz
aGVsbC5kbGwNCg0KTlZJRElBIENvcnBvcmF0aW9uDQpOVklESUEgRGV
za3RvcCBFeHBsb3JlciwgVmVyc2lvbiA2Ni45MyANCjYuMTQuMTAuNj
Y5Mw0KbnZTaGVsbA0KKEMpIE5WSURJQSBDb3Jwb3JhdGlvbi4gQWxsI
HJpZ2h0cyByZXNlcnZlZC4NCm52U2hlbGwuZGxsDQo2LjE0LjEwLjY2
OTMNCk5WSURJQSBEZXNrdG9wIEV4cGxvcmVyLCBWZXJzaW9uIDY2Ljk
zIA0KDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcemlwZmxkci5kbGwNCj
4gQzpcUHJvZ3JhbSBGaWxlc1xDb21tb24gRmlsZXNcQWhlYWRcTGliX
E5lcm9EaWdpdGFsRXh0LmRsbA0KDQpOZXJvIEFHDQpOZXJvIERpZ2l0
YWwgU2hlbGwgRXh0ZW5zaW9uDQoyLCAwLCAwLCA4DQpOZXJvRGlnaXR
hbEV4dC5kbGwNCkNvcHlyaWdodCAoYykgMTk5NS0yMDA1IE5lcm8gQU
cgYW5kIGl0cyBsaWNlbnNvcnMuDQpOZXJvRGlnaXRhbEV4dC5kbGwNC
jIsIDAsIDAsIDgNCk5lcm8gRGlnaXRhbCBUb29scw0KDQo+IEM6XFBy
b2dyYW0gRmlsZXNcT3Blbk9mZmljZS5vcmcgMi4zXHByb2dyYW1cc2h
seHRoZGwuZGxsDQoNClN1biBNaWNyb3N5c3RlbXMsIEluYy4NCjIuMD
MNCnNobHh0aGRsDQpDb3B5cmlnaHQgqSAyMDA3IGJ5IFN1biBNaWNyb
3N5c3RlbXMsIEluYy4NCnNobHh0aGRsLmRsbA0KMi4wLjUwMC4wDQoN
Cj4gQzpcUHJvZ3JhbSBGaWxlc1xPcGVuT2ZmaWNlLm9yZyAyLjNccHJ
vZ3JhbVx1d2luYXBpLmRsbA0KDQpTdW4gTWljcm9zeXN0ZW1zLCBJbm
MuDQoyLjAzDQp1d2luYXBpDQpDb3B5cmlnaHQgqSAyMDA3IGJ5IFN1b
iBNaWNyb3N5c3RlbXMsIEluYy4NCnV3aW5hcGkuZGxsDQoyLjAuNTAw
LjANCg0KPiBDOlxXSU5ET1dTXFdpblN4U1x4ODZfTWljcm9zb2Z0Lld
pbmRvd3MuR2RpUGx1c182NTk1YjY0MTQ0Y2NmMWRmXzEuMC4yNjAwLj
IxODBfeC13d181MjJmOWY4MlxnZGlwbHVzLmRsbA0KPiBDOlxQcm9nc
mFtIEZpbGVzXE9wZW5PZmZpY2Uub3JnIDIuM1xwcm9ncmFtXHN0bHBv
cnRfdmM3MTQ1LmRsbA0KDQpTVExwb3J0IENvbnN1bHRpbmcsIEluYy4
NClNUTHBvcnQNCjQuNS4yMDAzLjAxMjANClNUTFBPUlQuRExMDQpDb3
B5cmlnaHQgKEMpIEJvcmlzIEZvbWl0Y2hldg0KU1RMUE9SVF9WQzdCV
UlMRF9WRVJfTUFKT1JWRVJfTUlOT1IuRExMDQo0LjUuMjAwMy4wMTIw
DQpTVExwb3J0IFN0YW5kYXJkIEFOU0kgQysrIExpYmFyYXJ5DQoNCj4
gQzpcUHJvZ3JhbSBGaWxlc1xBZG9iZVxBY3JvYmF0IDcuMFxBY3Rpdm
VYXFBERlNoZWxsLmRsbA0KDQpBZG9iZSBTeXN0ZW1zLCBJbmMuDQpQR
EYgU2hlbGwgRXh0ZW5zaW9uDQo3LjAuMC4wDQpQREZTaGVsbA0KQ29w
eXJpZ2h0IDIwMDAtMjAwNCBBZG9iZSBTeXN0ZW1zLCBJbmMuDQpQREZ
TaGVsbC5kbGwNCjcuMC4wLjANCkFkb2JlIFBERiBTaGVsbCBFeHRlbn
Npb24NCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE1QUi5kbGwNCj4gQ
zpcV0lORE9XU1xTeXN0ZW0zMlxkcnByb3YuZGxsDQo+IEM6XFdJTkRP
V1NcU3lzdGVtMzJcbnRsYW5tYW4uZGxsDQo+IEM6XFdJTkRPV1NcU3l
zdGVtMzJcTkVUVUkwLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3RlbTMyXE
5FVFVJMS5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxORVRSQVAuZ
GxsDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcZGF2Y2xudC5kbGwNCj4g
QzpcUFJPR1JBfjFcV0lGRDFGfjFcTXBTaEhvb2suZGxsDQo+IEM6XFd
JTkRPV1NcV2luU3hTXHg4Nl9NaWNyb3NvZnQuVkM4MC5DUlRfMWZjOG
IzYjlhMWUxOGUzYl84LjAuNTA3MjcuMzYzX3gtd3dfNjkxYTQ4ZmRcT
VNWQ1I4MC5kbGwNCj4gQzpcV0lORE9XU1xXaW5TeFNceDg2X01pY3Jv
c29mdC5WQzgwLkNSVF8xZmM4YjNiOWExZTE4ZTNiXzguMC41MDcyNy4
zNjNfeC13d182OTFhNDhmZFxNU1ZDUDgwLmRsbA0KPiBDOlxXSU5ET1
dTXHN5c3RlbTMyXHJzYWVuaC5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc
1xBbGZhQ2xvY2tcVHJheUNsb2NrLmRsbA0KPiBDOlxXSU5ET1dTXHN5
c3RlbTMyXFNYUy5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxNU1Z
GVzMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXEFWSUZJTDMyLm
RsbA0KPiBDOlxQcm9ncmFtIEZpbGVzXFNweXdhcmVHdWFyZFxzcHl3Y
XJlZ3VhcmQuZGxsDQpTcHl3YXJlR3VhcmQgUHJvdGVjdGlvbg0KU3B5
d2FyZUd1YXJkIFByb3RlY3Rpb24NCjIuMDINCnNweXdhcmVndWFyZA0
KQ29weXJpZ2h0IChDKSAyMDAyLTIwMDMgSmF2YWNvb2wgU29mdHdhcm
UgTExDDQpzcHl3YXJlZ3VhcmQuZGxsDQoyLjAyDQpTcHl3YXJlR3Vhc
mQgUHJvdGVjdGlvbg0KDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTVNW
QlZNNjAuRExMDQo+IEM6XFByb2dyYW0gRmlsZXNcU1VQRVJBbnRpU3B
5d2FyZVxTQVNTRUguRExMDQoNClN1cGVyQWRCbG9ja2VyLmNvbQ0KU2
hlbGxFeGVjdXRlSG9vaw0KMSwgMCwgMCwgMTAwOA0KU0FCU0VIUFMuR
ExMDQooYykgQ29weXJpZ2h0IDIwMDQtMjAwNiBTdXBlckFkQmxvY2tl
ci5jb20gDQpTQVNTRUguRExMDQoxLjAuMC4xDQpTdXBlckFudGlTcHl
3YXJlDQoNCj4gQzpcUHJvZ3JhbSBGaWxlc1xHcmlzb2Z0XEFWRyBBbn
RpLVNweXdhcmUgNy41XHNoZWxsZXhlY3V0ZWhvb2suZGxsDQoNCkdSS
VNPRlQgcy5yLm8uDQpBVkcgQW50aS1TcHl3YXJlIHNoZWxsZXhlY3V0
ZWhvb2sNCjcsIDUsIDEsIDM2DQpzaGVsbGV4ZWN1dGVob29rLmRsbA0
KQ29weXJpZ2h0IKkgMjAwNyBHUklTT0ZUIHMuci5vLg0Kc2hlbGxleG
VjdXRlaG9vay5kbGwNCjcsIDUsIDEsIDM2DQpBVkcgQW50aS1TcHl3Y
XJlDQpBVkdfQW50aV9TcHl3YXJlXzIwMDdfMDUzMF8xMzUyMTAoMzYp
LCBTVk5SZXYgNTM5NDkgKC90cnVuaykNCldpbjMyIFJlbGVhc2UNCg0
KPiBDOlxQUk9HUkF+MVxTcHlib3RcU0RIZWxwZXIuZGxsDQpCbG9ja2
llcnQgVVJMcywgZGllIFNweXdhcmUsIE1hbHdhcmUgZXRjLiBpbnN0Y
WxsaWVyZW4gd/xyZGVuLg0KU2FmZXIgTmV0d29ya2luZyBMaW1pdGVk
DQpCYWQgZG93bmxvYWQgYmxvY2tlcg0KMSwgNCwgMCwgMA0KqSAyMDA
wLTIwMDUgUGF0cmljayBNLiBLb2xsYSAvIFNhZmVyIE5ldHdvcmtpbm
cgTGltaXRlZC4gQWxsZSBSZWNodGUgdm9yYmVoYWx0ZW4uDQoiU3B5Y
m90IiB1bmQgIlNweWJvdCAtIFNlYXJjaCAmIERlc3Ryb3kiIHNpbmQg
cmVnaXN0cmllcnRlIFdhcmVuemVpY2hlbi4NCnNkaGVscGVyLmRsbA0
KMSwgNCwgMCwgMw0KU3B5Ym90IC0gU2VhcmNoICYgRGVzdHJveQ0KDQ
o+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcb2xlcHJvMzIuZGxsDQo+IEM6X
FdJTkRPV1Ncc3lzdGVtMzJcbXNkbW8uZGxsDQoNCjYuNS4yNjAwLjIx
ODANCjYuNS4yNjAwLjIxODANCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTM
yXHdtdmNvcmUuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV01BU0
YuRExMDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTUZQbGF0LkRMTA0KP
iBDOlxQcm9ncmFtIEZpbGVzXFNVUEVSQW50aVNweXdhcmVcU0FTQ1RY
TU4uRExMDQoNClNVUEVSQW50aVNweXdhcmUuY29tDQpTVVBFUkFudGl
TcHl3YXJlIENvbnRleHQgTWVudSBFeHRlbnNpb24NCjEsIDAsIDAsID
EwMDQNClNBU0NUWE1OLkRMTA0KKEMpIENvcHlyaWdodCAyMDA2LTIwM
DcgU1VQRVJBZEJsb2NrZXIuY29tIGFuZCBTVVBFUkFudGlTcHl3YXJl
LmNvbQ0KU0FTQ1RYTU4uRExMDQoxLCAwLCAwLCAxMDA0DQpTVVBFUkF
udGlTcHl3YXJlIENvbnRleHQgTWVudSBFeHRlbnNpb24NCg0KPiBDOl
xQcm9ncmFtIEZpbGVzXE1QMyBQbGF5ZXIgVXRpbGl0aWVzIDQuMDBcQ
U1WQ29udmVydGVyXEFtdlRyYW5zZm9ybS5kbGwNCg0KQW12VHJhbnNm
b3JtIE1vZHVsZQ0KMSwgMCwgMCwgMQ0KQW12VHJhbnNmb3JtDQpDb3B
5cmlnaHQgMjAwMw0KQW12VHJhbnNmb3JtLkRMTA0KMSwgMCwgMCwgMQ
0KQW12VHJhbnNmb3JtIE1vZHVsZQ0KDQo+IEM6XFByb2dyYW0gRmlsZ
XNcR3Jpc29mdFxBVkcgQW50aS1TcHl3YXJlIDcuNVxjb250ZXh0LmRs
bA0KDQpHUklTT0ZUIHMuci5vLg0KQ29udGV4dC1NZW51IChTaGVsbCB
FeHRlbnNpb24pDQo3LCA1LCAxLCAzNg0KQ29udGV4dC5kbGwNCkNvcH
lyaWdodCCpIDIwMDcgR1JJU09GVCBzLnIuby4NCkNvbnRleHQuZGxsD
Qo3LCA1LCAxLCAzNg0KQVZHIEFudGktU3B5d2FyZQ0KQVZHX0FudGlf
U3B5d2FyZV8yMDA3XzA1MzBfMTM1MjEwKDM2KSwgU1ZOUmV2IDUzOTQ
5ICgvdHJ1bmspDQpXaW4zMiBSZWxlYXNlDQoNCj4gQzpcUHJvZ3JhbS
BGaWxlc1xBdmFzdDRcYXNoU2hlbGwuZGxsDQoNCkFMV0lMIFNvZnR3Y
XJlDQphdmFzdCEgU2hlbGwgRXh0ZW5zaW9uDQo0LCA3LCAxMDk4LCAw
DQphc3dTaGVsbA0KQ29weXJpZ2h0IChjKSAyMDA3IEFMV0lMIFNvZnR
3YXJlDQphc3dTaGVsbC5kbGwNCjQsIDcsIDAsIDANCmF2YXN0ISBBbn
RpdmlydXMgDQpkZWMyMDA3DQoNCj4gQzpcV0lORE9XU1xzeXN0ZW0zM
lx3bXBzaGVsbC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxzaG1l
ZGlhLmRsbA0KPiBDOlxQUk9HUkF+MVxNRURJQU1+MVxNTUhlbHBlci5
kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxzaGRvY2xjLmRsbA0KPi
BDOlxQcm9ncmFtIEZpbGVzXFNweXdhcmVHdWFyZFxkbHByb3RlY3QuZ
GxsDQpTcHl3YXJlR3VhcmQgRG93bmxvYWQgUHJvdGVjdGlvbg0KU3B5
d2FyZUd1YXJkIERvd25sb2FkIFByb3RlY3Rpb24NCjIuMDINCmRscHJ
vdGVjdA0KQ29weXJpZ2h0IChDKSAyMDAyLTIwMDMgSmF2YWNvb2wgU2
9mdHdhcmUgTExDDQpkbHByb3RlY3QuZGxsDQoyLjAyDQpTcHl3YXJlR
3VhcmQgRG93bmxvYWQgUHJvdGVjdGlvbg0KDQo+IEM6XFdJTkRPV1Nc
c3lzdGVtMzJccWVkaXQuZGxsDQoNCjYuNS4yNjAwLjIxODANCjYuNS4
yNjAwLjIxODANCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXHF1YXJ0ei
5kbGwNCg0KNi41LjI2MDAuMzI0Mw0KNi41LjI2MDAuMzI0Mw0KDQo+I
EM6XFdJTkRPV1Ncc3lzdGVtMzJcZGV2ZW51bS5kbGwNCg0KNi41LjI2
MDAuMjE4MA0KNi41LjI2MDAuMjE4MA0KDQo+IEM6XFByb2dyYW0gRml
sZXNcRXNzZW50aWFscyBDb2RlYyBQYWNrXFZTRmlsdGVyLmRsbA0KVm
lzaXQgaHR0cDovL2dhYmVzdC5vcmcvIGZvciB1cGRhdGVzLg0KR2FiZ
XN0DQpWb2JTdWIgJiBUZXh0U3ViIGZpbHRlciBmb3IgRGlyZWN0U2hv
dy9WaXJ0dWFsRHViL0F2aXN5bnRoDQoxLCAwLCAxLCAzDQpWU0ZpbHR
lcg0KQ29weXJpZ2h0IChDKSAyMDAxLTIwMDUgR2FiZXN0DQpWU0ZpbH
Rlci5ETEwNCjEsIDAsIDEsIDMNClZTRmlsdGVyDQoNCj4gQzpcUHJvZ
3JhbSBGaWxlc1xFc3NlbnRpYWxzIENvZGVjIFBhY2tcTXBhU3BsaXR0
ZXIuYXgNCmh0dHA6Ly9nYWJlc3Qub3JnLw0KR2FiZXN0DQpNcGEgU3B
saXR0ZXINCjEsIDAsIDAsIDINCk1wYSBTcGxpdHRlcg0KQ29weXJpZ2
h0IChDKSAyMDAzLTIwMDYgR2FiZXN0DQpNcGFTcGxpdHRlci5heA0KM
SwgMCwgMCwgMg0KTXBhIFNwbGl0dGVyDQoNCj4gQzpcUHJvZ3JhbSBG
aWxlc1xFc3NlbnRpYWxzIENvZGVjIFBhY2tcQXZpU3BsaXR0ZXIuYXg
NCmh0dHA6Ly9nYWJlc3Qub3JnLw0KR2FiZXN0DQpBdmkgU3BsaXR0ZX
INCjEsIDAsIDAsIDcNCkF2aSBTcGxpdHRlcg0KQ29weXJpZ2h0IChDK
SAyMDAzLTIwMDYgR2FiZXN0DQpBdmlTcGxpdHRlci5heA0KMSwgMCwg
MCwgNw0KQXZpIFNwbGl0dGVyDQoNCj4gQzpcV0lORE9XU1xzeXN0ZW0
zMlxkaXZ4ZGVjLmF4DQoNCkRpdlgsIEluYy4NCkRpdliuIERlY29kZX
IgRmlsdGVyDQo2LjcuMC4xDQpEaXZYZGVjLmF4DQpDb3B5cmlnaHQgq
SBEaXZYLCBJbmMuLCAyMDAxLTIwMDcNCkRpdlhkZWMuYXgNCjYuNy4w
LjENCkRpdliuIERlY29kZXIgRmlsdGVyDQoNCj4gQzpcUHJvZ3JhbSB
GaWxlc1xDb21tb24gRmlsZXNcQWhlYWRcRFNGaWx0ZXJcTmVSZXNpem
UuYXgNCg0KTmVybyBBRw0KUmVzaXppbmcgRmlsdGVyDQo0LDUsMTMsD
QpOZVJlc2l6ZS5heA0KQ29weXJpZ2h0IDIwMDYgTmVybyBBRyBhbmQg
aXRzIGxpY2Vuc29ycw0KTmVSZXNpemUuYXgNCjEsIDIsIDEsIDINCk5
lcm8gU3VpdGUNCg0KPiBDOlxQcm9ncmFtIEZpbGVzXENvbW1vbiBGaW
xlc1xBaGVhZFxEU0ZpbHRlclxOZVZpZGVvLmF4DQoNCk5lcm8gQUcNC
k1QRUctMS8yLzQgJiBBVkMgdmlkZW8gZGVjb2RlciB3LyBEeFZBDQo0
LDUsMTMsMA0KQ29weXJpZ2h0IChjKSAyMDA1IE5lcm8gQUcgYW5kIGl
0cyBsaWNlbnNvcnMNCk5lVmlkZW8uYXgNCjIsIDIsIDQsIDQNCk5lcm
8gU3VpdGUNCg==

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 03 February 2008 - 10:44 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum.
My name is Richie and i'll be helping you to fix your problems.

Apologies for the late response,as i'm sure you can appreciate we are extremely busy.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

If you have not followed the info in the link below prior to posting your log then please do so now:
Preparation Guide for use before posting a HijackThis Log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If you still require help,please post a new Hijackthis log into this topic in your next reply.

Also post a detailed description of the issues you're experiencing.

*Note*
Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image

#3 applesauce1234

applesauce1234
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:28 AM

Posted 13 February 2008 - 07:55 PM

Hi...

Here's the latest HJT report... I cant think of anything else besides what I explained already re: my problem... did you have any specific question? I think its all above

Thanks a lot!

Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:15 PM, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AlfaClock\AlfaClock.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\PopCap Games\Peggle Deluxe\Peggle.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 127.0.1.254 stlupdate.rs4u.com #rs4u_uninstall_mark
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Program Files\AlfaClock\AlfaClock.exe" /startup
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: AlfaClock.lnk = C:\Program Files\AlfaClock\AlfaClock.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://applesaucedelight.spaces.live.com//...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maps.city.peterborough.on.ca/MapGui...13/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124729924656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141870139125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by114fd.bay114.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (P) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - http://www.mgforums.com/forums/images/smilies/banana.gif

--
End of file - 9849 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 21 February 2008 - 07:27 PM

Please follow the instructions in the link below for the downloading and running of ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
This also includes installing the Windows XP Recovery Console in case you have not got it installed.
Post the log from ComboFix when you've finished,along with a new HijackThis log please.
Posted Image
Posted Image

#5 applesauce1234

applesauce1234
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:28 AM

Posted 27 February 2008 - 12:53 PM

Hi

Thanks for the help.

I ran a ComboFix scan (and installed Recovery Console), and then a HJT scan... They are both as follows:

ComboFix 08-02-25.3 - Colin 2008-02-27 12:05:13.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.624 [GMT -5:00]
Running from: C:\Documents and Settings\Colin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-23 15:36 . 2008-02-23 15:36 <DIR> d-------- C:\Program Files\NCH Software
2008-02-23 15:36 . 2008-02-23 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-23 15:35 . 2008-02-23 15:35 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-02-23 15:35 . 2008-02-23 15:35 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\NCH Swift Sound
2008-02-19 14:17 . 2007-11-05 16:34 15,760 --a------ C:\WINDOWS\system32\iviaspi.sys
2008-02-19 14:09 . 2008-02-19 14:09 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\InstallShield
2008-02-19 14:06 . 2008-02-19 14:16 <DIR> d-------- C:\Program Files\SanDisk
2008-02-14 11:04 . 2008-02-14 11:04 <DIR> d-------- C:\Program Files\DVDx
2008-02-13 17:01 . 2008-02-13 17:01 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-11 14:00 . 2008-02-27 11:13 3,162,278 --a------ C:\WINDOWS\{00000001-00000000-00000002-00001102-00000004-00511102}.BAK
2008-02-05 14:39 . 2008-02-05 14:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Musicnotes
2008-02-05 14:38 . 2008-02-05 14:38 <DIR> d-------- C:\Program Files\Musicnotes
2008-01-30 12:07 . 2008-01-30 12:07 <DIR> d-------- C:\Program Files\Absolute DVD Copy
2008-01-30 12:06 . 2008-01-30 12:06 <DIR> d-------- C:\Acaladvdcopy
2008-01-30 12:01 . 2008-01-30 12:01 <DIR> d-------- C:\Program Files\Acala DVD Copy
2008-01-29 21:37 . 2008-01-29 21:37 <DIR> d-------- C:\Program Files\Easiestutils
2008-01-29 21:37 . 2007-06-13 14:50 1,295,582 --a------ C:\WINDOWS\system32\cygwin1.dll
2008-01-29 21:37 . 2007-04-01 19:40 958,464 --a------ C:\WINDOWS\system32\advdaudio.ocx
2008-01-29 21:37 . 2007-06-08 14:12 548,864 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-01-29 21:37 . 2008-01-29 21:37 272,896 --a------ C:\WINDOWS\system32\advddr32.exe
2008-01-29 21:37 . 2002-05-23 20:40 110,080 --a------ C:\WINDOWS\system32\advd.dll
2008-01-29 21:37 . 2007-06-13 14:50 61,440 --a------ C:\WINDOWS\system32\cygz.dll
2008-01-29 21:37 . 2004-07-14 13:44 23,040 --a------ C:\WINDOWS\system32\auth.dll
2008-01-29 21:37 . 2008-01-29 21:37 18,816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys
2008-01-29 21:22 . 2008-01-29 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-27 13:49 . 2008-01-27 13:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-27 04:35 . 2008-01-27 04:35 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 07:28 --------- d-----w C:\Documents and Settings\Colin\Application Data\BitTorrent
2008-02-24 23:26 --------- d-----w C:\Program Files\BitTorrent
2008-02-22 02:39 --------- d-----w C:\Program Files\Java
2008-02-19 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 23:17 --------- d-----w C:\Program Files\Soulseek
2008-02-14 07:20 --------- d-----w C:\Documents and Settings\Colin\Application Data\OpenOffice.org2
2008-01-30 17:04 --------- d-----w C:\Documents and Settings\Colin\Application Data\Vso
2008-01-30 17:01 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-30 17:01 47,360 ----a-w C:\Documents and Settings\Colin\Application Data\pcouffin.sys
2008-01-30 15:50 --------- d-----w C:\Program Files\CDBurnerXP Pro 3
2008-01-30 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-27 17:37 --------- d-----w C:\Program Files\MediaMonkey
2008-01-22 15:57 --------- d-----w C:\Program Files\DivX
2008-01-21 02:11 --------- d-----w C:\Program Files\Finale NotePad 2008
2008-01-13 18:36 --------- d-----w C:\Program Files\a-squared Free
2008-01-13 17:49 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 00:59 --------- d-----w C:\Program Files\Sibelius Software
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-06-22 01:27 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-06-18 22:43 471 ----a-w C:\Program Files\INSTALL.LOG
2006-12-07 00:36 81,920 ----a-w C:\Documents and Settings\Colin\Application Data\ezpinst.exe
2006-03-23 22:05 31 ----a-w C:\Documents and Settings\Colin\getfile.dat
2006-02-08 04:55 36 ----a-w C:\Documents and Settings\Colin\klextlock.dat
2006-04-06 22:49 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"AlfaClock Classic"="C:\Program Files\AlfaClock\AlfaClock.exe" [2005-07-13 19:38 1378304]
"SetDefaultMIDI"="MIDIDef.exe" [2006-08-11 13:42 25600 C:\WINDOWS\MIDIDEF.EXE]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 16:50 4620288]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 04:46 196608]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 13:03 106544 C:\WINDOWS\system32\TWEAKUI.CPL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 11:35 319488]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 11:44 303104]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42 1404928]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 13:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"WINDVDPatch"="CTHELPER.EXE" [2006-08-11 13:56 17920 C:\WINDOWS\CTHELPER.EXE]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\Colin\Start Menu\Programs\Startup\
AlfaClock.lnk - C:\Program Files\AlfaClock\AlfaClock.exe [2007-03-05 02:34:29 1378304]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 11:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-07-10 15:31 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 11:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 11:02]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 22:01]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-27 16:19:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 12:08:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-27 12:09:50
ComboFix-quarantined-files.txt 2008-02-27 17:09:45
ComboFix2.txt 2008-02-27 07:33:44
ComboFix3.txt 2008-02-27 04:12:04
.
2008-02-26 19:51:59 --- E O F ---





+++++++




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:20 PM, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 127.0.1.254 stlupdate.rs4u.com #rs4u_uninstall_mark
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Program Files\AlfaClock\AlfaClock.exe" /startup
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: AlfaClock.lnk = C:\Program Files\AlfaClock\AlfaClock.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://applesaucedelight.spaces.live.com//...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maps.city.peterborough.on.ca/MapGui...13/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124729924656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141870139125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by114fd.bay114.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (P) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - http://www.mgforums.com/forums/images/smilies/banana.gif

--
End of file - 9356 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 27 February 2008 - 02:05 PM

Disable Windows Defender's real-time protection,as it may interfere.
* Open Microsoft Windows Defender. Click Start>All Programs>Windows Defender.
* Click on 'Tools'>'Options'.
* Under 'Real-time protection options', unselect the 'Turn on real-time protection' check box
* Click 'Save'.

Disable SpywareGuard as it may interfere.
* Right click the running icon of Spywareguard in the system tray to open the program.
* Then go to Menu, File, and choose Exit.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 4'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation jre-6u4-windows-i586-p.exe' [15.12 MB] and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.

Other than that i don't see any problems,your Hijackthis log and Combofix are both clean.


Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press Ok.
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore again.

Posted Image

when I open the folder that contains the files, an error message will come up.

See if the following helps:
First back up the registry by doing the following.
Click on Start>Run,copy and paste the following bold text into the 'Open:' space,then press Ok.
regedit /e c:\registrybackup.reg
It won't appear to be doing anything,that's normal.
Your mouse pointer may have an hour glass along side it for a minute or so.
Please be patient and continue when the hour glass disappears.

Click on Start>Run,type regedit then press oK.
Now navigate to:
HKEY_CLASSES_ROOT\SystemFileAssociations\.avi\shellex\PropertyHandler
In the right hand pane delete the "Default" value which should be:
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"
Exit regedit,restart your pc.

If still no joy,lets try the following:
Run F-Secure Online Scanner.
Note:
This scanner is for Internet Explorer only.
* Click on Online Services and then Online Scanner.
* Accept the License Agreement.
* Once the ActiveX installs,click Full System Scan.
* Once the download completes,the scan will begin automatically.
* The scan will take some time to finish,so please be patient.
* When the scan completes, click the Automatic cleaning (recommended) button.
* Click the Show Report button then copy and paste the entire report into your next reply.
Posted Image
Posted Image

#7 applesauce1234

applesauce1234
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:28 AM

Posted 12 March 2008 - 11:04 AM

problem seems to be fixed...

thanks!

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 12 March 2008 - 01:17 PM

You're welcome.

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users