Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Removing Vundo/virtumonde, Security Agent & Other Viruses/malvare


  • This topic is locked This topic is locked
8 replies to this topic

#1 tifosi

tifosi

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 10 April 2008 - 06:12 PM

Hello Removal Team,

My Windows XP PC has recently been infected with several viruses...mainly Vundo/Virtumonde but I believe others are on their as well. Spyboy S&D continues to find Virtumonde traces, but the removal never seems to last for long...I will see DL traffic to my PC when I am not using bandwidth, and shortly thereafter virus symptoms show. Some other symptoms that I get are:

1) I get several varieties of Security Agent alerts stating that my computer is infected and I should download/scan for viruses. Usually this is either a Yellow triangle (with exclamation point inside) or a pop up that has a brigh red background and states a specific file that is infected, usually a .dll or .exe in the SYSTEM directory.

2) Windows Update icons appear stating I need to download updates...even though I have never had this feature turned on.

3) Internet Explorer now runs EXTREMELY slow...it basically crashes everytime I open it so I can even browse web pages with it anymore. I have noticed that the IE.exe processes can exceed 500MB memory which I believe is not normal functionality. Also, IE.exe sucks up 50% or more CPU resource when it is sitting idle.

4) Searches appear to be hijacked. If I do a Yahoo! search and I click on a result I am taking to some random link, not the actually search result. If it go forward/back 3-4 times then I get to the search result link.

5) When I shutdown...there is an option to download/install Windows Updates then shut down which I never had before.

Below I have attached my most recent HijackThis log file (Note: I have seen the recommendation to change the name of the .exe, so I have named it HJT.exe before running).

Thanks for any help.

Regards,
Jeff

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:06 PM, on 10/Apr/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ManageSoft\Usage Agent\mgsusageag.exe
c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.NkoServer.exe
c:\Program Files\Agilent\IO Libraries Suite\bin\iproc82357.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\MBDocker.exe
C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Agilent\adci\adcist.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\groxslad.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iprocsvr.exe
c:\Program Files\Agilent\IO Libraries Suite\bin\iproc8491.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\Program Files\Agilent\IO Libraries Suite\bin\iproc488.exe
C:\Program Files\Omnipod\POD35\omnipod35.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.agilent.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.cos.agilent.com/autoproxy/autoproxy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = web-proxy:8088
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.agilent.com; localhost; 127.0.0.1; ;<local>
O2 - BHO: (no name) - {0063C2D9-2D75-4FF4-8701-6B34C925D17D} - C:\WINDOWS\system32\ljJdBqQG.dll (file missing)
O2 - BHO: (no name) - {06368860-DD7C-4BAB-9ED5-0A2169606D1C} - C:\WINDOWS\system32\efcCvUkJ.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [adcius.exe] c:\Agilent\adci\adcius.exe
O4 - HKLM\..\Run: [LAAM] c:\agilent\bin\runit c:\Agilent\bin\s_user.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140899710\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SchedulingAgent_nDG] "C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" -o RunNDStartup=True -o Startup=True
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [MBDocker.exe] C:\WINDOWS\system32\MBDocker.exe
O4 - HKLM\..\Run: [AgNotificationCenter] "C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe"
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [KTWCM_H1100] C:\Program Files\KT WIBRO\SPH-H1100\KTWIBROCM.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [pajutolw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pajutolw.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3218] command /c del "C:\WINDOWS\system32\efcCvUkJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3313] cmd /c del "C:\WINDOWS\system32\efcCvUkJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8071] command /c del "C:\WINDOWS\system32\gtnpxeio.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC361] cmd /c del "C:\WINDOWS\system32\gtnpxeio.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3970] command /c del "C:\WINDOWS\system32\pnhplaek.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5957] cmd /c del "C:\WINDOWS\system32\pnhplaek.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5735] command /c del "C:\WINDOWS\system32\qoMffETJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC560] cmd /c del "C:\WINDOWS\system32\qoMffETJ.dll_old"
O4 - HKCU\..\Run: [adcist.exe] c:\Agilent\adci\adcist.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSetup] D:\setup.exe /skip_all_checks /p /start /restart driveronly /l:enu
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [qkvhhile] C:\WINDOWS\system32\gbsnwvod.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB8023] command /c del "C:\WINDOWS\system32\efcCvUkJ.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6698] cmd /c del "C:\WINDOWS\system32\efcCvUkJ.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB269] command /c del "C:\WINDOWS\system32\gtnpxeio.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3084] cmd /c del "C:\WINDOWS\system32\gtnpxeio.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8400] command /c del "C:\WINDOWS\system32\pnhplaek.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2041] cmd /c del "C:\WINDOWS\system32\pnhplaek.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8811] command /c del "C:\WINDOWS\system32\qoMffETJ.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3398] cmd /c del "C:\WINDOWS\system32\qoMffETJ.dll_old"
O4 - HKLM\..\Policies\Explorer\Run: [qRiasATq1c] C:\Documents and Settings\All Users\Application Data\mjszurkz\klkzsdct.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0991 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0991 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: IO Control.lnk = ?
O4 - Global Startup: POD.lnk = C:\Program Files\Omnipod\POD35\omnipod35.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://be.agilent.com
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {F9DED47C-5B9F-4119-BAAF-E772E1BB551E} (HyperSend Agent) - https://www.hypersend.com/img/0/setup/hsc_win.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = agilent.com
O17 - HKLM\Software\..\Telephony: DomainName = agilent.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = agilent.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = agilent.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = agilent.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Agilent IO Libraries Service (AgilentIOLibrariesService) - Agilent - c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe
O23 - Service: Agilent Logic Analysis (agLogicSvc) - Agilent Technologies, Inc. - C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CSW - Unknown owner - C:\System-TestWorkbench\2005A\licenses\bin\Lmgrd.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hummingbird InetD (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - C:\Program Files\HPQ\SHARED\HPQWMI.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing)
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: ManageSoft installation agent (ndGlobalLauncher) - ManageSoft Corp - C:\Program Files\ManageSoft\Launcher\ndserv.exe
O23 - Service: ManageSoft managed device (ndinit) - ManageSoft Corp - C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 18611 bytes

BC AdBot (Login to Remove)

 


#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 12 April 2008 - 03:04 PM

HI

Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

O2 - BHO: (no name) - {0063C2D9-2D75-4FF4-8701-6B34C925D17D} - C:\WINDOWS\system32\ljJdBqQG.dll (file missing)
O2 - BHO: (no name) - {06368860-DD7C-4BAB-9ED5-0A2169606D1C} - C:\WINDOWS\system32\efcCvUkJ.dll (file missing)

O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)

O4 - HKLM\..\Run: [pajutolw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pajutolw.dll"

O4 - HKCU\..\Run: [qkvhhile] C:\WINDOWS\system32\gbsnwvod.exe

O4 - HKLM\..\Policies\Explorer\Run: [qRiasATq1c] C:\Documents and Settings\All Users\Application Data\mjszurkz\klkzsdct.exe


Then reboot ... that should stop most of the malware running ...

Please make sure you have read this :-

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Then come back here & post the requested updated logs...

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 tifosi

tifosi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 12 April 2008 - 04:48 PM

steam,

Thank you very much for your help. I have run HJT as you requested below and Fixed all 6 items. Then I have rebooted my PC. Upon login/startup my Symantec Antivirus auto-detected and successfully cleaned:

Trojan.Dropper

Then I have run the DSS.exe as indicated in the tutorial....the logs are posted below.

Also, I have enabled the Windows Firewall...but I have NOT enabled the Network Connection yet on the infected PC (I am using the forum from a 2nd PC).

Regards,
jeff


###############################
###############################
########MAIN.TXT################
###############################
###############################


Deckard's System Scanner v20071014.68
Run by jedralla on 2008-04-12 14:23:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
25: 2008-04-12 21:23:54 UTC - RP884 - Deckard's System Scanner Restore Point
24: 2008-04-11 09:49:41 UTC - RP883 - System Checkpoint
23: 2008-04-10 05:22:25 UTC - RP882 - Installed Java™ 6 Update 5
22: 2008-04-10 05:18:45 UTC - RP881 - Removed J2SE Runtime Environment 5.0 Update 10
21: 2008-04-10 05:10:35 UTC - RP880 - Removed J2SE Runtime Environment 5.0 Update 6


-- First Restore Point --
1: 2008-04-06 22:07:17 UTC - RP860 - Installed Advanced Design System 2008


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 6.04 GiB (less than 15%) free.


-- HijackThis (run as jedralla.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:49 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\ManageSoft\Usage Agent\mgsusageag.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.NkoServer.exe
c:\Program Files\Agilent\IO Libraries Suite\bin\iproc488.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Agilent\IO Libraries Suite\bin\iproc82357.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\MBDocker.exe
C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Agilent\adci\adcist.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iprocsvr.exe
c:\Program Files\Agilent\IO Libraries Suite\bin\iproc8491.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\jedralla\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jedralla.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.agilent.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.cos.agilent.com/autoproxy/autoproxy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = web-proxy:8088
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.agilent.com; localhost; 127.0.0.1; ;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [adcius.exe] c:\Agilent\adci\adcius.exe
O4 - HKLM\..\Run: [LAAM] c:\agilent\bin\runit c:\Agilent\bin\s_user.exe
O4 - HKLM\..\Run: [SchedulingAgent_nDG] "C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" -o RunNDStartup=True -o Startup=True
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [MBDocker.exe] C:\WINDOWS\system32\MBDocker.exe
O4 - HKLM\..\Run: [AgNotificationCenter] "C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe"
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [adcist.exe] c:\Agilent\adci\adcist.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSetup] D:\setup.exe /skip_all_checks /p /start /restart driveronly /l:enu
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0991 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0991 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: IO Control.lnk = ?
O4 - Global Startup: POD.lnk = C:\Program Files\Omnipod\POD35\omnipod35.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://be.agilent.com
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {F9DED47C-5B9F-4119-BAAF-E772E1BB551E} (HyperSend Agent) - https://www.hypersend.com/img/0/setup/hsc_win.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = agilent.com
O17 - HKLM\Software\..\Telephony: DomainName = agilent.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = agilent.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = agilent.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = agilent.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Agilent IO Libraries Service (AgilentIOLibrariesService) - Agilent - c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe
O23 - Service: Agilent Logic Analysis (agLogicSvc) - Agilent Technologies, Inc. - C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CSW - Unknown owner - C:\System-TestWorkbench\2005A\licenses\bin\Lmgrd.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hummingbird InetD (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - C:\Program Files\HPQ\SHARED\HPQWMI.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing)
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: ManageSoft installation agent (ndGlobalLauncher) - ManageSoft Corp - C:\Program Files\ManageSoft\Launcher\ndserv.exe
O23 - Service: ManageSoft managed device (ndinit) - ManageSoft Corp - C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 15633 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080409-025622-431 O2 - BHO: (no name) - {9DA5708F-4792-456D-9A48-30804981D86B} - C:\WINDOWS\system32\yayywTMG.dll (file missing)
backup-20080409-025622-652 O2 - BHO: (no name) - {77A98656-344A-471E-9C8F-333754051A7F} - C:\WINDOWS\system32\qoMffETJ.dll (file missing)
backup-20080409-025622-735 O2 - BHO: (no name) - {549AE8DB-B288-4070-B010-41A4470137D4} - C:\WINDOWS\system32\vtUlLFxV.dll (file missing)
backup-20080409-025622-827 O2 - BHO: (no name) - {b1f03258-1dd1-11b2-844a-d95ac99666f6} - C:\WINDOWS\dgtsfulg.dll (file missing)
backup-20080412-141003-294 O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
backup-20080412-141003-504 O4 - HKCU\..\Run: [qkvhhile] C:\WINDOWS\system32\gbsnwvod.exe
backup-20080412-141003-513 O4 - HKLM\..\Policies\Explorer\Run: [qRiasATq1c] C:\Documents and Settings\All Users\Application Data\mjszurkz\klkzsdct.exe
backup-20080412-141003-515 O2 - BHO: (no name) - {06368860-DD7C-4BAB-9ED5-0A2169606D1C} - C:\WINDOWS\system32\efcCvUkJ.dll (file missing)
backup-20080412-141003-598 O2 - BHO: (no name) - {0063C2D9-2D75-4FF4-8701-6B34C925D17D} - C:\WINDOWS\system32\ljJdBqQG.dll (file missing)
backup-20080412-141003-690 O4 - HKLM\..\Run: [pajutolw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pajutolw.dll"

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Mobridg (Mobility PCI-2-PCI Bridge) - c:\windows\system32\drivers\mobridg.sys <Not Verified; Mobility Electronics, Inc.; Mobility Universal Docking Solution>
R0 premrt - c:\windows\system32\drivers\premrt.sys <Not Verified; Magma; Magma CardBus/PCI Expansion Driver>
R1 NetworkX - c:\windows\system32\ckldrv.sys
R2 cvintdrv - c:\windows\system32\drivers\cvintdrv.sys
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 portD (CMS PortIO Service) - c:\windows\system32\drivers\portd2k.sys <Not Verified; CMS Peripherals, Inc.; BounceBack>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 mrtcb - c:\windows\system32\drivers\mrtcb.sys <Not Verified; Magma; Mobility CardBus/PCI Expansion Driver>

S2 adWLANusb (Analog Devices WLAN MB - 2) - c:\windows\system32\drivers\wlanmb.sys <Not Verified; anchor chips; anchor chips ezloader>
S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S2 EZUSB (Cypress EZ-usb 2) - c:\windows\system32\drivers\ezusb.sys <Not Verified; cypress semiconductor; cypress semiconductor ezusb>
S3 BeceemNDIS (TarangService) - c:\windows\system32\drivers\beceemndis.sys (file missing)
S3 BeceemNdisCardBus (Tarang) - c:\windows\system32\drivers\drxvi315.sys <Not Verified; Beceem communications pvt ltd.; Beceem Communications Inc. Tarang>
S3 Ipt1394 (Agilent E8491 1394 VXI controller) - c:\windows\system32\drivers\1394ipt.sys <Not Verified; Agilent Technologies; Agilent IO Libraries>
S3 N5101A (Agilent Technologies N5101A Device Driver) - c:\windows\system32\drivers\n5101a.sys <Not Verified; Agilent Technologies; Mercury Device Driver>
S3 SamsungSerenum (Samsung ENUMERATER Serenum Filter Driver) - c:\windows\system32\drivers\vspenum.sys (file missing)
S3 SamsungSerial (Samsung_BUS Serial port driver) - c:\windows\system32\drivers\vsp.sys (file missing)
S3 SamsungWiBroNet (Wibro) - c:\windows\system32\drivers\samsungwibro.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AeXNSClient (Altiris Agent) - c:\program files\altiris\altiris agent\aexnsagent.exe <Not Verified; Altiris, Inc.; Altiris Agent>
R2 AgilentIOLibrariesService (Agilent IO Libraries Service) - "c:\program files\agilent\io libraries suite\agilent.tmframework.connectivity.agilentiolibrariesservice.exe" <Not Verified; Agilent; Agilent IO Libraries>
R2 agLogicSvc (Agilent Logic Analysis) - c:\program files\agilent technologies\logic analyzer\aglogicsvc.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Crypkey License - crypserv.exe <Not Verified; CrypKey (Canada) Ltd.; CrypKey Software Licensing System>
R2 FileZilla Server (FileZilla Server FTP server) - c:\program files\filezilla server\filezilla server.exe <Not Verified; FileZilla Project; FileZilla Server>
R2 LkCitadelServer (Lookout Citadel Server) - c:\windows\system32\lkcitdl.exe <Not Verified; National Instruments, Inc.; National Instruments Logos>
R2 lkClassAds (National Instruments PSP Server Locator) - c:\windows\system32\lkads.exe <Not Verified; National Instruments, Inc.; National Instruments Logos>
R2 lkTimeSync (National Instruments Time Synchronization) - c:\windows\system32\lktsrv.exe <Not Verified; National Instruments, Inc.; National Instruments Logos>
R2 ndGlobalLauncher (ManageSoft installation agent) - "c:\program files\managesoft\launcher\ndserv.exe" <Not Verified; ManageSoft Corp; ManageSoft>
R2 ndinit (ManageSoft managed device) - "c:\program files\managesoft\schedule agent\ndinit.exe" <Not Verified; ManageSoft Corp; ManageSoft managed device>
R2 NIDomainService (National Instruments Domain Service) - "c:\program files\national instruments\shared\security\nidmsrv.exe" <Not Verified; National Instruments, Inc.; National Instruments Shared>
R2 niSvcLoc (NI Service Locator) - c:\windows\system32\nisvcloc.exe -s <Not Verified; National Instruments Corp.; National Instruments Service Locator>
R2 OSCM Utility Service - c:\program files\novatel wireless\sprint\sprint pcs connection manager\oscmutilityservice.exe <Not Verified; Sprint Spectrum, L.L.C; OSCM>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>

S2 CSW - c:\system-testworkbench\2005a\licenses\bin\lmgrd.exe (file missing)
S2 MSCamSvc - "c:\program files\microsoft lifecam\mscams32.exe" (file missing)
S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe (file missing)
S3 magaService (Lan Discover Agent) - c:\program files\sygate\ssa\maga\maga.exe (file missing)
S3 PictureTaker - c:\windows\system32\pctkrnt.sys <Not Verified; LANovation; PictureTaker Software Family>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_12F5103C&REV_05\4&AD1B67F&0&20F0
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_12F5103C&REV_05\4&AD1B67F&0&20F0
Service: w29n51


-- Files created between 2008-03-12 and 2008-04-12 -----------------------------

2008-04-10 11:10:49 110592 --a------ C:\WINDOWS\system32\czcxqvmf.exe
2008-04-09 23:15:15 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-09 22:22:28 0 d-------- C:\Program Files\Common Files\Java
2008-04-09 21:45:10 98304 --a------ C:\WINDOWS\system32\groxslad.exe
2008-04-09 01:21:41 68096 --a------ C:\WINDOWS\zip.exe
2008-04-09 01:21:41 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-09 01:21:41 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-09 01:21:41 98816 --a------ C:\WINDOWS\sed.exe
2008-04-09 01:21:41 80412 --a------ C:\WINDOWS\grep.exe
2008-04-09 01:21:41 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-09 01:21:40 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-09 01:21:40 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-07 23:12:15 0 d-------- C:\Program Files\Trend Micro
2008-04-07 13:07:46 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-07 12:05:14 8405015 --a------ C:\WINDOWS\TempFile
2008-04-07 04:04:21 30464 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-04-07 04:02:18 27904 --a------ C:\WINDOWS\ntnut.exe
2008-04-06 23:48:38 0 d-------- C:\Program Files\Lavasoft
2008-04-06 23:48:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 23:47:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 23:29:37 12032 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-06 23:19:36 14336 --a------ C:\WINDOWS\shdocpl.dll
2008-04-06 23:19:36 12544 --a------ C:\WINDOWS\msapasrc.dll
2008-04-06 23:19:36 21760 --a------ C:\WINDOWS\msa64chk.dll
2008-04-06 23:19:35 17408 --a------ C:\WINDOWS\winsb.dll
2008-04-06 23:19:35 10240 --a------ C:\WINDOWS\shdocpe.dll
2008-04-06 23:19:35 29440 --a------ C:\WINDOWS\browserad.dll
2008-04-06 23:19:34 22272 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-06 23:19:34 22784 --a------ C:\WINDOWS\avifile32.dll
2008-04-06 23:19:34 23040 --a------ C:\WINDOWS\autodisc32.dll
2008-04-06 23:19:33 19200 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-06 23:19:33 9728 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-06 23:19:33 22528 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-06 23:19:33 16384 --a------ C:\WINDOWS\athprxy32.dll
2008-04-06 23:19:33 24576 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-06 23:19:32 13568 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-06 23:19:32 26880 --a------ C:\WINDOWS\asferror32.dll
2008-04-06 23:19:32 15872 --a------ C:\WINDOWS\apphelp32.dll
2008-04-06 20:40:06 0 d-------- C:\Documents and Settings\jefftest\Application Data\Ipswitch
2008-04-06 20:24:11 0 d-------- C:\Documents and Settings\jefftest\Application Data\Omnipod
2008-04-06 20:23:21 0 dr-h----- C:\Documents and Settings\jefftest\SendTo
2008-04-06 20:23:21 0 d--h----- C:\Documents and Settings\jefftest\Recent
2008-04-06 20:23:21 0 d--h----- C:\Documents and Settings\jefftest\PrintHood
2008-04-06 20:23:21 0 d--h----- C:\Documents and Settings\jefftest\NetHood
2008-04-06 20:23:21 0 d-------- C:\Documents and Settings\jefftest\My Documents
2008-04-06 20:23:21 0 d--h----- C:\Documents and Settings\jefftest\Local Settings
2008-04-06 20:23:21 0 d-------- C:\Documents and Settings\jefftest\Favorites
2008-04-06 20:23:21 0 d-------- C:\Documents and Settings\jefftest\Desktop
2008-04-06 20:23:21 0 d---s---- C:\Documents and Settings\jefftest\Cookies
2008-04-06 20:23:21 0 dr-h----- C:\Documents and Settings\jefftest\Application Data
2008-04-06 20:23:21 0 d---s---- C:\Documents and Settings\jefftest\Application Data\Microsoft
2008-04-06 20:23:21 0 d-------- C:\Documents and Settings\jefftest\Application Data\Intel
2008-04-06 20:23:20 0 d--h----- C:\Documents and Settings\jefftest\Templates
2008-04-06 20:23:20 0 dr------- C:\Documents and Settings\jefftest\Start Menu
2008-04-06 20:23:20 2359296 --a------ C:\Documents and Settings\jefftest\NTUSER.DAT
2008-04-06 20:23:20 0 d-------- C:\Documents and Settings\jefftest\{6B009945-0D67-438E-B477-EF5D2EE5EA66}
2008-04-06 20:23:20 0 d-------- C:\Documents and Settings\jefftest\{3BC096B0-A083-41F1-A299-441401FFFA2C}
2008-04-06 20:23:20 0 d-------- C:\Documents and Settings\jefftest\{0bedbd4e-2d34-47b5-9973-57e62b29307c}
2008-04-06 15:02:48 0 d-------- C:\Documents and Settings\All Users\Application Data\mjszurkz
2008-03-24 03:25:21 0 d-------- C:\ADS2008
2008-03-21 20:02:07 0 d-------- C:\WINDOWS\EB38E3885E4F4B8FBB2267F52FF2B4B3.TMP
2008-03-20 19:17:38 0 d-------- C:\Documents and Settings\jedralla\Application Data\Download Manager


-- Find3M Report ---------------------------------------------------------------

2008-04-12 14:17:50 0 d-------- C:\Program Files\Symantec AntiVirus
2008-04-12 14:02:15 0 d-------- C:\Documents and Settings\jedralla\Application Data\Skype
2008-04-09 22:24:37 0 d-------- C:\Program Files\Java
2008-04-09 22:22:28 0 d-------- C:\Program Files\Common Files
2008-04-06 23:47:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 06:44:13 0 d-------- C:\Documents and Settings\jedralla\Application Data\Intuit
2008-03-27 21:17:15 4 --a------ C:\WINDOWS\vx86036.dat
2008-03-26 18:44:26 0 d-------- C:\Program Files\QuickTime
2008-03-25 03:42:51 120 --a------ C:\drmHeader.bin
2008-03-24 12:05:55 0 d-------- C:\Program Files\Agilent
2008-03-24 11:49:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-20 12:03:43 0 d-------- C:\Program Files\AgilentIE6Settings
2008-03-20 11:57:07 0 d-------- C:\Program Files\Novatel Wireless
2008-03-09 21:17:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-23 18:55:29 0 -----n--- C:\help
2008-01-18 21:12:05 3965 -----n--- C:\WINDOWS\unins001.dat
2008-01-18 21:12:03 673610 -----n--- C:\WINDOWS\unins001.exe <Not Verified; ; Inno Setup>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [10/14/2004 10:11 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [09/23/2004 01:41 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [05/19/2006 02:52 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/14/2006 04:02 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/07/2005 10:05 PM]
"AGRSMMSG"="AGRSMMSG.exe" [04/13/2005 11:12 AM C:\WINDOWS\AGRSMMSG.exe]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [03/09/2005 03:54 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/03/2004 02:05 AM]
"adcius.exe"="c:\Agilent\adci\adcius.exe" [07/05/2007 11:03 AM]
"LAAM"="c:\agilent\bin\runit c:\Agilent\bin\s_user.exe" []
"SchedulingAgent_nDG"="C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" [10/21/2005 05:40 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [05/29/2007 04:33 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/06/2007 01:25 PM]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [11/27/2006 03:18 PM]
"MBDocker.exe"="C:\WINDOWS\system32\MBDocker.exe" [10/05/2005 02:39 PM]
"AgNotificationCenter"="C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe" [06/14/2007 09:53 AM]
"AeXAgentLogon"="C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" [01/18/2005 09:31 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [04/16/2007 11:24 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 02:42 PM]
"WD Button Manager"="WDBtnMgr.exe" [10/22/2007 07:54 PM C:\WINDOWS\system32\WDBtnMgr.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [05/07/2007 10:47 AM]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [12/25/2007 02:25 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [08/03/2004 05:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adcist.exe"="c:\Agilent\adci\adcist.exe" [12/11/2003 02:31 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/01/2007 04:52 PM]
"LogitechSetup"="D:\setup.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [06/08/2007 03:18 PM]
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" []
"Aim6"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0991 -f video -m logitech -d 11.0.0.1217

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe [5/2/2007 10:47:30 AM]
IO Control.lnk - c:\WINDOWS\Installer\{973FF72F-4B14-4A08-BA8C-A4FA5F0EC0F4}\NewShortcut2.53194037_DDF3_483C_97E9_67D689D47D96.exe [12/4/2007 6:48:17 PM]
POD.lnk - C:\Program Files\Omnipod\POD35\omnipod35.exe [6/20/2005 3:04:20 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
"disablecad"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"=1 (0x1)
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"=0 (0x0)
"Btn_Forward"=0 (0x0)
"Btn_Stop"=0 (0x0)
"Btn_Refresh"=0 (0x0)
"Btn_Home"=0 (0x0)
"Btn_Search"=0 (0x0)
"Btn_History"=0 (0x0)
"Btn_Favorites"=0 (0x0)
"Btn_Media"=0 (0x0)
"Btn_Folders"=0 (0x0)
"Btn_Fullscreen"=0 (0x0)
"Btn_Tools"=0 (0x0)
"Btn_MailNews"=0 (0x0)
"Btn_Size"=0 (0x0)
"Btn_Print"=0 (0x0)
"Btn_Edit"=0 (0x0)
"Btn_Discussions"=0 (0x0)
"Btn_Cut"=0 (0x0)
"Btn_Copy"=0 (0x0)
"Btn_Paste"=0 (0x0)
"Btn_Encoding"=0 (0x0)
"Btn_PrintPreview"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= qvphook.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=GPO_add_sdadmin.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=logonCI.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-198358228-527928863-167192953-277482\Scripts\Logon\0\0]
"Script"=cleanup.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1140899710\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KTWCM_H1100]
C:\Program Files\KT WIBRO\SPH-H1100\KTWIBROCM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"HyperSend-1-www.hypersend.com"="C:\Program Files\HyperSend\HyperSend.exe" /host=www.hypersend.com /cid=1
"Microsoft Windows Installer"=C:\Documents and Settings\jedralla\Local Settings\Temp\ie.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c765c2fe-19ba-11dc-a006-444553544200}]
Auto\command- D:\sal.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{F68D3BCB-E0D4-4E62-B16C-CAA794081E26}]
wscript //b "C:\Program Files\AgilentIE6Settings\ConfigureIE6.vbs"



-- End of Deckard's System Scanner: finished at 2008-04-12 14:31:11 ------------



###############################
###############################
########EXTRA.TXT################
###############################
###############################



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 2.00GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1535.36 MiB / 867.03 MiB
Pagefile Memory (total/avail): 2924.48 MiB / 2418.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1941.75 MiB

C: is Fixed (NTFS) - 55.89 GiB total, 6.04 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)
Q: is Fixed (FAT32) - 465.65 GiB total, 160.44 GiB free.
Z: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - HTS726060M9AT00 - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.89 GiB - C:

\\.\PHYSICALDRIVE2 - LEXAR JUMPDRIVE USB Device - 117.66 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 122.36 MiB - E:

\\.\PHYSICALDRIVE1 - WD My Book ES USB Device - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 465.76 GiB - Q:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

AV: Symantec AntiVirus Corporate Edition v10.1.6.6010 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Agilent\\Connection Manager Server\\MsmtSrvr.exe"="C:\\Program Files\\Agilent\\Connection Manager Server\\MsmtSrvr.exe:*:Enabled:MsmtSrvr.exe"
"C:\\Program Files\\Agilent\\IO Libraries Suite\\bin\\siclland.exe"="C:\\Program Files\\Agilent\\IO Libraries Suite\\bin\\siclland.exe:*:Enabled:Siclland"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"="C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe:*:Enabled:Sentinel Protection Server"
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"="C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jedralla\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=A0063598
ComSpec=C:\WINDOWS\system32\cmd.exe
E1438PATH=C:\Program Files\VISA\WinNT
E1439PATH=C:\Program Files\VISA\WinNT
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jedralla
HummPATH=C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\;
KMP_DUPLICATE_LIB_OK=TRUE
LOGONSERVER=\\SCS-US-DC2
MKL_SERIAL=YES
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Hummingbird\Connectivity\10.00\Exceed;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\VISA\WinNT\bin;C:\Program Files\IVI\bin;C:\Program Files\ManageSoft\Common;C:\PROGRA~1\IVI\Bin;C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\;;C:\Program Files\RSA Security\RSA SecurID Software Token;C:\Program Files\Agilent Technologies\Logic Analyzer;C:\Program Files\QuickTime\QTSystem;c:\Program Files\Agilent\IO Libraries Suite\bin;C:\Program Files\VISA\WinNT\Bin;c:\Program Files\VISA\winnt\agvisa
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\jedralla\LOCALS~1\Temp
TMP=C:\DOCUME~1\jedralla\LOCALS~1\Temp
USERDNSDOMAIN=AGILENT.COM
USERDOMAIN=AGILENT
USERNAME=jedralla
USERPROFILE=C:\Documents and Settings\jedralla
VXIPNPPATH=C:\Program Files\VISA\
VXITEST=C:\Program Files\VXItest
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

(admin)
jedralla (admin)
testing (admin)
jefftest (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92F2A534-C3E4-4B18-BEBD-329F5E848C8B}\Setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
AD9352CustSoftware --> MsiExec.exe /X{3F80BC37-3613-4305-BCEA-E6E0E3C66449}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
ADS 2005A - Addon Installation --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E1518AFB-7330-42B8-96A9-02CB9F7BC9C6}
Advanced Design System 2008 --> "C:\Program Files\InstallShield Installation Information\{6561C479-B8AE-4B3B-9001-3C7EDE7C7909}\setup.exe" -runfromtemp -l0x0409 -removeonly
Advanced Design System 2008 --> MsiExec.exe /I{6561C479-B8AE-4B3B-9001-3C7EDE7C7909}
Agere Systems AC'97 Modem --> agrsmdel
Agilent 89600 Series Software --> "C:\Program Files\InstallShield Installation Information\{63903F59-9905-4632-ADFA-F5102F991B0D}\setup.exe" -runfromtemp -l0x0009 -removeonly
Agilent Baseband Studio for Fading 3.0.28 --> MsiExec.exe /I{071E5964-E0C0-40CE-BF33-95CC5486CCBF}
Agilent Baseband Studio for Waveform Capture and Playback --> MsiExec.exe /I{8ED3123E-2857-485F-A030-3C3041E7A131}
Agilent IO Libraries Suite 15.0 --> C:\Program Files\InstallShield Installation Information\{973FF72F-4B14-4A08-BA8C-A4FA5F0EC0F4}\setup.exe -runfromtemp -l0x0409
Agilent LAPC --> "C:\Program Files\ManageSoft\Launcher\ndlaunch" -o InstallProfile=Public -d "locadm"
Agilent License Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{FAF7BB19-B32A-4888-BB29-349A84BC23F1}
Agilent Logic Analyzer 03.66.9137 --> C:\Program Files\Agilent Technologies\Logic Analyzer\VBA\setup.exe -x
Agilent Logic Analyzer Demo Center 03.66.9137 --> MsiExec.exe /I{359ED483-9E52-4425-8E34-30B637BAA0A1}
Agilent Logic Update Tool 03.66.9137 --> MsiExec.exe /I{77A81682-C7CB-4AED-8E10-D28E2A3D1718}
Agilent N4850A DigRF v3 Digital Acquisition Probe 03.66.9137 --> MsiExec.exe /X{37C7436D-BA14-4D4E-BFBF-029C1DF8A48A}
Agilent Signal Studio for 1xEV-DO Rev.A --> MsiExec.exe /X{8C3D922F-E6C9-4529-908B-CC2D8699A439}
Agilent Signal Studio for 3GPP W-CDMA --> MsiExec.exe /X{BAAC3B1D-F933-4E7D-BBAB-B8B2E42E3A26}
Agilent Signal Studio for 3GPP W-CDMA HSPA --> MsiExec.exe /X{E02AB4CE-F690-4985-A5D7-85E531C2AF12}
Agilent Signal Studio for 802.16-2004(WiMAX) --> MsiExec.exe /X{1352DED0-8674-4D77-8BF8-63896AB88450}
Agilent Signal Studio for 802.16 OFDMA --> MsiExec.exe /X{149DEE50-80E0-440C-84E7-D452EBFEEABE}
Agilent Signal Studio for 802.16 WiMAX --> MsiExec.exe /X{22DE6A0D-3AE6-45F2-927F-9ED2D047CD09}
Agilent Signal Studio for HSDPA over W-CDMA - E4438C --> MsiExec.exe /X{F76FBD70-80C5-496D-B7DE-AD72FA3CC114}
Agilent Signal Studio for WLAN N7617A --> MsiExec.exe /X{39734927-D448-4D85-B183-72E4B1DBE020}
Agilent Signal Studio Toolkit 2 --> MsiExec.exe /I{597DBF76-9CE2-4E9F-81A3-14EF7BC851A6}
Agilent T&M Programmers Toolkit Redistributable Package 1.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{55CC3069-6B17-45FB-8BCC-6520D1F4DE00}
Agilent Technologies ag875X Instrument Driver (WINNT) --> C:\WINDOWS\uninst.exe -f"C:\Program Files\VISA\winNT\AG875X\DeIsL1.isu"
Agilent Technologies E1438C/D VXIplug&play Software --> C:\Program Files\VISA\WinNT\age1438\UNWISE.EXE /U /Z C:\PROGRA~1\VISA\WinNT\age1438\INSTALL.LOG
Agilent Technologies E1439C/D VXIplug&play Software --> C:\Program Files\VISA\WinNT\age1439\UNWISE.EXE /U /Z C:\PROGRA~1\VISA\WinNT\age1439\INSTALL.LOG
Agilent Technologies E4406 Instrument Driver (WINNT) --> C:\WINDOWS\uninst.exe -f"C:\Program Files\VISA\winNT\HPE4406\DeIsL1.isu"
Agilent Technologies E444XA Instrument Driver (WINNT) --> C:\WINDOWS\uninst.exe -f"C:\Program Files\VISA\winNT\AGE444XA\DeIsL1.isu"
Agilent Technologies ESG Instrument Driver (WINNT) --> C:\WINDOWS\uninst.exe -f"C:\Program Files\VISA\winNT\HPESG\DeIsL1.isu"
Agilent VXI Test --> C:\PROGRA~1\VXItest\UNWISE.EXE C:\PROGRA~1\VXItest\INSTALL.LOG
Agilent WiMAX Test N7300A1 X.02.00.06 --> MsiExec.exe /I{ABE06F3A-9372-4370-89AF-762DB92B8160}
Agilent Windows XP Security Template - AD -->
Agilent Windows XP Security Template - MGS --> "C:\Program Files\ManageSoft\Launcher\ndlaunch" -o InstallProfile=Public -d "Security Templates"
Agilent Wireless Test Manager Framework 1.8 --> MsiExec.exe /X{369C1A3F-63CE-47E2-8CA7-A29951F2CBF4}
Agilent Wireless Test Manager NET (N4018C) 1.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CCA0272E-1666-4151-B496-BAE2D14E5FDE}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BCS200 Control Panel 1.1.0 --> MsiExec.exe /X{EBEDB3F2-3612-4A1A-A413-EA4B058C041C}
BlackBerry Desktop Software 4.1 --> MsiExec.exe /i{7F29BE4F-1651-4CFE-AF63-68825B90EE3B}
BlackBerry Desktop Software 4.1 --> MsiExec.exe /I{7F29BE4F-1651-4CFE-AF63-68825B90EE3B}
Bluetooth Stack for Windows --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
BounceBack Professional --> C:\WINDOWS\BBUninstall.exe
Broadcom NetXtreme Ethernet Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
CardBus Driver --> "C:\WINDOWS\unins001.exe"
Compatibility Pack for the 2007 Office system --> "C:\Program Files\ManageSoft\Launcher\ndlaunch" -o InstallProfile=Public -d "Microsoft Office 2007 Compatibility Pack"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DU Meter --> "C:\Program Files\DU Meter\unins000.exe"
ETS-AE 1.0(Americas) --> MsiExec.exe /I{A4973A51-B530-48A5-8E1B-A90A5EC45F92}
Faux Agilent IO Libraries --> DoNotUninstall
Faux Agilent VisaCom --> DoNotUninstall
ffdshow [rev 1324] [2007-07-01] --> "C:\Program Files\ffdshow\unins000.exe"
FileZilla Server (remove only) --> "C:\Program Files\FileZilla Server\uninstall.exe"
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Free PS Convert driver 8.15 --> "C:\Program Files\psconvert\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar5.dll"
HASP4 Device Drivers --> C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\HDD32.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP 856XE Instrument Driver (WINNT) --> C:\WINDOWS\uninst.exe -f"C:\Program Files\VISA\winNT\HP856XE\DeIsL1.isu"
HP 859XE Instrument Driver (WINNT) --> C:\WINDOWS\uninst.exe -f"C:\Program Files\VISA\winNT\HP859XE\DeIsL1.isu"
HP 871X Instrument Driver (WINNT) --> C:\WINDOWS\uninst.exe -f"C:\Program Files\VISA\winNT\HP871X\DeIsL1.isu"
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Quick Launch Buttons 6.30 A3 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 -removeonly uninst
Hummingbird Exceed 10 --> MsiExec.exe /I{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}
Hummingbird Exceed XDK 10 --> MsiExec.exe /I{F45395E5-8ED2-47CB-9181-9993CB70A1F4}
HyperSend Agent --> C:\WINDOWS\system32\UNWISE32.EXE /Z C:\PROGRA~1\HYPERS~1\Install.log
Intel® PROSet/Wireless Software --> "C:\Program Files\ManageSoft\Launcher\ndlaunch" -o InstallProfile=Public -d "Intel Wireless Client"
InterVideo DVD Check --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
Ipswitch WS_FTP Professional 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
IVI Shared Components --> CleanupUtility.exe /fromARP
IVI VISA COM Standard Components --> C:\PROGRA~1\VISA-COM\IVI_VI~1.EXE /fromARP
IVI VISA COM Standard Components --> MsiExec.exe /I{D2533218-3B3D-46C6-ABAA-898EB2908589}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Joost ™ 0.10.1 --> C:\Program Files\Joost\uninst.exe
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macrovision FLEXid Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0ADC98E8-BDD7-42F7-AC15-093C1B54CDAE}\setup.exe" -l0x9 -removeonly
Magma CardBus Expansion Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A7912A0-FAA2-11D3-924F-E19221F49E47}\setup.exe"
ManageSoft for managed devices --> MsiExec.exe /I{528DDE97-D539-4C9C-88AA-6B7C695731C4}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Baseline Security Analyzer 2.0.1 --> "C:\Program Files\ManageSoft\Launcher\ndlaunch" -o InstallProfile=Public -d "Baseline Security Analyzer 2.0"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{DF930075-1C01-45CA-B023-993BF4118096}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Standard 2003 --> MsiExec.exe /I{903A0409-6000-11D3-8CFE-0150048383C9}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs --> MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft XML Parser --> "C:\Program Files\ManageSoft\Launcher\ndlaunch" -o InstallProfile=Public -d "XML Parser"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mobility CardBus Driver 1.1 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\Uninst.isu -c"C:\WINDOWS\system32\\EDUninst.dll"
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
National Instruments Software --> "C:\Program Files\National Instruments\Shared\NIUninstaller\uninst.exe"
Netswitcher for Windows --> C:\\WINNT\\iun507.exe C:\\Program Files\\NetSwitcher for Windows\\irunin.ini
NI EULA Depot --> MsiExec.exe /I{60FC2242-9CF5-4264-B02A-A4A86447F560}
NI MDF Support --> MsiExec.exe /I{28C59BDD-55F3-4454-BF17-37AC537F894B}
Nortel Networks Contivity VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
Omnipod Professional Online Desktop 3.5 --> MsiExec.exe /I{41FE2262-E8D9-4b64-8B63-7440D41A66A6}
PAL --> "C:\WINDOWS\IsUninst.exe" -y -f"C:\Program Files\PAL\Uninstl\DeIsL1.isu" -c"C:\Program Files\PAL\Uninstl\palunins.dll
PDFCreator --> MsiExec.exe /I{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
PowerVideoMaker Professional 2.6 --> "C:\Program Files\Presentersoft PowerVideoMaker\unins000.exe"
PSPad editor --> "C:\Program Files\PSPad editor\Uninst\unins000.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RSA SecurID Software Token --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{432DDCA6-5CF6-4F02-93D3-BD78E327DA66}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sentinel Protection Installer 7.4.0 --> MsiExec.exe /I{5A180ED5-0AC1-410A-B790-5E0319CD0A93}
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
Sprint Mobile Broadband (Novatel Wireless) --> MsiExec.exe /I{40DC0CBD-A01E-4D3F-8B3A-5E96713D416B}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec AntiVirus --> "C:\Program Files\ManageSoft\Launcher\ndlaunch" -o InstallProfile=Public -d "Symantec AntiVirus"
Symantec AntiVirus --> "C:\Program Files\ManageSoft\Launcher\ndlaunch" -o InstallProfile=Public -d "Symantec AntiVirus"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tera Term Pro --> C:\WINDOWS\ttuninst.exe
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1} /l1033
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
TVUPlayer 1.5.12 --> C:\Program Files\TVU Player\uninst.exe
Version 1.3 --> "C:\WINDOWS\unins000.exe"
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Firewire HID Driver --> MsiExec.exe /X{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
WebRipper 1.31 --> C:\Program Files\SamsonSoft\WebRipper\uninst.exe
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\winzip32.exe" /uninstall
Wondershare PPT2DVD 3.9.2.225 --> "C:\Program Files\Wondershare\PPT2DVD\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type37061 / Error
Event Submitted/Written: 04/12/2008 02:21:39 PM
Event ID/Source: 3006 / LoadPerf
Event Description:
Unable to read the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Event Record #/Type37060 / Error
Event Submitted/Written: 04/12/2008 02:21:36 PM
Event ID/Source: 3011 / LoadPerf
Event Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Event Record #/Type37054 / Error
Event Submitted/Written: 04/12/2008 02:19:23 PM
Event ID/Source: 3006 / LoadPerf
Event Description:
Unable to read the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Event Record #/Type37053 / Error
Event Submitted/Written: 04/12/2008 02:19:20 PM
Event ID/Source: 3011 / LoadPerf
Event Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Event Record #/Type37052 / Error
Event Submitted/Written: 04/12/2008 02:19:01 PM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application spnsrvnt.exe, version 7.4.0.0, faulting module unknown, version 0.0.0.0, fault address 0x0012e870.
Error in creating result PEAP-TLV in response to received PEAP-TLV (spnsrvnt.exe!ld!)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type78595 / Error
Event Submitted/Written: 04/12/2008 02:17:35 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
IntelIde

Event Record #/Type78594 / Error
Event Submitted/Written: 04/12/2008 02:17:35 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The MSCamSvc service failed to start due to the following error:
%%3

Event Record #/Type78593 / Error
Event Submitted/Written: 04/12/2008 02:17:35 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The CSW service failed to start due to the following error:
%%3

Event Record #/Type78592 / Error
Event Submitted/Written: 04/12/2008 02:17:35 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The DS1410D service failed to start due to the following error:
%%2

Event Record #/Type78591 / Error
Event Submitted/Written: 04/12/2008 02:17:35 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Smart Card service terminated with the following error:
%%5



-- End of Deckard's System Scanner: finished at 2008-04-12 14:31:11 ------------

#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 13 April 2008 - 01:51 PM

HI

Your System Drive C: has 6.04 GiB (less than 15%) free.

Windows & other programs need free space in order to run, they need to unpack/expand fles, if there is not enough free space then your computer will slow down & start giving errors when running programs, which with more free space would run OK. you have a second fixed drive with 160.44 GiB free, it would be advisable to move some of your personal files from the C: drive ...

Please run these programs :-

Download Superantispyware.

http://www.superantispyware.com/

Once downloaded and installed update the definitions
and then run a full system scan quarantine what it finds!

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

http://www.superantispyware.com/definitions.html

* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#5 tifosi

tifosi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 13 April 2008 - 05:30 PM

steam,

I have run the programs as you have asked. Here are the logs below.

I will await your next set of instructions. Is it OK to use the internet on the infected compueter?

Regards,
Jeff

***************************
***************************
******SAS Log**************
***************************
***************************


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/13/2008 at 02:50 PM

Application Version : 4.0.1154

Core Rules Database Version : 3437
Trace Rules Database Version: 1429

Scan type : Complete Scan
Total Scan Time : 02:37:54

Memory items scanned : 668
Memory threats detected : 0
Registry items scanned : 6317
Registry threats detected : 0
File items scanned : 213917
File threats detected : 751

Adware.Tracking Cookie
C:\Documents and Settings\jedralla\Cookies\jedralla@crackberry[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@43836137[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@tribalfusion[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.couponmountain[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adbrite[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@shopica[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adultfriendfinder[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@rotator.adjuggler[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@collective-media[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@tagiq.clickforensics[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@livenation.122.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@rm.yieldmanager[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.shopica[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.cnn[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adopt.specificclick[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.doubleviking[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@findarticles[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@247realmedia[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@counter.inkfrog[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.bleepingcomputer[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@trafficmp[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.fatpenguinmedia[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@clicksor[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@insightexpressai[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adcentriconline[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@peoplefinder.agilent[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ad[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@indextools[4].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@server.lon.liveperson[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.adbrite[3].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.sun[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@webpower[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.ft[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.witelmedia[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@questionmarket[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adsby.aim4media[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@xiti[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@livesecuritycenter[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@100.media.lbn[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@112.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@2.adbrite[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@247realmedia[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@5.go.globaladsales[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@6283.nie002.clickshield[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@a.findarticles[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@accounts[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@accounts[3].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ad.bl2010[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ad.zanox[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ad1.clickhype[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ad1.emediate[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ad2.clickhype[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ad2.doublepimp[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adecn[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adinterax[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adknowledge[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adopt.euroclick[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adprofile[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads-dev.youporn[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.active[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.adbrite[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.addynamix[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.adengage[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.adgoto[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.as4x.tmcs[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.bridgetrack[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.bridgetrack[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.crakmedia[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.doubleviking[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.glispa[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.gmodules[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.heias[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.joinaxxess[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.miblackberry[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.monster[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.pugetsoundsoftware[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.realtechnetwork[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.sfomedia[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.skiinfo[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.soft32[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.stephensmedia[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.stileproject[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.telegraph.co[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.usercash[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.vegas[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads.vertmarkets[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads2.blastro[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads3.blastro[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ads4.blastro[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adserver.adreactor[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adserver.easyadult[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adserver.easyad[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adultadworld[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adultadworld[3].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adultfriendfinder[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adultwork[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@adv.xboard[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@advertising[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@advertpro[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@affiliate1.ticketcity[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@agilent.112.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@allstarclick[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@anat.tacoda[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@atdmt[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@atdmt[3].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@atlas.entrepreneur[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@atwola[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@audit.median[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@azjmp[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@banners.adultfriendfinder[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@banners.tribute[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@banner[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@beporn[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@bizjournals.112.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@bizrate[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@bravenet[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@brightcove.112.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@brookebannerblog[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@bs.serving-sys[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@bs.serving-sys[3].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@buycom.122.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@canadapost.112.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@citi.bridgetrack[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@clicktorrent[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@code.mediatext[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@count.rbc[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@counter.auctionworks[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@counter.plugin[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@counter.relmaxtop[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@counter.rewardsnetwork[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@cz5.clickzs[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@data3.perf.overture[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@dillards.112.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@discounterectionpills[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@dl2.ads2media[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@dmtracker[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@dvdcovers.spacash[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@e-2dj6wakieidjoao.stats.esomniture[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@e-2dj6wblosodzeep.stats.esomniture[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@e-2dj6wfkiuoazchp.stats.esomniture[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@e-2dj6wflicndzkdp.stats.esomniture[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@e-2dj6wgk4siajaaq.stats.esomniture[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@e-2dj6wglicgcjkco.stats.esomniture[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@e-2dj6whkikmdzmkq.stats.esomniture[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@e-2dj6wjlykkd5ogo.stats.esomniture[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@e-2dj6wjmicicpsgo.stats.esomniture[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@e-2dj6wjnyakajcfq.stats.esomniture[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@e-2dj6wjnycgcpegp.stats.esomniture[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@e-2dj6wjnyejazabo.stats.esomniture[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@e-2dj6wjnygic5mgp.stats.esomniture[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@eas.apm.emediate[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@eas.apm.emediate[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@edge.ru4[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@electronicarts.112.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@emediawire[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@enhance[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@entrepreneur[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@epornreview[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@equifax.adbureau[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ero-advertising[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@euros4click[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@eyewonder[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@fanatixxx[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@findology[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@findwhat[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@findwhat[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@gettyimages.122.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@gostats[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@hardwarezone[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@hc2.humanclick[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@highbeam.122.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@hmt.connexpromotions[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@hornymatches[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@hornyoyster[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@hotlog[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@housingtracker[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@hypertracker[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@image.masterstats[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@indextools[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@indextools[3].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@interclick[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@invitemedia[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@jeqq[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@justsexyvideos[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@komtrack[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@kontera[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@leeenterprises.112.2o7[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@leveragemarketing.112.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@linkstattrack[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@livesecuritycenter[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@login.tracking101[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@malwarecrush[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@media.cleantech[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@media.www.dailytrojan[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@media6degrees[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@media6degrees[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@mediabom[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@mediamgr.ugo[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@mediatraffic[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@metacafe.122.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@metareward[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@mfeed.newzfind[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@microsoftoffice.112.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@mobileworldcongress.mediaroom[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@nakedcumshots[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@nandomedia[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@newzfind[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@nextag[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@nursexybabes[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@oas.directaclick[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@onlinerewardcenter[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@optimize.indieclick[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@overture[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@partner2profit[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@partners.webmasterplan[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@partypoker[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@pentonmedia.122.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@perf.overture[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@philips.112.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@pornbb[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@pornhost[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@pornorama[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@pornotube[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@pornput[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@porntube[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@premiumtv.122.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@pstats_[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@qksrv[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@questionmarket[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@realmedia[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@realmedia[3].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@realsexscandals[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@realteenpictureclub[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@redorbit[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@reduxads.valuead[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@reunion.adbureau[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@richmedia.yahoo[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@roiservice[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@rotabanner.utro[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@rotabanner100.utro[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@rotabanner234.utro[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@rotabanner468.utro[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@rotator.adjuggler[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@sales.liveperson[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@scan.malwarecrush[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@seatcounter[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@seatcounter[3].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@sec1.liveperson[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@servedby.adxpower[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@serving-sys[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@serving-sys[3].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@serving.xxxwebtraffic[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@sexi.covergirl[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@sexole[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@sexovideoclube[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@sexreactor[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@sexsearchcom[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@sexy-videos[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@sexyinternets[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@sexyshare[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@sexyswimwear[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@shakingmedia[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@shopping.112.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@specificclick[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@specificclick[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@specificclick[3].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@spylog[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@stat.onestat[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@stats.adbrite[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@stats.adbrite[3].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@stats.sphere[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@stolenpornpasswords[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@sutra.newzfind[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@swidget.wjadserver[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@tacoda[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@teenkelly[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@teenmoviegalls[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@teenmovies.xh0st[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@teensfirstthreesome[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@teenslikeitbig[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@teenslikeitbig[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@teenvids.xh0st[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@ticketcity[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@tizer.mediarotator[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@tns-counter[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@toplisted[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@toplist[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@toplist[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@toplist[3].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@toplist[4].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@tour.teenslikeitbig[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@tracker[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@tracking.veille-referencement[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@traffic.buyservices[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@traffic.prod.cobaltgroup[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@trafficdashboard[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@trafficmp[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@tremor.adbureau[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@usenext[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@v7.stats.load[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@valueclick[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@valueclick[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@weborama[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@wikiporno[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.100.rbcmedia[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.accountonline[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.adultwork[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.awltovhc[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.beporn[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.burstbeacon[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.etracker[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.fatpenguinmedia[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.findelicious[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.freeporn4all[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.nursexybabes[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.pornbb[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.pornhub[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.pornminded[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.pornorama[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.teenplanetcandid[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.ticketcity[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.ukadultproducers[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@www.xxxmofo[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@xiti[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@xmlrevenue[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@xxxmofo[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@yadro[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@yieldmanager[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@youporn.videobox[1].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@youporn[2].txt
C:\Documents and Settings\jedralla\Cookies\jedralla@zanox[1].txt

Adware.webHancer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0689055.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0689056.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0689057.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0689064.DLL

Trojan.Fake-Drop/Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0691128.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0691130.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0691131.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0691132.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0691133.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0691134.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0691135.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0693141.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0693142.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0693143.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0693144.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP875\A0693145.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693176.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693177.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693179.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693180.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693181.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693182.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693183.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693184.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693185.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693186.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693187.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693190.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693191.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693192.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693193.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693194.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693195.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693198.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693199.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693200.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693201.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693202.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693256.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693257.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693258.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693259.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693260.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693261.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693262.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693264.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693265.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693266.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693270.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693271.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693272.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693273.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693274.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693296.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693297.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693299.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693300.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693303.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693304.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693307.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693308.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693309.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693310.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693312.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693313.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693314.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693315.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693316.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693317.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693318.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693319.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693320.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693321.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693322.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693323.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693324.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693325.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693327.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693328.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693329.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693331.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693332.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693333.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693334.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693335.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693336.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693337.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693338.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693339.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693340.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693341.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693342.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693343.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693344.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693345.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693346.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693349.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693350.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693351.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693352.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693353.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693354.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693357.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693358.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693359.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693360.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693361.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693362.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693363.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693364.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693367.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693368.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693369.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693370.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693371.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693372.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693373.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693374.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693375.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693376.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693377.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693378.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693379.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693380.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693381.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693382.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693383.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693384.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693385.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693386.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693387.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693388.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693389.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693398.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693408.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693409.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693411.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693412.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693413.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693414.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693673.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693674.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693675.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693676.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693718.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693719.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693720.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693721.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693723.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693724.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693725.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693726.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693727.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693728.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693729.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693730.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693731.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693734.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693735.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693736.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693737.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693738.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693740.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693741.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693742.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693743.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693744.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693745.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693746.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693747.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693748.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693749.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693750.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693751.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693752.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693753.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693754.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693755.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693756.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693757.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693758.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693759.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693760.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693761.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693762.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693763.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693764.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693765.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693766.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693767.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693768.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693769.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693770.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693771.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693772.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693773.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693775.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693777.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693778.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693779.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693780.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693781.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693782.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693783.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693784.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693785.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693786.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693787.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693788.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693789.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693790.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693791.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693792.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693793.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693794.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693796.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693797.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693799.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693800.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693801.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693802.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693803.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693804.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693805.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693806.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693807.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693808.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693809.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693810.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693811.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693812.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693813.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693814.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693815.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693816.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693817.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693818.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693819.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693820.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693823.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693824.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693825.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693826.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693827.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693829.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693830.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693832.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693833.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693834.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693835.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693836.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693837.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693838.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693839.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693840.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693841.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693842.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693843.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693844.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693845.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693846.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693847.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693848.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693850.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693851.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693852.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693853.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693854.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693855.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693856.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693857.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693858.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693859.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693860.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693861.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693862.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693863.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693864.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693865.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693866.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693867.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693868.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693870.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693871.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693873.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693874.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693875.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693876.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693877.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693878.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693879.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693880.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693881.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693882.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693884.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693885.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693886.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693887.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693888.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693889.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693890.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693891.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693892.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693893.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693895.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693896.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693897.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693898.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693899.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693900.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693901.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693902.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693903.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693905.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693906.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693907.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693909.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693910.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693911.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693912.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693913.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693914.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693915.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693916.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693917.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693918.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693919.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693922.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693923.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693924.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693925.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693926.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693927.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693928.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693929.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693930.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693931.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693932.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693933.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693934.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693935.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693936.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693937.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693938.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693939.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693940.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693941.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693942.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693943.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693944.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693945.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693946.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693947.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693948.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693949.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693950.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693951.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693952.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693953.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693954.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693955.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693956.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693957.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693958.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693959.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693960.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693961.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693962.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693963.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693964.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693965.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693966.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693967.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693968.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693969.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693970.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693971.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693972.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693973.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693974.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693975.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693976.EXE
C:\WINDOWS\APPHELP32.DLL
C:\WINDOWS\ASFERROR32.DLL
C:\WINDOWS\ASYCFILT32.DLL
C:\WINDOWS\ATHPRXY32.DLL
C:\WINDOWS\ATI2DVAA32.DLL
C:\WINDOWS\ATI2DVAG32.DLL
C:\WINDOWS\AUDIOSRV32.DLL
C:\WINDOWS\AUTODISC32.DLL
C:\WINDOWS\AVIFILE32.DLL
C:\WINDOWS\AVISYNTHEX32.DLL
C:\WINDOWS\AVIWRAP32.DLL
C:\WINDOWS\BROWSERAD.DLL
C:\WINDOWS\CHANGEURL_30.DLL
C:\WINDOWS\INSTALLER\ID53.EXE
C:\WINDOWS\MSA64CHK.DLL
C:\WINDOWS\MSAPASRC.DLL
C:\WINDOWS\NTNUT.EXE
C:\WINDOWS\SHDOCPE.DLL
C:\WINDOWS\SHDOCPL.DLL
C:\WINDOWS\WINSB.DLL

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693188.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP879\A0693680.DLL

Trojan.Unclassified/Multi-Dropper
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693301.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693302.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693355.EXE
C:\WINDOWS\SYSTEM32\CZCXQVMF.EXE
C:\WINDOWS\SYSTEM32\GROXSLAD.EXE
C:\WINDOWS\Prefetch\GROXSLAD.EXE-2B7BF010.pf

Adware.AdSponsor/ISM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E3B9B7B1-EBAF-4080-848E-20266AD3C5F6}\RP876\A0693366.EXE

Trojan.Unclassified/NTNut32
C:\WINDOWS\SYSTEM32\NTNUT32.EXE

Trojan.Vundo-Variant/F
C:\WINDOWS\VSA\89604\CRP32DLL.DLL
C:\WINDOWS\VSA\89607\CRP32DLL.DLL
C:\WINDOWS\VSA\CRP32DLL.DLL


***************************
***************************
******Combo Fix Log*********
***************************
***************************


ComboFix 08-04-13.1 - jedralla 2008-04-13 15:12:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.864 [GMT -7:00]
Running from: C:\Documents and Settings\jedralla\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\123messenger.per
C:\WINDOWS\licencia.txt
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 12:05 . 2008-04-13 12:05 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-13 12:05 . 2008-04-13 12:05 <DIR> d-------- C:\Documents and Settings\jedralla\Application Data\SUPERAntiSpyware.com
2008-04-13 12:05 . 2008-04-13 12:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-12 14:23 . 2008-04-12 14:23 <DIR> d-------- C:\Deckard
2008-04-09 22:24 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-09 22:22 . 2008-04-09 22:22 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-08 00:02 . 2008-04-08 10:30 499 --a------ C:\WINDOWS\wininit.ini
2008-04-07 23:12 . 2008-04-07 23:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 21:51 . 2008-04-08 00:36 698 --ahs---- C:\WINDOWS\system32\gbkxvjme.ini
2008-04-07 12:05 . 2008-04-13 14:56 0 --a------ C:\WINDOWS\TempFile
2008-04-07 10:56 . 2008-04-13 15:00 3,596 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-04-07 10:52 . 2008-04-12 14:16 2,184 --a------ C:\WINDOWS\system32\wpa.dbl
2008-04-07 03:45 . 2008-04-13 15:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-06 23:48 . 2008-04-06 23:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-06 23:48 . 2008-04-06 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 23:47 . 2008-04-07 01:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 23:47 . 2008-04-07 01:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 23:30 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-06 23:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-06 23:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-06 23:30 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-06 20:40 . 2008-04-06 20:40 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Ipswitch
2008-04-06 20:24 . 2008-04-06 20:24 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Omnipod
2008-04-06 20:23 . 2007-08-27 14:09 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Intel
2008-04-06 20:23 . 2005-11-21 12:21 <DIR> d-------- C:\Documents and Settings\jefftest\{6B009945-0D67-438E-B477-EF5D2EE5EA66}
2008-04-06 20:23 . 2005-11-21 12:24 <DIR> d-------- C:\Documents and Settings\jefftest\{3BC096B0-A083-41F1-A299-441401FFFA2C}
2008-04-06 20:23 . 2005-11-21 12:22 <DIR> d-------- C:\Documents and Settings\jefftest\{0bedbd4e-2d34-47b5-9973-57e62b29307c}
2008-04-06 15:02 . 2008-04-10 11:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mjszurkz
2008-03-24 03:25 . 2008-03-24 03:38 <DIR> d-------- C:\ADS2008
2008-03-21 20:02 . 2008-03-21 20:02 <DIR> d-------- C:\WINDOWS\EB38E3885E4F4B8FBB2267F52FF2B4B3.TMP
2008-03-20 19:17 . 2008-03-20 19:29 <DIR> d-------- C:\Documents and Settings\jedralla\Application Data\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 21:57 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-13 21:40 --------- d-----w C:\Documents and Settings\jedralla\Application Data\Skype
2008-04-13 19:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-10 05:24 --------- d-----w C:\Program Files\Java
2008-04-06 13:44 --------- d-----w C:\Documents and Settings\jedralla\Application Data\Intuit
2008-03-31 19:57 140 ----a-w C:\WINDOWS\system32\drivers\macxvi.cfg
2008-03-27 01:44 --------- d-----w C:\Program Files\QuickTime
2008-03-25 10:42 120 ----a-w C:\drmHeader.bin
2008-03-24 19:05 --------- d-----w C:\Program Files\Agilent
2008-03-24 18:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 19:03 --------- d-----w C:\Program Files\AgilentIE6Settings
2008-03-20 18:57 --------- d-----w C:\Program Files\Novatel Wireless
2008-01-25 03:08 516,173 ----a-w C:\WINDOWS\system32\MSVCP60D.DLL
2008-01-25 03:08 434,252 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL
2008-01-19 04:12 673,610 ------w C:\WINDOWS\unins001.exe
2007-04-06 06:23 1,024 ------w C:\Documents and Settings\All Users\Application Data\imgppt2.dll
2003-06-09 18:29 57,344 ------w C:\Program Files\internet explorer\plugins\atlnudge.dll
2005-10-12 23:04 131,072 ------w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-09_ 2.46.02.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 02:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2007-09-07 14:00:22 2,238 ------r C:\WINDOWS\Installer\{369C1A3F-63CE-47E2-8CA7-A29951F2CBF4}\ARPPRODUCTICON.exe
+ 2007-07-11 17:18:44 2,238 ------r C:\WINDOWS\Installer\{37C7436D-BA14-4D4E-BFBF-029C1DF8A48A}\ARPPRODUCTICON.exe
+ 2007-07-11 17:18:44 2,238 ------r C:\WINDOWS\Installer\{37C7436D-BA14-4D4E-BFBF-029C1DF8A48A}\NewShortcut1_A9D0BADDDECD4A7AAFBD8FFB8D8034F7.exe
+ 2007-09-07 13:59:57 2,238 ------r C:\WINDOWS\Installer\{CCA0272E-1666-4151-B496-BAE2D14E5FDE}\ARPPRODUCTICON.exe
+ 2008-04-13 19:05:53 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-04-13 19:05:53 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2007-07-11 17:10:00 2,238 ------r C:\WINDOWS\Installer\{E0F483D4-90EE-479A-A094-5A5BC5D8F3C9}\NewShortcut12_DB1C1E4ACA0B4821B3DB430AF8DFB9D6.exe
+ 2007-07-11 17:10:00 2,238 ------r C:\WINDOWS\Installer\{E0F483D4-90EE-479A-A094-5A5BC5D8F3C9}\NewShortcut13_102AC35C256B4F1BA13456FB3B883E50.exe
+ 2007-07-11 17:10:00 2,238 ------r C:\WINDOWS\Installer\{E0F483D4-90EE-479A-A094-5A5BC5D8F3C9}\NewShortcut8_5E0EB48309E64D4996A8FCB85E913225.exe
+ 2007-07-11 17:10:00 2,238 ------r C:\WINDOWS\Installer\{E0F483D4-90EE-479A-A094-5A5BC5D8F3C9}\NewShortcut9_5E0EB48309E64D4996A8FCB85E913225.exe
+ 2007-07-11 17:10:00 2,238 ------r C:\WINDOWS\Installer\{E0F483D4-90EE-479A-A094-5A5BC5D8F3C9}\VisualBasicExamples.exe
+ 2007-07-11 17:10:00 2,238 ------r C:\WINDOWS\Installer\{E0F483D4-90EE-479A-A094-5A5BC5D8F3C9}\VisualC__Examples.exe
- 2000-08-31 14:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 15:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2005-11-21 20:33:33 2,722 ------w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
- 2000-08-31 14:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2001-08-23 06:00:00 2,000 ------w C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-08-23 06:00:00 2,032 ------w C:\WINDOWS\system\MOUSE.DRV
+ 2001-08-23 06:00:00 1,744 ------w C:\WINDOWS\system\SOUND.DRV
+ 2001-08-23 06:00:00 2,176 ------w C:\WINDOWS\system\VGA.DRV
+ 2004-08-04 01:07:22 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin
+ 2004-08-03 09:05:00 2,239 ----a-w C:\WINDOWS\system32\dla\tfsndres.sys
+ 2004-08-04 07:07:58 2,944 -c--a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
+ 2001-08-23 06:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2001-08-23 06:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-08-23 06:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2001-08-23 06:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
+ 2001-08-23 06:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2001-08-23 06:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2001-08-23 06:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2001-08-23 06:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
+ 2001-08-23 06:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2004-08-04 07:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2001-08-23 06:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2002-10-16 21:55:48 2,851 ----a-w C:\WINDOWS\system32\drivers\Toshidpt.sys
- 2006-11-09 21:28:20 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 08:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-11-09 21:28:30 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 08:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-11-09 23:07:32 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 09:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2001-08-23 06:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2001-08-23 06:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2001-08-23 06:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
+ 2001-08-23 06:00:00 2,656 ----a-w C:\WINDOWS\system32\netware.drv
+ 2001-08-23 06:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
+ 2001-08-23 06:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2001-08-23 06:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2001-08-23 06:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
+ 2001-08-23 06:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adcist.exe"="c:\Agilent\adci\adcist.exe" [2003-12-11 14:31 69632]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 16:52 68856]
"LogitechSetup"="D:\setup.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 15:18 23233576]
"Aim6"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41 860160]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 14:52 86105]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 16:02 815104]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 22:05 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 11:12 88209 C:\WINDOWS\AGRSMMSG.exe]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 15:54 184320]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939]
"adcius.exe"="c:\Agilent\adci\adcius.exe" [2007-07-05 11:03 49152]
"LAAM"="c:\agilent\bin\runit c:\Agilent\bin\s_user.exe" [ ]
"SchedulingAgent_nDG"="C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" [2005-10-21 17:40 1110016]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 16:33 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-06-06 13:25 125632]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 15:18 1582616]
"MBDocker.exe"="C:\WINDOWS\system32\MBDocker.exe" [2005-10-05 14:39 168208]
"AgNotificationCenter"="C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe" [2007-06-14 09:53 110592]
"AeXAgentLogon"="C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2005-01-18 09:31 143360]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 11:24 819200]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"WD Button Manager"="WDBtnMgr.exe" [2007-10-22 19:54 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 10:47 159744]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-12-25 14:25 937984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-03 17:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-05-11 17:24 441120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe [2007-05-02 10:47:30 98304]
IO Control.lnk - c:\WINDOWS\Installer\{973FF72F-4B14-4A08-BA8C-A4FA5F0EC0F4}\NewShortcut2.53194037_DDF3_483C_97E9_67D689D47D96.exe [2007-12-04 18:48:17 155648]
POD.lnk - C:\Program Files\Omnipod\POD35\omnipod35.exe [2005-06-20 15:04:20 5787648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= qvphook.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=GPO_add_sdadmin.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=logonCI.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-198358228-527928863-167192953-277482\Scripts\Logon\0\0]
"Script"=cleanup.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--------- 2005-11-02 20:01 50792 C:\Program Files\Common Files\AOL\1140899710\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KTWCM_H1100]
C:\Program Files\KT WIBRO\SPH-H1100\KTWIBROCM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"HyperSend-1-www.hypersend.com"="C:\Program Files\HyperSend\HyperSend.exe" /host=www.hypersend.com /cid=1
"Microsoft Windows Installer"=C:\Documents and Settings\jedralla\Local Settings\Temp\ie.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aim6.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Mobridg;Mobility PCI-2-PCI Bridge;C:\WINDOWS\system32\drivers\mobridg.sys [2005-10-05 14:38]
R0 premrt;premrt;C:\WINDOWS\system32\drivers\premrt.sys [2003-08-01 12:41]
R2 AgilentIOLibrariesService;Agilent IO Libraries Service;"c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe" [2007-09-28 15:32]
R2 agLogicSvc;Agilent Logic Analysis;C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe [2007-06-14 09:55]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2004-07-26 10:00]
R2 ndGlobalLauncher;ManageSoft installation agent;"C:\Program Files\ManageSoft\Launcher\ndserv.exe" [2005-10-21 17:38]
R2 ndinit;ManageSoft managed device;"C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe" [2005-10-21 17:40]
R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys [2004-02-23 09:40]
R2 SentinelKeysServer;Sentinel Keys Server;"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [2007-04-27 02:00]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-09-30 14:42]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 18:26]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 14:43]
R3 mrtcb;mrtcb;C:\WINDOWS\system32\drivers\mrtcb.sys [2003-09-10 09:59]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-09-06 15:30]
R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 13:02]
S2 adWLANusb;Analog Devices WLAN MB - 2;C:\WINDOWS\system32\Drivers\wlanmb.sys [2006-06-19 16:44]
S2 EZUSB;Cypress EZ-usb 2;C:\WINDOWS\system32\Drivers\ezusb.sys [2005-05-05 13:43]
S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" []
S3 BeceemNDIS;TarangService;C:\WINDOWS\system32\DRIVERS\BeceemNDIS.sys []
S3 BeceemNdisCardBus;Tarang;C:\WINDOWS\system32\DRIVERS\drxvi315.sys [2007-12-11 16:28]
S3 GCR410P;GEMPLUS GCR410P Serial Smart Card Reader;C:\WINDOWS\system32\DRIVERS\grserial.sys [2004-08-03 22:59]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 14:43]
S3 Ipt1394;Agilent E8491 1394 VXI controller;C:\WINDOWS\system32\DRIVERS\1394Ipt.sys [2007-09-28 14:41]
S3 magaService;Lan Discover Agent;C:\Program Files\Sygate\SSA\maga\maga.exe []
S3 MSHUSBVideo;NX6000 Filter Driver;C:\WINDOWS\system32\Drivers\nx6000.sys [2006-08-23 17:33]
S3 N5101A;Agilent Technologies N5101A Device Driver;C:\WINDOWS\system32\DRIVERS\N5101A.sys [2003-04-03 16:08]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\WINDOWS\system32\DRIVERS\nwusbser2.sys [2007-10-12 16:04]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2007-04-19 11:09]
S3 SamsungSerenum;Samsung ENUMERATER Serenum Filter Driver;C:\WINDOWS\system32\DRIVERS\VSPenum.sys []
S3 SamsungSerial;Samsung_BUS Serial port driver;C:\WINDOWS\system32\DRIVERS\Vsp.sys []
S3 SamsungWiBroNet;Wibro;C:\WINDOWS\system32\DRIVERS\SamsungWiBro.sys []
S3 Usbtmc;ausbtmc;C:\WINDOWS\system32\Drivers\ausbtmc.sys [2007-09-28 14:21]
S4 CSW;CSW;C:\System-TestWorkbench\2005A\licenses\bin\Lmgrd.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c765c2fe-19ba-11dc-a006-444553544200}]
\Shell\Auto\command - D:\sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{F68D3BCB-E0D4-4E62-B16C-CAA794081E26}]
wscript //b "C:\Program Files\AgilentIE6Settings\ConfigureIE6.vbs"
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 15:14:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-13 15:17:40
ComboFix-quarantined-files.txt 2008-04-13 22:17:35
ComboFix2.txt 2008-04-10 06:15:10
ComboFix3.txt 2008-04-09 08:46:26
Pre-Run: 6,366,318,592 bytes free
Post-Run: 6,348,406,784 bytes free
.
2008-04-07 20:08:01 --- E O F ---

#6 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 14 April 2008 - 02:25 PM

HI

Yes you can connect to the internet with this computer again ...

You have/had a flash drive infection ... this shows an entry in your registry (which we'll remove with a CFScript)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c765c2fe-19ba-11dc-a006-444553544200}]
\Shell\Auto\command - D:\sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

http://www.trendmicro.com/vinfo/virusencyc...II&VSect=Sn

The worm is called from an autorun.inf file ... which runs this :- D:\sal.xls.exe

D: is shown as your CDROM ... therefore you have an infected CD ... if the CD is a re-write ... wipe it ... if it isn't then destroy it ...

I see you have run a previous version of Combofix ...

The bottom of your Combofix log :-

Completion time: 2008-04-13 15:17:40
ComboFix-quarantined-files.txt 2008-04-13 22:17:35
ComboFix2.txt 2008-04-10 06:15:10
ComboFix3.txt 2008-04-09 08:46:26

Pre-Run: 6,366,318,592 bytes free
Post-Run: 6,348,406,784 bytes free

Please post the other 2 Combofix logs ComboFix2.txt & ComboFix3.txt BEFORE doing anything else ... in case one is overwritten ...

When you've done that ... continue with this :-

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS\system32\gbsnwvod.exe
C:\WINDOWS\system32\gbkxvjme.ini
C:\Documents and Settings\All Users\Application Data\mjszurkz\klkzsdct.exe
C:\Documents and Settings\All Users\Application Data\pajutolw.dll

Folder::
C:\Documents and Settings\All Users\Application Data\mjszurkz

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c765c2fe-19ba-11dc-a006-444553544200}]


Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#7 tifosi

tifosi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 14 April 2008 - 03:32 PM

steam,

A couple things to note:

1) I have not used a CD in my CD drive for at least 3 months.
2) I use USB flash drives quite frequently...could they be the culprit?
3) Is there any way to check if the USB flash drives I use are infected or not?

4) Internet Explorer no longer crashes or takes >70% CPU for no reason...however, it does still seam to have single processes that take >300MB memory every once in a while. I dont think this ever happened before.
5) My search links do not seem to be hijacked anymore.

I am inlcuding the old CF log files as you requested, as well as the new one after the CFscript.txt was run as well as a new HJT log. They are in the following order.
1) ComboFix2.txt
2) ComboFix3.txt
3) CFlog_POST_CFScript.txt
4) Latest HJT log (post CFScript).

###############################
###############################
########ComboFix2.txt##############
###############################
###############################


ComboFix 08-04-08.7 - jedralla 2008-04-09 23:08:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.845 [GMT -7:00]
Running from: C:\Documents and Settings\jedralla\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Q:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-09 22:24 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-09 22:22 . 2008-04-09 22:22 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-09 21:47 . 2008-04-09 21:47 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-09 21:45 . 2008-04-09 21:45 98,304 --a------ C:\WINDOWS\system32\groxslad.exe
2008-04-08 00:02 . 2008-04-08 10:30 499 --a------ C:\WINDOWS\wininit.ini
2008-04-07 23:12 . 2008-04-07 23:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 21:51 . 2008-04-08 00:36 698 --ahs---- C:\WINDOWS\system32\gbkxvjme.ini
2008-04-07 12:05 . 2008-04-09 21:41 8,405,015 --a------ C:\WINDOWS\TempFile
2008-04-07 10:56 . 2008-04-09 21:46 3,596 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-04-07 10:52 . 2008-04-07 10:52 2,126 --a------ C:\WINDOWS\system32\wpa.dbl
2008-04-07 04:04 . 2008-04-07 04:04 30,464 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-04-07 04:02 . 2008-04-07 04:02 27,904 --a------ C:\WINDOWS\ntnut.exe
2008-04-07 04:02 . 2008-04-07 04:02 11,008 --a------ C:\WINDOWS\123messenger.per
2008-04-07 03:45 . 2008-04-09 21:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-06 23:48 . 2008-04-06 23:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-06 23:48 . 2008-04-06 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 23:47 . 2008-04-07 01:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 23:47 . 2008-04-07 01:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 23:30 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-06 23:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-06 23:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-06 23:30 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-06 23:29 . 2008-04-06 23:29 12,032 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-06 20:40 . 2008-04-06 20:40 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Ipswitch
2008-04-06 20:24 . 2008-04-06 20:24 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Omnipod
2008-04-06 20:23 . 2007-08-27 14:09 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Intel
2008-04-06 20:23 . 2005-11-21 12:21 <DIR> d-------- C:\Documents and Settings\jefftest\{6B009945-0D67-438E-B477-EF5D2EE5EA66}
2008-04-06 20:23 . 2005-11-21 12:24 <DIR> d-------- C:\Documents and Settings\jefftest\{3BC096B0-A083-41F1-A299-441401FFFA2C}
2008-04-06 20:23 . 2005-11-21 12:22 <DIR> d-------- C:\Documents and Settings\jefftest\{0bedbd4e-2d34-47b5-9973-57e62b29307c}
2008-04-06 15:02 . 2008-04-06 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mjszurkz
2008-04-06 15:02 . 2008-04-06 15:02 67,584 --a------ C:\Documents and Settings\All Users\Application Data\pajutolw.dll
2008-03-24 03:25 . 2008-03-24 03:38 <DIR> d-------- C:\ADS2008
2008-03-21 20:02 . 2008-03-21 20:02 <DIR> d-------- C:\WINDOWS\EB38E3885E4F4B8FBB2267F52FF2B4B3.TMP
2008-03-20 19:17 . 2008-03-20 19:29 <DIR> d-------- C:\Documents and Settings\jedralla\Application Data\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 06:11 --------- d-----w C:\Documents and Settings\jedralla\Application Data\Skype
2008-04-10 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-10 05:24 --------- d-----w C:\Program Files\Java
2008-04-10 04:42 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-07 06:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 13:44 --------- d-----w C:\Documents and Settings\jedralla\Application Data\Intuit
2008-03-31 19:57 140 ----a-w C:\WINDOWS\system32\drivers\macxvi.cfg
2008-03-27 01:44 --------- d-----w C:\Program Files\QuickTime
2008-03-25 10:42 120 ----a-w C:\drmHeader.bin
2008-03-24 19:05 --------- d-----w C:\Program Files\Agilent
2008-03-24 18:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 19:03 --------- d-----w C:\Program Files\AgilentIE6Settings
2008-03-20 18:57 --------- d-----w C:\Program Files\Novatel Wireless
2008-01-25 03:08 516,173 ----a-w C:\WINDOWS\system32\MSVCP60D.DLL
2008-01-25 03:08 434,252 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL
2008-01-19 04:12 673,610 ------w C:\WINDOWS\unins001.exe
2007-04-06 06:23 1,024 ------w C:\Documents and Settings\All Users\Application Data\imgppt2.dll
2003-06-09 18:29 57,344 ------w C:\Program Files\internet explorer\plugins\atlnudge.dll
2005-10-12 23:04 131,072 ------w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-09_ 2.46.02.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 02:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 14:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 15:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2000-08-31 14:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
- 2006-11-09 21:28:20 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 08:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-11-09 21:28:30 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 08:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-11-09 23:07:32 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 09:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0063C2D9-2D75-4FF4-8701-6B34C925D17D}]
C:\WINDOWS\system32\ljJdBqQG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06368860-DD7C-4BAB-9ED5-0A2169606D1C}]
C:\WINDOWS\system32\efcCvUkJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]
C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adcist.exe"="c:\Agilent\adci\adcist.exe" [2003-12-11 14:31 69632]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 16:52 68856]
"LogitechSetup"="D:\setup.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 15:18 23233576]
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"qkvhhile"="C:\WINDOWS\system32\gbsnwvod.exe" [ ]
"Aim6"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41 860160]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 14:52 86105]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 16:02 815104]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 22:05 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 11:12 88209 C:\WINDOWS\AGRSMMSG.exe]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 15:54 184320]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939]
"adcius.exe"="c:\Agilent\adci\adcius.exe" [2007-07-05 11:03 49152]
"LAAM"="c:\agilent\bin\runit c:\Agilent\bin\s_user.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1140899710\ee\AOLSoftware.exe" [2005-11-02 20:01 50792]
"SchedulingAgent_nDG"="C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" [2005-10-21 17:40 1110016]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 16:33 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-06-06 13:25 125632]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 15:18 1582616]
"MBDocker.exe"="C:\WINDOWS\system32\MBDocker.exe" [2005-10-05 14:39 168208]
"AgNotificationCenter"="C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe" [2007-06-14 09:53 110592]
"AeXAgentLogon"="C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2005-01-18 09:31 143360]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 11:24 819200]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"WD Button Manager"="WDBtnMgr.exe" [2007-10-22 19:54 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"KTWCM_H1100"="C:\Program Files\KT WIBRO\SPH-H1100\KTWIBROCM.exe" [ ]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 10:47 159744]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-12-25 14:25 937984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-05-11 17:24 441120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe [2007-05-02 10:47:30 98304]
IO Control.lnk - c:\WINDOWS\Installer\{973FF72F-4B14-4A08-BA8C-A4FA5F0EC0F4}\NewShortcut2.53194037_DDF3_483C_97E9_67D689D47D96.exe [2007-12-04 18:48:17 155648]
POD.lnk - C:\Program Files\Omnipod\POD35\omnipod35.exe [2005-06-20 15:04:20 5787648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"qRiasATq1c"= C:\Documents and Settings\All Users\Application Data\mjszurkz\klkzsdct.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= qvphook.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=GPO_add_sdadmin.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=logonCI.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-198358228-527928863-167192953-277482\Scripts\Logon\0\0]
"Script"=cleanup.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"HyperSend-1-www.hypersend.com"="C:\Program Files\HyperSend\HyperSend.exe" /host=www.hypersend.com /cid=1
"Microsoft Windows Installer"=C:\Documents and Settings\jedralla\Local Settings\Temp\ie.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aim6.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Mobridg;Mobility PCI-2-PCI Bridge;C:\WINDOWS\system32\drivers\mobridg.sys [2005-10-05 14:38]
R0 premrt;premrt;C:\WINDOWS\system32\drivers\premrt.sys [2003-08-01 12:41]
R2 AgilentIOLibrariesService;Agilent IO Libraries Service;"c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe" [2007-09-28 15:32]
R2 agLogicSvc;Agilent Logic Analysis;C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe [2007-06-14 09:55]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2004-07-26 10:00]
R2 ndGlobalLauncher;ManageSoft installation agent;"C:\Program Files\ManageSoft\Launcher\ndserv.exe" [2005-10-21 17:38]
R2 ndinit;ManageSoft managed device;"C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe" [2005-10-21 17:40]
R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys [2004-02-23 09:40]
R2 SentinelKeysServer;Sentinel Keys Server;"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [2007-04-27 02:00]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-09-30 14:42]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 18:26]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 14:43]
R3 mrtcb;mrtcb;C:\WINDOWS\system32\drivers\mrtcb.sys [2003-09-10 09:59]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-09-06 15:30]
R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 13:02]
S2 adWLANusb;Analog Devices WLAN MB - 2;C:\WINDOWS\system32\Drivers\wlanmb.sys [2006-06-19 16:44]
S2 CSW;CSW;C:\System-TestWorkbench\2005A\licenses\bin\Lmgrd.exe []
S2 EZUSB;Cypress EZ-usb 2;C:\WINDOWS\system32\Drivers\ezusb.sys [2005-05-05 13:43]
S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" []
S3 BeceemNDIS;TarangService;C:\WINDOWS\system32\DRIVERS\BeceemNDIS.sys []
S3 BeceemNdisCardBus;Tarang;C:\WINDOWS\system32\DRIVERS\drxvi315.sys [2007-12-11 16:28]
S3 GCR410P;GEMPLUS GCR410P Serial Smart Card Reader;C:\WINDOWS\system32\DRIVERS\grserial.sys [2004-08-03 22:59]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 14:43]
S3 Ipt1394;Agilent E8491 1394 VXI controller;C:\WINDOWS\system32\DRIVERS\1394Ipt.sys [2007-09-28 14:41]
S3 magaService;Lan Discover Agent;C:\Program Files\Sygate\SSA\maga\maga.exe []
S3 MSHUSBVideo;NX6000 Filter Driver;C:\WINDOWS\system32\Drivers\nx6000.sys [2006-08-23 17:33]
S3 N5101A;Agilent Technologies N5101A Device Driver;C:\WINDOWS\system32\DRIVERS\N5101A.sys [2003-04-03 16:08]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\WINDOWS\system32\DRIVERS\nwusbser2.sys [2007-10-12 16:04]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2007-04-19 11:09]
S3 SamsungSerenum;Samsung ENUMERATER Serenum Filter Driver;C:\WINDOWS\system32\DRIVERS\VSPenum.sys []
S3 SamsungSerial;Samsung_BUS Serial port driver;C:\WINDOWS\system32\DRIVERS\Vsp.sys []
S3 SamsungWiBroNet;Wibro;C:\WINDOWS\system32\DRIVERS\SamsungWiBro.sys []
S3 Usbtmc;ausbtmc;C:\WINDOWS\system32\Drivers\ausbtmc.sys [2007-09-28 14:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c765c2fe-19ba-11dc-a006-444553544200}]
\Shell\Auto\command - D:\sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{F68D3BCB-E0D4-4E62-B16C-CAA794081E26}]
wscript //b "C:\Program Files\AgilentIE6Settings\ConfigureIE6.vbs"
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 23:11:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-09 23:15:09
ComboFix-quarantined-files.txt 2008-04-10 06:15:05
ComboFix2.txt 2008-04-09 08:46:26
Pre-Run: 6,777,135,104 bytes free
Post-Run: 6,761,160,704 bytes free
.
2008-04-07 20:08:01 --- E O F ---


###############################
###############################
########ComboFix3.txt##############
###############################
###############################

ComboFix 08-04-08.7 - jedralla 2008-04-09 2:23:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.835 [GMT -6:00]
Running from: C:\Documents and Settings\jedralla\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\jedralla\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\jedralla\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\jedralla\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\WINDOWS\BM13a6b28d.xml
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\system32\000080.exe
C:\WINDOWS\system32\000090.exe
C:\WINDOWS\system32\awtspNdd.dll
C:\WINDOWS\system32\geBrsQij.dll
C:\WINDOWS\system32\GMTwyyay.ini
C:\WINDOWS\system32\GMTwyyay.ini2
C:\WINDOWS\system32\GQqBdJjl.ini
C:\WINDOWS\system32\GQqBdJjl.ini2
C:\WINDOWS\system32\jiQsrBeg.ini
C:\WINDOWS\system32\jiQsrBeg.ini2
C:\WINDOWS\system32\JkUvCcfe.ini
C:\WINDOWS\system32\JkUvCcfe.ini2
C:\WINDOWS\system32\JTEffMoq.ini
C:\WINDOWS\system32\JTEffMoq.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oiexpntg.ini
C:\WINDOWS\system32\VxFLlUtv.ini
C:\WINDOWS\system32\VxFLlUtv.ini2
C:\WINDOWS\voiceip.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-08 01:02 . 2008-04-08 11:30 499 --a------ C:\WINDOWS\wininit.ini
2008-04-08 00:12 . 2008-04-08 00:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 22:51 . 2008-04-08 01:36 698 --ahs---- C:\WINDOWS\system32\gbkxvjme.ini
2008-04-07 13:05 . 2008-04-09 02:36 0 --a------ C:\WINDOWS\TempFile
2008-04-07 11:56 . 2008-04-08 23:19 3,596 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-04-07 11:52 . 2008-04-07 11:52 2,126 --a------ C:\WINDOWS\system32\wpa.dbl
2008-04-07 05:04 . 2008-04-07 05:04 30,464 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-04-07 05:02 . 2008-04-07 05:02 27,904 --a------ C:\WINDOWS\ntnut.exe
2008-04-07 05:02 . 2008-04-07 05:02 11,008 --a------ C:\WINDOWS\123messenger.per
2008-04-07 04:45 . 2008-04-09 02:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-07 00:48 . 2008-04-07 00:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-07 00:48 . 2008-04-07 00:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-07 00:47 . 2008-04-07 02:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-07 00:47 . 2008-04-07 02:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-07 00:30 . 2007-07-30 20:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-07 00:30 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-07 00:30 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-07 00:30 . 2007-07-30 20:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-07 00:29 . 2008-04-07 00:29 12,032 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-06 21:40 . 2008-04-06 21:40 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Ipswitch
2008-04-06 21:24 . 2008-04-06 21:24 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Omnipod
2008-04-06 21:23 . 2007-08-27 15:09 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Intel
2008-04-06 21:23 . 2005-11-21 13:21 <DIR> d-------- C:\Documents and Settings\jefftest\{6B009945-0D67-438E-B477-EF5D2EE5EA66}
2008-04-06 21:23 . 2005-11-21 13:24 <DIR> d-------- C:\Documents and Settings\jefftest\{3BC096B0-A083-41F1-A299-441401FFFA2C}
2008-04-06 21:23 . 2005-11-21 13:22 <DIR> d-------- C:\Documents and Settings\jefftest\{0bedbd4e-2d34-47b5-9973-57e62b29307c}
2008-04-06 16:02 . 2008-04-06 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mjszurkz
2008-04-06 16:02 . 2008-04-06 16:02 67,584 --a------ C:\Documents and Settings\All Users\Application Data\pajutolw.dll
2008-03-24 04:25 . 2008-03-24 04:38 <DIR> d-------- C:\ADS2008
2008-03-21 21:02 . 2008-03-21 21:02 <DIR> d-------- C:\WINDOWS\EB38E3885E4F4B8FBB2267F52FF2B4B3.TMP
2008-03-20 20:17 . 2008-03-20 20:29 <DIR> d-------- C:\Documents and Settings\jedralla\Application Data\Download Manager
2008-03-09 20:17 . 2008-03-09 22:17 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 08:34 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-09 08:17 --------- d-----w C:\Documents and Settings\jedralla\Application Data\Skype
2008-04-07 06:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 13:44 --------- d-----w C:\Documents and Settings\jedralla\Application Data\Intuit
2008-03-31 19:57 140 ----a-w C:\WINDOWS\system32\drivers\macxvi.cfg
2008-03-27 01:44 --------- d-----w C:\Program Files\QuickTime
2008-03-25 10:42 120 ----a-w C:\drmHeader.bin
2008-03-24 19:05 --------- d-----w C:\Program Files\Agilent
2008-03-24 18:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 19:03 --------- d-----w C:\Program Files\AgilentIE6Settings
2008-03-20 18:57 --------- d-----w C:\Program Files\Novatel Wireless
2008-01-25 03:08 516,173 ----a-w C:\WINDOWS\system32\MSVCP60D.DLL
2008-01-25 03:08 434,252 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL
2008-01-19 04:12 673,610 ------w C:\WINDOWS\unins001.exe
2007-04-06 06:23 1,024 ------w C:\Documents and Settings\All Users\Application Data\imgppt2.dll
2003-06-09 18:29 57,344 ------w C:\Program Files\internet explorer\plugins\atlnudge.dll
2005-10-12 23:04 131,072 ------w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0063C2D9-2D75-4FF4-8701-6B34C925D17D}]
C:\WINDOWS\system32\ljJdBqQG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{051C126E-E6AE-4DC8-88A7-87213596B1A6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06368860-DD7C-4BAB-9ED5-0A2169606D1C}]
C:\WINDOWS\system32\efcCvUkJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549AE8DB-B288-4070-B010-41A4470137D4}]
C:\WINDOWS\system32\vtUlLFxV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77A98656-344A-471E-9C8F-333754051A7F}]
C:\WINDOWS\system32\qoMffETJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]
C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DA5708F-4792-456D-9A48-30804981D86B}]
C:\WINDOWS\system32\yayywTMG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8EEB996-62AA-4E48-995D-EADDCAC47476}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b1f03258-1dd1-11b2-844a-d95ac99666f6}]
C:\WINDOWS\dgtsfulg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adcist.exe"="c:\Agilent\adci\adcist.exe" [2003-12-11 15:31 69632]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 17:52 68856]
"LogitechSetup"="D:\setup.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 16:18 23233576]
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"qkvhhile"="C:\WINDOWS\system32\gbsnwvod.exe" [ ]
"Aim6"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB8023"="command /c del C:\WINDOWS\system32\efcCvUkJ.dll_old" [ ]
"SpybotDeletingD6698"="cmd /c del C:\WINDOWS\system32\efcCvUkJ.dll_old" [ ]
"SpybotDeletingB269"="command /c del C:\WINDOWS\system32\gtnpxeio.dll_old" [ ]
"SpybotDeletingD3084"="cmd /c del C:\WINDOWS\system32\gtnpxeio.dll_old" [ ]
"SpybotDeletingB8400"="command /c del C:\WINDOWS\system32\pnhplaek.dll_old" [ ]
"SpybotDeletingD2041"="cmd /c del C:\WINDOWS\system32\pnhplaek.dll_old" [ ]
"SpybotDeletingB8811"="command /c del C:\WINDOWS\system32\qoMffETJ.dll_old" [ ]
"SpybotDeletingD3398"="cmd /c del C:\WINDOWS\system32\qoMffETJ.dll_old" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 11:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 14:41 860160]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 15:52 86105]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 17:02 815104]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 23:05 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 12:12 88209 C:\WINDOWS\AGRSMMSG.exe]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 16:54 184320]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 03:05 122939]
"adcius.exe"="c:\Agilent\adci\adcius.exe" [2007-07-05 12:03 49152]
"LAAM"="c:\agilent\bin\runit c:\Agilent\bin\s_user.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1140899710\ee\AOLSoftware.exe" [2005-11-02 21:01 50792]
"SchedulingAgent_nDG"="C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" [2005-10-21 18:40 1110016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 17:07 49263]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 17:33 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-06-06 14:25 125632]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 16:18 1582616]
"MBDocker.exe"="C:\WINDOWS\system32\MBDocker.exe" [2005-10-05 15:39 168208]
"AgNotificationCenter"="C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe" [2007-06-14 10:53 110592]
"AeXAgentLogon"="C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2005-01-18 10:31 143360]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 12:24 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 12:22 970752]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
"WD Button Manager"="WDBtnMgr.exe" [2007-10-22 20:54 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"KTWCM_H1100"="C:\Program Files\KT WIBRO\SPH-H1100\KTWIBROCM.exe" [ ]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 11:47 159744]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-12-25 15:25 937984]
"pajutolw"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\pajutolw.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA3218"="command /c del C:\WINDOWS\system32\efcCvUkJ.dll_old" [ ]
"SpybotDeletingC3313"="cmd /c del C:\WINDOWS\system32\efcCvUkJ.dll_old" [ ]
"SpybotDeletingA8071"="command /c del C:\WINDOWS\system32\gtnpxeio.dll_old" [ ]
"SpybotDeletingC361"="cmd /c del C:\WINDOWS\system32\gtnpxeio.dll_old" [ ]
"SpybotDeletingA3970"="command /c del C:\WINDOWS\system32\pnhplaek.dll_old" [ ]
"SpybotDeletingC5957"="cmd /c del C:\WINDOWS\system32\pnhplaek.dll_old" [ ]
"SpybotDeletingA5735"="command /c del C:\WINDOWS\system32\qoMffETJ.dll_old" [ ]
"SpybotDeletingC560"="cmd /c del C:\WINDOWS\system32\qoMffETJ.dll_old" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 18:56 53760 C:\WINDOWS\system32\narrator.exe]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-05-11 18:24 441120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe [2007-05-02 11:47:30 98304]
IO Control.lnk - c:\WINDOWS\Installer\{973FF72F-4B14-4A08-BA8C-A4FA5F0EC0F4}\NewShortcut2.53194037_DDF3_483C_97E9_67D689D47D96.exe [2007-12-04 19:48:17 155648]
POD.lnk - C:\Program Files\Omnipod\POD35\omnipod35.exe [2005-06-20 16:04:20 5787648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"qRiasATq1c"= C:\Documents and Settings\All Users\Application Data\mjszurkz\klkzsdct.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= qvphook.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=GPO_add_sdadmin.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=logonCI.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-198358228-527928863-167192953-277482\Scripts\Logon\0\0]
"Script"=cleanup.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"HyperSend-1-www.hypersend.com"="C:\Program Files\HyperSend\HyperSend.exe" /host=www.hypersend.com /cid=1
"Microsoft Windows Installer"=C:\Documents and Settings\jedralla\Local Settings\Temp\ie.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aim6.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Mobridg;Mobility PCI-2-PCI Bridge;C:\WINDOWS\system32\drivers\mobridg.sys [2005-10-05 15:38]
R0 premrt;premrt;C:\WINDOWS\system32\drivers\premrt.sys [2003-08-01 13:41]
R2 agLogicSvc;Agilent Logic Analysis;C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe [2007-06-14 10:55]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2004-07-26 11:00]
R2 ndGlobalLauncher;ManageSoft installation agent;"C:\Program Files\ManageSoft\Launcher\ndserv.exe" [2005-10-21 18:38]
R2 ndinit;ManageSoft managed device;"C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe" [2005-10-21 18:40]
R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys [2004-02-23 10:40]
R2 SentinelKeysServer;Sentinel Keys Server;"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [2007-04-27 03:00]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-09-30 15:42]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 19:26]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 15:43]
R3 mrtcb;mrtcb;C:\WINDOWS\system32\drivers\mrtcb.sys [2003-09-10 10:59]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-09-06 16:30]
R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 14:02]
S2 adWLANusb;Analog Devices WLAN MB - 2;C:\WINDOWS\system32\Drivers\wlanmb.sys [2006-06-19 17:44]
S2 AgilentIOLibrariesService;Agilent IO Libraries Service;"c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe" [2007-09-28 16:32]
S2 CSW;CSW;C:\System-TestWorkbench\2005A\licenses\bin\Lmgrd.exe []
S2 EZUSB;Cypress EZ-usb 2;C:\WINDOWS\system32\Drivers\ezusb.sys [2005-05-05 14:43]
S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" []
S3 BeceemNDIS;TarangService;C:\WINDOWS\system32\DRIVERS\BeceemNDIS.sys []
S3 BeceemNdisCardBus;Tarang;C:\WINDOWS\system32\DRIVERS\drxvi315.sys [2007-12-11 17:28]
S3 GCR410P;GEMPLUS GCR410P Serial Smart Card Reader;C:\WINDOWS\system32\DRIVERS\grserial.sys [2004-08-03 23:59]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 15:43]
S3 Ipt1394;Agilent E8491 1394 VXI controller;C:\WINDOWS\system32\DRIVERS\1394Ipt.sys [2007-09-28 15:41]
S3 magaService;Lan Discover Agent;C:\Program Files\Sygate\SSA\maga\maga.exe []
S3 MSHUSBVideo;NX6000 Filter Driver;C:\WINDOWS\system32\Drivers\nx6000.sys [2006-08-23 18:33]
S3 N5101A;Agilent Technologies N5101A Device Driver;C:\WINDOWS\system32\DRIVERS\N5101A.sys [2003-04-03 17:08]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\WINDOWS\system32\DRIVERS\nwusbser2.sys [2007-10-12 17:04]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2007-04-19 12:09]
S3 SamsungSerenum;Samsung ENUMERATER Serenum Filter Driver;C:\WINDOWS\system32\DRIVERS\VSPenum.sys []
S3 SamsungSerial;Samsung_BUS Serial port driver;C:\WINDOWS\system32\DRIVERS\Vsp.sys []
S3 SamsungWiBroNet;Wibro;C:\WINDOWS\system32\DRIVERS\SamsungWiBro.sys []
S3 Usbtmc;ausbtmc;C:\WINDOWS\system32\Drivers\ausbtmc.sys [2007-09-28 15:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c765c2fe-19ba-11dc-a006-444553544200}]
\Shell\Auto\command - D:\sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{F68D3BCB-E0D4-4E62-B16C-CAA794081E26}]
wscript //b "C:\Program Files\AgilentIE6Settings\ConfigureIE6.vbs"
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 02:36:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\ManageSoft\Usage Agent\mgsusageag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-04-09 2:46:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-09 08:46:18
Pre-Run: 5,541,900,288 bytes free
Post-Run: 7,081,164,800 bytes free
.
2008-04-07 20:08:01 --- E O F ---


###############################
###############################
#####CFlog_POST_CFScript.txt##########
###############################
###############################

ComboFix 08-04-13.1 - jedralla 2008-04-14 13:15:51.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.768 [GMT -7:00]
Running from: C:\Documents and Settings\jedralla\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jedralla\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\All Users\Application Data\mjszurkz\klkzsdct.exe
C:\Documents and Settings\All Users\Application Data\pajutolw.dll
C:\WINDOWS\system32\gbkxvjme.ini
C:\WINDOWS\system32\gbsnwvod.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\mjszurkz
C:\WINDOWS\system32\gbkxvjme.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.

2008-04-13 12:05 . 2008-04-13 12:05 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-13 12:05 . 2008-04-13 12:05 <DIR> d-------- C:\Documents and Settings\jedralla\Application Data\SUPERAntiSpyware.com
2008-04-13 12:05 . 2008-04-13 12:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-12 14:23 . 2008-04-12 14:23 <DIR> d-------- C:\Deckard
2008-04-09 22:24 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-09 22:22 . 2008-04-09 22:22 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-08 00:02 . 2008-04-08 10:30 499 --a------ C:\WINDOWS\wininit.ini
2008-04-07 23:12 . 2008-04-07 23:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 12:05 . 2008-04-13 14:56 0 --a------ C:\WINDOWS\TempFile
2008-04-07 10:56 . 2008-04-13 15:00 3,596 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-04-07 10:52 . 2008-04-12 14:16 2,184 --a------ C:\WINDOWS\system32\wpa.dbl
2008-04-07 03:45 . 2008-04-13 15:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-06 23:48 . 2008-04-06 23:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-06 23:48 . 2008-04-06 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 23:47 . 2008-04-07 01:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 23:47 . 2008-04-07 01:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 23:30 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-06 23:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-06 23:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-06 23:30 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-06 20:40 . 2008-04-06 20:40 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Ipswitch
2008-04-06 20:24 . 2008-04-06 20:24 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Omnipod
2008-04-06 20:23 . 2007-08-27 14:09 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Intel
2008-04-06 20:23 . 2005-11-21 12:21 <DIR> d-------- C:\Documents and Settings\jefftest\{6B009945-0D67-438E-B477-EF5D2EE5EA66}
2008-04-06 20:23 . 2005-11-21 12:24 <DIR> d-------- C:\Documents and Settings\jefftest\{3BC096B0-A083-41F1-A299-441401FFFA2C}
2008-04-06 20:23 . 2005-11-21 12:22 <DIR> d-------- C:\Documents and Settings\jefftest\{0bedbd4e-2d34-47b5-9973-57e62b29307c}
2008-03-24 03:25 . 2008-03-24 03:38 <DIR> d-------- C:\ADS2008
2008-03-21 20:02 . 2008-03-21 20:02 <DIR> d-------- C:\WINDOWS\EB38E3885E4F4B8FBB2267F52FF2B4B3.TMP
2008-03-20 19:17 . 2008-03-20 19:29 <DIR> d-------- C:\Documents and Settings\jedralla\Application Data\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 20:17 --------- d-----w C:\Documents and Settings\jedralla\Application Data\Skype
2008-04-13 21:57 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-13 19:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-10 05:24 --------- d-----w C:\Program Files\Java
2008-04-06 13:44 --------- d-----w C:\Documents and Settings\jedralla\Application Data\Intuit
2008-03-31 19:57 140 ----a-w C:\WINDOWS\system32\drivers\macxvi.cfg
2008-03-27 01:44 --------- d-----w C:\Program Files\QuickTime
2008-03-25 10:42 120 ----a-w C:\drmHeader.bin
2008-03-24 19:05 --------- d-----w C:\Program Files\Agilent
2008-03-24 18:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 19:03 --------- d-----w C:\Program Files\AgilentIE6Settings
2008-03-20 18:57 --------- d-----w C:\Program Files\Novatel Wireless
2008-01-25 03:08 516,173 ----a-w C:\WINDOWS\system32\MSVCP60D.DLL
2008-01-25 03:08 434,252 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL
2008-01-19 04:12 673,610 ------w C:\WINDOWS\unins001.exe
2007-04-06 06:23 1,024 ------w C:\Documents and Settings\All Users\Application Data\imgppt2.dll
2003-06-09 18:29 57,344 ------w C:\Program Files\internet explorer\plugins\atlnudge.dll
2005-10-12 23:04 131,072 ------w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adcist.exe"="c:\Agilent\adci\adcist.exe" [2003-12-11 14:31 69632]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 16:52 68856]
"LogitechSetup"="D:\setup.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 15:18 23233576]
"Aim6"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41 860160]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 14:52 86105]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 16:02 815104]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 22:05 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 11:12 88209 C:\WINDOWS\AGRSMMSG.exe]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 15:54 184320]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939]
"adcius.exe"="c:\Agilent\adci\adcius.exe" [2007-07-05 11:03 49152]
"LAAM"="c:\agilent\bin\runit c:\Agilent\bin\s_user.exe" [ ]
"SchedulingAgent_nDG"="C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" [2005-10-21 17:40 1110016]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 16:33 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-06-06 13:25 125632]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 15:18 1582616]
"MBDocker.exe"="C:\WINDOWS\system32\MBDocker.exe" [2005-10-05 14:39 168208]
"AgNotificationCenter"="C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe" [2007-06-14 09:53 110592]
"AeXAgentLogon"="C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2005-01-18 09:31 143360]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 11:24 819200]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"WD Button Manager"="WDBtnMgr.exe" [2007-10-22 19:54 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 10:47 159744]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-12-25 14:25 937984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-03 17:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-05-11 17:24 441120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe [2007-05-02 10:47:30 98304]
IO Control.lnk - c:\WINDOWS\Installer\{973FF72F-4B14-4A08-BA8C-A4FA5F0EC0F4}\NewShortcut2.53194037_DDF3_483C_97E9_67D689D47D96.exe [2007-12-04 18:48:17 155648]
POD.lnk - C:\Program Files\Omnipod\POD35\omnipod35.exe [2005-06-20 15:04:20 5787648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= qvphook.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=GPO_add_sdadmin.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=logonCI.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-198358228-527928863-167192953-277482\Scripts\Logon\0\0]
"Script"=cleanup.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--------- 2005-11-02 20:01 50792 C:\Program Files\Common Files\AOL\1140899710\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KTWCM_H1100]
C:\Program Files\KT WIBRO\SPH-H1100\KTWIBROCM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"HyperSend-1-www.hypersend.com"="C:\Program Files\HyperSend\HyperSend.exe" /host=www.hypersend.com /cid=1
"Microsoft Windows Installer"=C:\Documents and Settings\jedralla\Local Settings\Temp\ie.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aim6.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Agilent\\89600 VSA\\Vector\\VsaVector.exe"=
"C:\\Program Files\\Nortel Networks\\Extranet.exe"=

R0 Mobridg;Mobility PCI-2-PCI Bridge;C:\WINDOWS\system32\drivers\mobridg.sys [2005-10-05 14:38]
R0 premrt;premrt;C:\WINDOWS\system32\drivers\premrt.sys [2003-08-01 12:41]
R2 AgilentIOLibrariesService;Agilent IO Libraries Service;"c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe" [2007-09-28 15:32]
R2 agLogicSvc;Agilent Logic Analysis;C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe [2007-06-14 09:55]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2004-07-26 10:00]
R2 ndGlobalLauncher;ManageSoft installation agent;"C:\Program Files\ManageSoft\Launcher\ndserv.exe" [2005-10-21 17:38]
R2 ndinit;ManageSoft managed device;"C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe" [2005-10-21 17:40]
R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys [2004-02-23 09:40]
R2 SentinelKeysServer;Sentinel Keys Server;"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [2007-04-27 02:00]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-09-30 14:42]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 18:26]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 14:43]
R3 mrtcb;mrtcb;C:\WINDOWS\system32\drivers\mrtcb.sys [2003-09-10 09:59]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-09-06 15:30]
R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 13:02]
S2 adWLANusb;Analog Devices WLAN MB - 2;C:\WINDOWS\system32\Drivers\wlanmb.sys [2006-06-19 16:44]
S2 EZUSB;Cypress EZ-usb 2;C:\WINDOWS\system32\Drivers\ezusb.sys [2005-05-05 13:43]
S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" []
S3 BeceemNDIS;TarangService;C:\WINDOWS\system32\DRIVERS\BeceemNDIS.sys []
S3 BeceemNdisCardBus;Tarang;C:\WINDOWS\system32\DRIVERS\drxvi315.sys [2007-12-11 16:28]
S3 GCR410P;GEMPLUS GCR410P Serial Smart Card Reader;C:\WINDOWS\system32\DRIVERS\grserial.sys [2004-08-03 22:59]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 14:43]
S3 Ipt1394;Agilent E8491 1394 VXI controller;C:\WINDOWS\system32\DRIVERS\1394Ipt.sys [2007-09-28 14:41]
S3 magaService;Lan Discover Agent;C:\Program Files\Sygate\SSA\maga\maga.exe []
S3 MSHUSBVideo;NX6000 Filter Driver;C:\WINDOWS\system32\Drivers\nx6000.sys [2006-08-23 17:33]
S3 N5101A;Agilent Technologies N5101A Device Driver;C:\WINDOWS\system32\DRIVERS\N5101A.sys [2003-04-03 16:08]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\WINDOWS\system32\DRIVERS\nwusbser2.sys [2007-10-12 16:04]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2007-04-19 11:09]
S3 SamsungSerenum;Samsung ENUMERATER Serenum Filter Driver;C:\WINDOWS\system32\DRIVERS\VSPenum.sys []
S3 SamsungSerial;Samsung_BUS Serial port driver;C:\WINDOWS\system32\DRIVERS\Vsp.sys []
S3 SamsungWiBroNet;Wibro;C:\WINDOWS\system32\DRIVERS\SamsungWiBro.sys []
S3 Usbtmc;ausbtmc;C:\WINDOWS\system32\Drivers\ausbtmc.sys [2007-09-28 14:21]
S4 CSW;CSW;C:\System-TestWorkbench\2005A\licenses\bin\Lmgrd.exe []

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{F68D3BCB-E0D4-4E62-B16C-CAA794081E26}]
wscript //b "C:\Program Files\AgilentIE6Settings\ConfigureIE6.vbs"
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 13:17:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-14 13:18:20
ComboFix-quarantined-files.txt 2008-04-14 20:18:02
ComboFix2.txt 2008-04-13 22:17:41
ComboFix3.txt 2008-04-10 06:15:10
ComboFix4.txt 2008-04-09 08:46:26
Pre-Run: 6,275,358,720 bytes free
Post-Run: 6,258,569,216 bytes free
.
2008-04-07 20:08:01 --- E O F ---


###############################
###############################
#######HJTlog_post_CFscripttxt#########
###############################
###############################

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23, on 2008-04-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.NkoServer.exe
c:\Program Files\Agilent\IO Libraries Suite\bin\iproc82357.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\MBDocker.exe
C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Agilent\adci\adcist.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iprocsvr.exe
c:\Program Files\Agilent\IO Libraries Suite\bin\iproc8491.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ManageSoft\Usage Agent\mgsusageag.exe
C:\Program Files\Nortel Networks\Extranet.exe
c:\Program Files\Agilent\IO Libraries Suite\bin\iproc488.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.agilent.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.cos.agilent.com/autoproxy/autoproxy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = web-proxy:8088
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.agilent.com; localhost; 127.0.0.1; ;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [adcius.exe] c:\Agilent\adci\adcius.exe
O4 - HKLM\..\Run: [LAAM] c:\agilent\bin\runit c:\Agilent\bin\s_user.exe
O4 - HKLM\..\Run: [SchedulingAgent_nDG] "C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" -o RunNDStartup=True -o Startup=True
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [MBDocker.exe] C:\WINDOWS\system32\MBDocker.exe
O4 - HKLM\..\Run: [AgNotificationCenter] "C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe"
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [adcist.exe] c:\Agilent\adci\adcist.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSetup] D:\setup.exe /skip_all_checks /p /start /restart driveronly /l:enu
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0991 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0991 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: IO Control.lnk = ?
O4 - Global Startup: POD.lnk = C:\Program Files\Omnipod\POD35\omnipod35.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://be.agilent.com
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {F9DED47C-5B9F-4119-BAAF-E772E1BB551E} (HyperSend Agent) - https://www.hypersend.com/img/0/setup/hsc_win.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = agilent.com
O17 - HKLM\Software\..\Telephony: DomainName = agilent.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DBC3BF4-0839-4C2D-A4A4-31A9B3EF5515}: NameServer = 130.27.152.23,130.29.152.46
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = agilent.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = agilent.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = agilent.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Agilent IO Libraries Service (AgilentIOLibrariesService) - Agilent - c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe
O23 - Service: Agilent Logic Analysis (agLogicSvc) - Agilent Technologies, Inc. - C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hummingbird InetD (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - C:\Program Files\HPQ\SHARED\HPQWMI.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing)
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: ManageSoft installation agent (ndGlobalLauncher) - ManageSoft Corp - C:\Program Files\ManageSoft\Launcher\ndserv.exe
O23 - Service: ManageSoft managed device (ndinit) - ManageSoft Corp - C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 16066 bytes

#8 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 15 April 2008 - 03:06 PM

Hi

Your Combofix & hijackthis logs are now clean ...

From your DSS log :-

The malware file is definitely on a CD ...

D:\sal.xls.exe

C: is Fixed (NTFS) - 55.89 GiB total, 6.04 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)
Q: is Fixed (FAT32) - 465.65 GiB total, 160.44 GiB free.
Z: is Network (Unformatted)

As long as you don't enable autorun on your CD drive, then even inserting the infected CD will not be a problem, autorun is run by the autorun.inf file, & the autorun.inf is often compromised by malware to run malware files ...

If you have the flashdrives plugged in when you run Combofix, it will check them for you ...

You can also run this :-

Flash_Disinfector tool by sUBs ...

http://www.techsupportforum.com/sectools/s...Disinfector.exe

Just download the exe file and double click on it to run it...then follow instructions

A box will pop up telling you to plug in your flash drive and click OK to start the disinfection ... by the way if you try to cross the box of with the X in the corner ... it will run anyway ... after a few seconds a box will pop up saying "done"

RE: it does still seam to have single processes that take >300MB memory every once in a while. I dont think this ever happened before.

You'll have to give me more info on this ... I take it this is from task manager ...

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#9 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 24 June 2008 - 03:33 PM

Due to lack of feedback This thread is now treated as resolved and duly closed.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users