Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 mercedes85219

mercedes85219

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:12 PM

Posted 11 November 2011 - 04:00 PM

Attached is the ComboFix log from my computer.
Do I need to take any further steps or am I good to go now?

Thanks!

Jeannie

ComboFix 11-11-11.04 - Owner 11/11/2011 10:08:28.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2275 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\Application Data\ldr.ini
c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
c:\documents and settings\Owner\g2mdlhlpx.exe
c:\documents and settings\Owner\Start Menu\Programs\AV Security 2012
c:\documents and settings\Owner\WINDOWS
C:\Install.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\N.dll
.
Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 06:24 . 2011-07-15 13:29 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-11-10 22:35 . 2011-11-10 22:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-11-10 14:02 . 2011-11-10 14:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-11-10 14:02 . 2011-11-10 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-10 14:02 . 2011-11-10 14:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-10 14:02 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 13:57 . 2011-11-10 13:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-11-10 13:52 . 2011-11-10 13:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-11-10 10:27 . 2011-11-10 10:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-10 05:55 . 2011-11-10 05:55 -------- d-----w- c:\documents and settings\Owner\Application Data\W88ffRZ9hTXw
2011-11-10 05:55 . 2011-11-10 05:55 -------- d-----w- c:\documents and settings\Owner\Application Data\TUUUVellIBzP0c1
2011-11-10 05:55 . 2011-11-10 05:55 -------- d-----w- c:\documents and settings\Owner\Application Data\ndWWKK7fR
2011-10-16 19:59 . 2011-10-16 19:59 -------- d-----w- c:\documents and settings\Owner\.swt
2011-10-16 19:55 . 2011-10-16 19:55 -------- d-----w- c:\program files\Conduit
2011-10-16 19:55 . 2011-11-11 03:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 00:58 . 2011-05-21 22:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2007-05-25 16:48 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 00:57 . 2010-06-02 23:26 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-07 00:57 . 2010-06-02 23:26 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-10-07 00:57 . 2010-06-02 23:26 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-07 00:57 . 2010-06-02 23:26 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-09-28 07:06 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-02-28 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-26 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-6 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-10-07 00:57 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KMDPHFMG.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KMDPHFMG.lnk
backup=c:\windows\pss\KMDPHFMG.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WPN111 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Web Connector.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk
backup=c:\windows\pss\QuickBooks Web Connector.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-08-24 22:12 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 02:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
2002-06-27 17:51 286720 ----a-w- c:\windows\system32\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HLBackupScheduler]
2010-12-08 09:24 5247624 ----a-w- c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
2005-08-10 00:35 8597586 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2009-08-31 05:33 996616 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 08:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 17:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSBO Clean]
2006-06-12 21:50 851968 ----a-w- c:\program files\KONICA MINOLTA\PageScope Box Operator\PSBO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAuto.exe]
2008-08-13 03:49 405504 ----a-w- c:\program files\Creative\Software Update 3\SoftAuto.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-26 05:35 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Enterprise Solutions 7.0\\QBDBMgrN.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Adobe\\Photoshop CS\\Photoshop.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Enterprise Solutions 8.0\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBWebConnector\\QBWebConnector.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Enterprise Solutions 10.0\\QBDBMgrN.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/2/2011 10:37 AM 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 297168]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [10/6/2009 3:22 PM 10384]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [3/1/2011 12:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 3:40 PM 12856]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 3:23 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 3:23 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 3:23 PM 27216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 1:33 AM 7390560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 3:29 AM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/29/2011 12:05 AM 2152152]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 4:42 AM 64000]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [1/12/2010 5:51 PM 17149]
S3 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -N --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 3:29 AM 135664]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/12/2011 9:58 PM 19968]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/12/2011 9:58 PM 8320]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/8/2010 10:52 AM 20480]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [7/8/2010 10:52 AM 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [7/8/2010 10:52 AM 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [7/8/2010 10:52 AM 176384]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [7/7/2009 11:09 AM 166720]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~2\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 8:29 PM 32408]
S3 SQTECH913D;Photo Frame;c:\windows\system32\Drivers\Capt8080.sys --> c:\windows\system32\Drivers\Capt8080.sys [?]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [1/12/2010 5:51 PM 384608]
S4 Contcancpi;Contcancpi;c:\windows\system32\drivers\ati1xbxx.sys [7/14/2008 4:44 PM 29455]
S4 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [6/24/2010 12:34 PM 91456]
S4 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~2.0\QBDBMgrN.exe -hvQuickBooksDB18 --> c:\progra~1\Intuit\QUICKB~2.0\QBDBMgrN.exe -hvQuickBooksDB18 [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-11 c:\windows\Tasks\Ad-Aware Scan (Reg Maint).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-03-29 07:40]
.
2011-11-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-03-29 07:40]
.
2011-11-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 10:29]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 10:29]
.
2011-11-11 c:\windows\Tasks\User_Feed_Synchronization-{54200CE7-71CE-4EF1-A997-52DA679A4D9F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
2011-11-11 c:\windows\Tasks\User_Feed_Synchronization-{AE8110CB-3F4F-4891-AA92-9857ECA7D055}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{313B1759-7788-4E32-AF56-37CE9A580EFD}: NameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\dlrtegw0.default\
FF - prefs.js: browser.startup.homepage - hxxp://asp.liquio.com/Label2/Main/Main.jsp;jsessionid=xg8kgg4pc1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG10\Firefox
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Owner\Application Data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-SansaDispatch - c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
HKLM-Run-SysTrayApp - c:\program files\IDT\WDM\sttray.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-11 10:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe????n???H???2???????????url?(???????j???X?c???????????????????????????????c???????????c??
.
scanning hidden files ...
.
.
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001640062B45703207.qss 177239 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001650062B15102FB6.qss 176465 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001660062AB4F02500.qss 174927 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001670062A73C026BC.qss 173884 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001680062A70102938.qss 173825 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001690062B0C702DA6.qss 176327 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000016A0062A93D02B88.qss 174397 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000016B006285DE02BF6.qss 165342 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000016C00629206020AA.qss 168454 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001960062B28303E8B.qss 176771 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001970062845B04CBE.qss 164955 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000019800623D3103C52.qss 146737 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000199006293CE05412.qss 168910 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000019A00625D4104754.qss 154945 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000019B00625FC401BBD.qss 155588 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000019C006264F003E3D.qss 156912 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000019D006265A603F46.qss 157094 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000019E006284930307B.qss 165011 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000013C0062A11101B3F.qss 172305 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000013D00628B6004064.qss 166752 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000013E006282CC032A0.qss 164556 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000013F0062860A04275.qss 165386 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001400062950D02FF8.qss 169229 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001410062754B017D6.qss 161099 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000142006275CF01F70.qss 161231 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000014300627BBA04288.qss 162746 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000014400627DF90307D.qss 163321 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000018200627E6103D51.qss 163425 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000018300624FD60183F.qss 151510 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000018400628904019FB.qss 166148 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000018500628CEE0471C.qss 167150 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001860062790C01C38.qss 162060 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001870062AD1A0105A.qss 175386 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001880062B3FC04538.qss 177148 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000189006290900432D.qss 168080 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000018A0062904E02D94.qss 168014 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000009C006245B8016AD.qss 148920 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000009D006231F803314.qss 143864 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000009E00624A4B02B03.qss 150091 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000009F00626F80014D7.qss 159616 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000000A0006271CE02BB0.qss 160206 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000000A10062125D0230F.qss 135773 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000000A20062460602501.qss 148998 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000000A3006225E702109.qss 140775 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000000A400624A4801432.qss 150088 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000178006262F202AFE.qss 156402 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000017900628CF5024F4.qss 167157 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000017A0062867103530.qss 165489 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000017B0062AB720268A.qss 174962 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000017C006290E7023D1.qss 168167 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000017D006289BC02737.qss 166332 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000017E00627C4D044AA.qss 162893 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000017F00629E15040DE.qss 171541 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000180006282A102303.qss 164513 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002B80062519E02F72.qss 151966 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002B90062789802909.qss 161944 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002BA0062635703096.qss 156503 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002BB0062BF6302B0C.qss 180067 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002BC0062BBC604F51.qss 179142 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002BD00629B5B04F85.qss 170843 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002BE00628C3802AF6.qss 166968 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002BF0062963B02BCE.qss 169531 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002C000628C2703013.qss 166951 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000218006235A002347.qss 144800 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002190062496F0282F.qss 149871 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000021A006227C502900.qss 141253 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000021B00623E4C023D0.qss 147020 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000021C0061FDA20240D.qss 130466 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000021D00623CC701C37.qss 146631 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000021E00622B60029E1.qss 142176 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000021F0062490902F2B.qss 149769 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000022000627F7802BEF.qss 163704 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000029000625B120235F.qss 154386 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002910062714402416.qss 160068 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000029200624E19022C8.qss 151065 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002930062511701F4C.qss 151831 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002940062298B02451.qss 141707 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000029500629CCA01C4B.qss 171210 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002960062B294032FE.qss 176788 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002970062AE3F01D8F.qss 175679 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002980062B3010385E.qss 176897 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000015A00629F5B0351C.qss 171867 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000015B0062998003818.qss 170368 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000015C00623784024B6.qss 145284 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000015D006293600300E.qss 168800 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000015E00627F5803425.qss 163672 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000015F0062557D024C8.qss 152957 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000016000627DF40203B.qss 163316 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000016100627DAF03242.qss 163247 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000016200624B450244B.qss 150341 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002040062AB250359B.qss 174885 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002050062B28502E15.qss 176773 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002060062B5CE030C8.qss 177614 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002070062B9B503A7F.qss 178613 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000020800629F8A02CBF.qss 171914 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000209006273550273A.qss 160597 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000020A006278E0022D7.qss 162016 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000020B00627E9703544.qss 163479 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000020C006284B0036A2.qss 165040 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001B40062A7DB03800.qss 174043 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001B50062BA8403885.qss 178820 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001B600629B6403D9C.qss 170852 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001B7006288850393F.qss 166021 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001B800627BCC03E45.qss 162764 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001B90062912B02DD7.qss 168235 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001BA0062B6F3020FF.qss 177907 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001BB0062AEFC02DC0.qss 175868 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001BC00626C7005C79.qss 158832 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001BE00629220038AD.qss 168480 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001BF006263DD03631.qss 156637 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001C000624BBF018B8.qss 150463 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001C1006249D703800.qss 149975 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001C2006255E702603.qss 153063 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001C3006237FC0270F.qss 145404 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001C40062589502381.qss 153749 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001C500626D5A03510.qss 159066 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001C60062939D032EB.qss 168861 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001DC0062B2FB0207C.qss 176891 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001DD0062C06103263.qss 180321 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001DE0062C0EA03DBE.qss 180458 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001DF0062BD150390D.qss 179477 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001E00062AE5403A38.qss 175700 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001E100629D9102B9D.qss 171409 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001E200629E4701D99.qss 171591 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001E30062AFBA01EC8.qss 176058 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001E40062814D033BF.qss 164173 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002EA00625D62024B8.qss 154978 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002EB00626D9C01169.qss 159132 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002EC006265FB0230A.qss 157179 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002ED00626F62023E0.qss 159586 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002EE00627E1801EF6.qss 163352 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002EF0062A33601EFA.qss 172854 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002F00062AE6602604.qss 175718 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002F10062A515022CA.qss 173333 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002F200627AF402F66.qss 162548 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002F3006270D00397A.qss 159952 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002F400623B5E02F49.qss 146270 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002F5006251720306E.qss 151922 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000000CD0062840504F02.qss 164869 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001310062B90A03D11.qss 178442 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000019500628BB4024DB.qss 166836 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001F900626E4101A13.qss 159297 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000025D006299A004620.qss 170400 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001FA00622CDA02AC2.qss 142554 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001FB0062539A01B82.qss 152474 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001FC00627A4F01BFC.qss 162383 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001FD00624FD502ADD.qss 151509 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001FE00624F2F01F0E.qss 151343 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001FF006246C800F10.qss 149192 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002000062743C01C8C.qss 160828 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002010062506001154.qss 151648 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002020062AE35022A2.qss 175669 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000016E006273A702DA9.qss 160679 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000016F00627B5802F57.qss 162648 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001700062855A011DD.qss 165210 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000017100627F0402D66.qss 163588 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000017200626DFA02F1B.qss 159226 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000017300627B2F02FFA.qss 162607 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000017400627F8E02A0D.qss 163726 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001750062737502D85.qss 160629 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000176006284ED00F3B.qss 165101 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\A39F776F57734579B34D2CDB11B9A58E0000000100736727070CE.qss 223015 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\A39F776F57734579B34D2CDB11B9A58E0000000200735533076CB.qss 218419 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\A39F776F57734579B34D2CDB11B9A58E000000030020C58601BA8.qss 50566 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\A39F776F57734579B34D2CDB11B9A58E000000030073275F03935.qss 206687 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\A39F776F57734579B34D2CDB11B9A58E000000040020E52302EFC.qss 58659 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\A39F776F57734579B34D2CDB11B9A58E00000004007384B305AEF.qss 230579 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\A39F776F57734579B34D2CDB11B9A58E00000005007371B00599D.qss 225712 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\A39F776F57734579B34D2CDB11B9A58E000000060073797F0564D.qss 227711 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\A39F776F57734579B34D2CDB11B9A58E0000000700735CAC0618B.qss 220332 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\A39F776F57734579B34D2CDB11B9A58E00000008007376A502DF2.qss 226981 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002220062517F024EA.qss 151935 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000022300623B1F01988.qss 146207 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002240062340D03636.qss 144397 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000225006251EE01D45.qss 152046 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000226006276CD03249.qss 161485 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000022700622BFB02508.qss 142331 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000022800625764014F4.qss 153444 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002290062264A022EE.qss 140874 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000022A0062517103402.qss 151921 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000024A0062824203E3B.qss 164418 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000024B0062503004256.qss 151600 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000024C006220EB02272.qss 139499 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000024D00624731013FD.qss 149297 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000024E006273CD026FD.qss 160717 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000024F00620BE201F21.qss 134114 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002500061D53A01B67.qss 120122 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000025100621EC701B8D.qss 138951 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002520062184B019D6.qss 137291 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001D200626FF8038D9.qss 159736 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001D300626CDD0242D.qss 158941 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001D4006245650362B.qss 148837 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001D500623AF201B8F.qss 146162 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001D60061F69601980.qss 128662 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001D70062C491035D3.qss 181393 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001D80062B6C803A15.qss 177864 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001D90062A7F4027C6.qss 174068 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001DA0062B99103453.qss 178577 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002D60062B26E03413.qss 176750 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002D70062B56702997.qss 177511 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002D80062B7AD02C5F.qss 178093 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002D90062BD1703475.qss 179479 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002DA0062B28002D6F.qss 176768 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002DB0062B19E03987.qss 176542 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002DC0062B25502819.qss 176725 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002DD0062AD4E02E28.qss 175438 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002DE0062B22C02ABA.qss 176684 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000029A0062BE6B037A9.qss 179819 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000029B0062BA0F03BF3.qss 178703 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000029C0062A8BD025E5.qss 174269 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000029D006296BA0299F.qss 169658 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000029E0062BAF902110.qss 178937 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000029F0062B47A02CB7.qss 177274 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002A00062A72F02D11.qss 173871 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002A10062AD50026B3.qss 175440 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002A200628C7B0282C.qss 167035 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000024000622B5802B77.qss 142168 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002410062448A0259B.qss 148618 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000024200622936029C3.qss 141622 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000243006238AA01BFF.qss 145578 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000244006246BA01D6A.qss 149178 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000024500623FDD0205F.qss 147421 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002460062327001D02.qss 143984 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000247006232F801C6C.qss 144120 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002480062437302813.qss 148339 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001E60062982302310.qss 170019 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001E70062744F039FB.qss 160847 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001E80062536202877.qss 152418 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001E90062497C028E0.qss 149884 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001EA00625D920265A.qss 155026 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001EB0062929D01E52.qss 168605 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001EC0062AE430406E.qss 175683 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001ED0062B8FE030E2.qss 178430 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000001EE00625E4402F5E.qss 155204 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002030062ACC102C9D.qss 175297 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000020D006286F804194.qss 165624 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000217006232B203F8C.qss 144050 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000022100624B7502FE4.qss 150389 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000022B00622D1603367.qss 142614 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002350062548A00FE5.qss 152714 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000023F0062743D04203.qss 160829 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000024900622EE20406D.qss 143074 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000025300621E5A01828.qss 138842 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000000D80062270602992.qss 141062 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000000D9006288FB024AA.qss 166139 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000000DA00626F3002EF5.qss 159536 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000000DB00628D7C036DF.qss 167292 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000000DC0062A1CE050D8.qss 172494 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000000DD0062A9B304576.qss 174515 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000000DE00629E0903D33.qss 171529 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000000DF00628D9A03211.qss 167322 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000000E000624CD902573.qss 150745 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000023600625F8E03B43.qss 155534 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002370062425903B53.qss 148057 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000238006227BF02605.qss 141247 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000239006205D002015.qss 132560 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000023A00623AF701ADE.qss 146167 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000023B00621E9503051.qss 138901 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000023C006277C101C4D.qss 161729 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000023D00626F7902AE6.qss 159609 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000023E00628E66028C3.qss 167526 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000025E0062AAC104D02.qss 174785 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000025F006287320390B.qss 165682 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000260006275B10388F.qss 161201 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000261006265DA02E23.qss 157146 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000026200628B7B04666.qss 166779 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000026300626C9502F08.qss 158869 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000264006263ED0279E.qss 156653 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002650062B6C305FC9.qss 177859 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002660062A01206140.qss 172050 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000026800629CC30600B.qss 171203 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E50200000269006265FA038FE.qss 157178 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000026A0062A1FA01FEE.qss 172538 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000026B0062ADF605849.qss 175606 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000026C0062B43805785.qss 177208 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000026D00628A2F02197.qss 166447 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000026E00627B7B034D6.qss 162683 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E5020000026F0062527901992.qss 152185 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\72DD7792BD864398847F45FE0234E502000002700062548D02771.qss 152717 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\B643FAD10AF84F2FB68D8CE72F15B52E00000001007372A2058B4.qss 225954 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\B643FAD10AF84F2FB68D8CE72F15B52E0000000200737C1B0574F.qss 228379 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\B643FAD10AF84F2FB68D8CE72F15B52E0000000300735BAA03EE6.qss 220074 bytes
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\B643FAD10AF84F2FB68D8CE72F15B52E000000040073825B039B5.qss 229979 bytes
C:\Documents and S
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0a\00\10\138/?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3364)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\dfshim.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVG\AVG10\avgui.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-11 10:46:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-11 17:45
.
Pre-Run: 60,364,918,784 bytes free
Post-Run: 63,438,663,680 bytes free
.
- - End Of File - - CC3253A02DB867165970426A5F3EECDB

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 16 November 2011 - 04:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427449 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 21 November 2011 - 04:10 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users