Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthislog


  • This topic is locked This topic is locked
25 replies to this topic

#1 bignight2

bignight2

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:01:44 AM

Posted 07 April 2007 - 11:16 AM

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:54:11 PM, on 4/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\PurgeIE\PurgPro_Service.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\rsvp.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://128.230.208.134/activex/AMC.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PurgPro XP Service (PurgProService) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgPro_Service.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 3557 bytes



i belive the trojan is Trojan.Zlob....

Edited by bignight2, 07 April 2007 - 12:56 PM.


BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 07 April 2007 - 02:54 PM

Hello bignight2 and welcome to the BleepingComputer forums. My name is Charles and I will be helping you to clean up your computer today.
You are using TrendMicro's HijackThis which is still in the testing process at the moment, so there may be some problems with it. Therefore, please download version 1.99.1 of HijackThis from the following link:
HJT v1.99.1. Make sure that you delete any old copies of HijackThis that you have saved on your computer so that you don't use them in the future.

Using My Computer/Windows Explorer, navigate to where you have HJT saved.
Right-click on the hijackthis.exe file.
Select "Rename", call it fluffybunny and press enter.
Use fluffybunny.exe from now on.

Then please post back a new HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:01:44 AM

Posted 07 April 2007 - 03:27 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:23:40 PM, on 4/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\PurgeIE\PurgPro_Service.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Steam\steam.exe
C:\WINDOWS\System32\rsvp.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://128.230.208.134/activex/AMC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PurgPro XP Service (PurgProService) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgPro_Service.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

ok. here it is.

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 07 April 2007 - 03:37 PM

You haven't renamed HijackThis yet ... :thumbsup:

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:01:44 AM

Posted 07 April 2007 - 03:41 PM

lol, yea the other one is off the comp this way i know what it is.

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 07 April 2007 - 04:22 PM

Well it is very important that we rename HijackThis because some malware targets files named hijackthis.exe. If we rename it, this will not work, and the malware will not show in your log, so we know what you have installed on your computer.
I chose fluffybunny.exe because it is something that you are not likely to "accidentally" remove because it has such a destinctive filename. Anyway, you will know what file is is because it will be in your HijackThis folder, but if you want to, you can choose another name to change it to. Maybe something like bignight2.exe.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:01:44 AM

Posted 07 April 2007 - 05:21 PM

ok i changed it to bignight2.exe...do you need another log?

#8 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:01:44 AM

Posted 07 April 2007 - 08:23 PM

OK, seems as ya just wasting my time, and no im not gonna name a file on my pc, fluffbunny, i know its easter and all so ill be nice, ide like some real responce soon, thanks guys

#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 08 April 2007 - 04:35 AM

I can guarantee I'm not wasting your time renaming the file, and I'm quite angered that you think I am. I'd also like to let you know that I live in the UK, so I'm in a completely different timezone to you. You posted at 21.26 and 02.23, when I was obviously not on the computer. We do this in our free time as a hobby, so we do not spend 24 hours a day on the PC.
Like I said, it is important to rename HijackThis, I chose fluffybunny because it is a distinctive name, something that you are unlikely to delete without knowing what it is. Many people like rename the file to HJT.exe, but malware will in the future begin targeting this file name too, because it is so commonly used. Therefore it is best to name it something disinctive.
Post back a new log.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#10 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:01:44 AM

Posted 08 April 2007 - 07:02 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:18:01 AM, on 3/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\PurgeIE\PurgPro_Service.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\bignight2.exe.exe

O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://128.230.208.134/activex/AMC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PurgPro XP Service (PurgProService) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgPro_Service.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

..it still says hijack at the top i changed the program name to bignight2 tho.....is that still fine or was that name also meant to change?

Edited by bignight2, 08 April 2007 - 07:22 AM.


#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 08 April 2007 - 10:44 AM

No, what you did is fine.
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1, and press Enter.
A text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

Please include both of the requested logs in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#12 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:01:44 AM

Posted 08 April 2007 - 11:32 AM

SmitFraudFix v2.166

Scan done at 12:01:25.67, Thu 03/08/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\PurgeIE\PurgPro_Service.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\Owner


C:\Documents and Settings\Owner\Application Data


Start Menu


C:\DOCUME~1\Owner\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=" "


pe386-msguard-lzx32-huy32



DNS

Description: LAN-Express IL 802.11 USB 2.0 Adapter - Packet Scheduler Miniport
DNS Server Search Order: 24.92.226.9
DNS Server Search Order: 24.92.226.102

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9F8C5584-4B23-4C04-A999-BA857F92908E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9F8C5584-4B23-4C04-A999-BA857F92908E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9F8C5584-4B23-4C04-A999-BA857F92908E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102


Scanning wininet.dll infection


End


"Owner" - 07-03-08 12:03:28 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Owner\Desktop"


((((((((((((((((((((((((((((((( Files Created from 2007-02-08 to 2007-03-08 ))))))))))))))))))))))))))))))))))


2007-03-28 11:40 <DIR> d-------- C:\Program Files\Viewpoint
2007-03-28 11:40 <DIR> d-------- C:\Program Files\AWS
2007-03-28 11:40 <DIR> d-------- C:\Program Files\AIM
2007-03-28 11:40 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Aim
2007-03-28 11:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-03-21 22:07 <DIR> d-------- C:\Program Files\Hasbro Interactive
2007-03-18 00:00 <DIR> d-------- C:\Program Files\BearShare
2007-03-15 11:23 497,496 --a------ C:\WINDOWS\system32\XceedZip.dll
2007-03-15 11:19 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll
2007-03-14 08:12 <DIR> d-------- C:\MSN Emoticons
2007-03-14 08:12 <DIR> d-------- C:\MSN Display Pics
2007-03-08 12:01 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-08 12:01 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-08 01:36 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Corel
2007-03-08 01:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
2007-03-08 01:29 88 -r-hs---- C:\WINDOWS\system32\75C4AB8863.sys
2007-03-08 01:29 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-03-02 22:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-03-02 22:31 <DIR> dr-h----- C:\DOCUME~1\Owner\APPLIC~1\yahoo!
2007-02-28 23:18 181,491 --a------ C:\WINDOWS\MWO Alpha Uninstaller.exe
2007-02-21 22:38 <DIR> d-------- C:\Setups
2007-02-16 01:45 20 --a------ C:\sccfg.sys
2007-02-16 01:44 73,728 --a------ C:\WINDOWS\system32\FLKill.exe
2007-02-15 23:16 385,671 --a------ C:\WINDOWS\VTA Uninstaller.exe
2007-02-10 23:31 <DIR> d-------- C:\DOWNLOADS
2007-02-10 23:31 <DIR> d-------- C:\!Temp


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-07 09:34 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-03-28 18:06 2048 --a------ C:\WINDOWS\system32\tr_sttool.dat
2007-03-21 21:09 -------- d-------- C:\Program Files\pokerstars.test
2007-03-18 08:07 -------- d-------- C:\Program Files\mirc
2007-03-15 09:24 -------- d-------- C:\Program Files\msn messenger
2007-03-15 09:24 -------- d-------- C:\Program Files\messenger
2007-03-08 11:52 -------- d-------- C:\Program Files\pokerstars
2007-03-08 08:25 -------- d-------- C:\Program Files\steam
2007-02-28 23:18 -------- d-------- C:\Program Files\mwo alpha
2007-02-06 22:08 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\utorrent
2007-02-04 13:05 -------- d-------- C:\Program Files\bulent's screen recorder
2007-01-31 22:14 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\divx
2007-01-30 01:08 -------- d-------- C:\Program Files\divx
2007-01-25 20:19 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-01-25 20:19 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-01-25 20:19 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-25 20:19 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-01-25 20:19 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-01-25 20:19 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-01-25 20:19 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-01-25 20:19 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-25 20:18 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-25 20:18 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-25 20:13 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-01-25 20:13 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-01-25 20:13 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-01-25 20:13 738906 --a------ C:\WINDOWS\system32\divx.dll
2007-01-25 20:13 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-25 20:13 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2007-01-25 20:13 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-25 20:13 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2007-01-25 20:13 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-25 20:13 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-25 20:13 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-25 20:13 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-15 15:57 -------- d-------- C:\Program Files\srslabs
2007-01-15 15:57 -------- d-------- C:\Program Files\Common Files\srs
2007-01-15 11:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe
2007-01-15 11:26 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-01-15 11:25 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-01-15 11:23 90112 --a------ C:\WINDOWS\system32\avastss.scr
2007-01-13 23:44 -------- d--h----- C:\Program Files\installshield installation information
2007-01-13 15:44 4096 --a------ C:\WINDOWS\d3dx.dat
2007-01-12 15:29 1368 --a------ C:\Program Files\mastertickerlist.txt
2007-01-12 15:29 1368 --a------ C:\Program Files\mastertickerlist.test
2007-01-12 15:28 8 --a------ C:\WINDOWS\modemx.dll
2007-01-12 15:28 1577 --a------ C:\WINDOWS\wsys049.sys
2007-01-12 15:16 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\awesem
2007-01-12 14:30 -------- d-------- C:\Program Files\windows media connect 2
2007-01-09 23:41 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\apple computer
2007-01-08 23:42 1095 --a------ C:\WINDOWS\system32\sdbackup.reg
2007-01-08 19:23 -------- d-------- C:\Program Files\xvid
2007-01-03 14:17 306880 --a------ C:\WINDOWS\blow3.scr
2007-01-03 14:17 30208 --a------ C:\WINDOWS\mickey32.dll
2007-01-03 14:17 1088067 --a------ C:\WINDOWS\blow3.exe
2006-12-15 19:03 73216 --a------ C:\WINDOWS\st6unst.exe
2006-12-15 19:03 286720 --------- C:\WINDOWS\setup1.exe
2006-12-14 20:59 4 --a------ C:\WINDOWS\info147.sys
2006-12-12 11:24 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-12-12 11:24 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-12-08 04:57 77312 --a------ C:\WINDOWS\system32\twain_32.dll
2006-12-08 04:57 69632 --a------ C:\WINDOWS\system32\twunk_32.exe
2006-12-08 04:57 48560 --a------ C:\WINDOWS\system32\twunk_16.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"Steam"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HPHUPD05"="c:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"AutoTKit"="C:\\hp\\bin\\AUTOTKIT.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Scheduled Updates.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Scheduled Updates.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Quicken\\bagent.exe "
"item"="Quicken Scheduled Updates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"c:\\program files\\steam\\steam.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DriveConfiguration"=hex:c4,16,37,fd,db,a2,5c,6f,26,24,ed,b4,a9,dd,39,b4,41,89,\
14,be,93,8a,71,ca,43,42,34,01,66,c1,41,7f,39,a0,d9,57,13,2c,26,d7,98,c7,14,\
0e,30,8c,63,8c,b7,32,fa,69,76,33,7f,88,53,2d,24,1d,44,88,c4,6d,0a,59,2e,d5,\
1b,86,c0,0e,e0,2b,39,af,db,20,3d,c8,f4,bc,6d,68,bd,9e,50,70,da,ec,bc,66,85,\
81,75,15,30,9d,09,df,82,db,f8,54,9c,64,18,02,a0,63,38,8f,74,b8,04,06,c3,f1,\
28,6f,45,76,b9,a2,41,03,d0,5c,50,5c,78,93,63,3c,ca,07,07,8e,56,1a,e8,df,c5,\
e1,94,14,bd,7b,82,58,05,a2,53,ab,59,ea,7f,57,b4,e1,c3,53,ad,6d,f3,82,24,43,\
03,d9,c4,ac,27,8f,7e,2c,e6,dd,36,61,70,02,bc,2d,31,8b,fd,17,a6,d1,7b,ef,70,\
c3,fa,b1,a7,e6,7c,ac,70,99,70,e4,d2,9e,27,b4,c5,d6,87,b8,8c,4c,03,e9,45,75,\
ca,0a,bf,b6,3f,44,8b,27,aa,0d,56,97,fd,2d,4d,75,d0,f9,c4,c2,1c,c1,a6,a7,08,\
6f,89,78,67,17,81,06,9a,29,8a,71,0f,ea,26,3d,08,25,46,a8,9e,1d,6e,3b,05,c7,\
15,a0,11,36,4a,b3,f9,57,9e,db,5b,de,3d,9b,81,80,5e,64,e3,63,de,ae,ed,d3,27,\
46,02,36,57,ea,c0,42,9e,13,86,6d,e8,12,33,f3,a5,bd,5e,31,42,65,2d,b3,39,4f,\
41,3a,92,b3,05,5e,1c,77,d8,cb,5f,50,a9,8a,d2,29,c4,81,4e,c8,eb,3e,c3,af,a9,\
f0,29,40,e3,b6,ba,25,b0,1d,5f,ef,6a,e3,68,fd,05,01,7f,a0,a0,e9,df,7c,5a,0d,\
c1,32,67,a0,17,3b,63,a0,7d,17,e6,14,6d,a8,58,92,d1,b2,d8,07,05,1f,82,76,ad,\
80,90,f8,67,d1,61,7e,2f,ae,6d,ae,e3,0b,2b,35,4a,25,32,5d,54,b8,9f,e2,a4,73,\
b8,01,4b,a9,ce,d3,d7,49,68,d9,8c,10,9d,d8,f1,fd,c2,e7,8e,06,46,c6,f5,09,d9,\
71,ff,05,d4,f5,58,8a,d5,83,3e,6e,a9,c3,85,c2,70,6a,df,b9,04,fb,0f,5a,96,79,\
3a,2a,6f,53,bf,a9,11,54,4a,9c,bb,0d,3a,b8,df,78,b3,64,d6,db,ee,c1,d3,ef,d4,\
e8,16,42,cc,72,62,da,d1,3e,b0,1b,c7,6e,25,ea,0f,b3,42,13,59,cb,5a,e8,b9,48,\
4a,2b,fd,92,64,2f,3e,2f,ac,39,b6,42,47,2c,d1,52,30,66,87,4d,c4,2d,e5,e8,cd,\
02,ae,f9,99,e4,6f,be,6f,30,63,98,01,5d,76,d1,3d,2f,aa,76,d1,2e,b9,65,ef,57,\
fb,a6,4d,11,8b,ff,71,62,a5,c2,2b,63,53,ea,63,f2,49,66,14,a6,0d,b5,99,08,5b,\
b3,28,00,c7,b3,9c,8d,a4,cd,77,b9,25,79,27,cd,c2,5d,88,c1,dd,64,ab,b6,f6,a6,\
10,d5,27,3c,11,cb,9d,14,16,4d,a3,9f,e3,e1,3a,27,a4,d1,0e,fa,81,77,a8,cb,72,\
b8,e4,55,55,cf,a6,41,3d,4c,c9,4a,0e,5c,58,9f,47,4a,01,89,1e,46,c6,4d,d2,66,\
f6,54,3d,ea,5c,89,a8,c4,b6,03,e4,57,68,e4,96,80,72,81,d3,d3,a0,c3,ed,27,b6,\
00,cc,8c,54,99,de,00,3b,5a,79,d5,07,51,c4,a8,b3,1d,2e,3a,cc,a6,55,c3,79,0b,\
27,89,b8,dc,47,b0,ea,8a,b2,54,92,1c,a2,d5,5a,23,b2,72,56,ef,44,1a,8d,03,20,\
7e,b6,c7,5d,6b,3f,7d,85,57,94,76,f4,39,9d,86,81,9e,88,b5,61,fa,ca,37,47,3c,\
60,d2,9f,d0,a5,5b,4f,1f,d9,9b,33,c4,37,db,af,e3,66,ed,d5,92,30,47,dc,82,94,\
bf,cd,e2,16,93,80,80,5a,ac,c7,32,f1,24,e9,74,73,05,52,52,ce,54,88,89,dd,4e,\
61,e9,3d,f1,73,fd,5c,be,cd,ee,d2,be,e4,a5,f5,c3,d0,30,a7,f0,b9,67,73,7b,8c,\
cf,d8,b2,98,f2,be,e5,3c,82,c0,06,a2,35,3a,1e,0d,1b,4d,d6,51,4d,fd,34,2b,23,\
93,6f,c7,a7,3f,02,86,49,02,ff,fd,d4,cb,a6,41,a0,e0,36,62,09,80,03,35,21,c7,\
c9,57,a2,d1,40,6e,26,22,f0,b2,9b,46,47,ad,f1,b4,e9,3e,15,f8,47,e4,23,12,73,\
39,d7,19,32,bd,a5,45,23,53,d5,cb,69,40,13,43,a7,d3,b8,7d,c2,6b,78,ec,ad,3e,\
7d,9f,8d,f1,ae,73,1c,65,30,88,4b,d4,2d,f1,2b,1e,d5,b0,0d,5d,a3,e1,e8,bf,e2,\
35,fc,95,6f,a2,b5,a7,c0,59,d2,cb,25,f9,c6,b6,4e,02,5f,11,0e,8c,a5,cf,5e,39,\
05,bf,a5,68,af,5d,37,9c,ab,3c,ee,1b,7b,94,cc,11,2b,0f,fe,d3,1b,da,0b,9c,2e,\
9d,10,e7,7e,5a,11,79,4e,98,8d,a1,3f,c2,55,bf,c7,ca,9d,03,e0,11,54,77,fd,8b,\
b1,40,42,1e,0f,20,f4,4c,fa,40,2f,12,8a,2d,d7,10,ef,20,d0,e9,4e,82,72,ed,cb,\
af,37,f6,e7,fb,b7,8f,0d,f2,99,d7,5c,67,e4,3d,b5,f6,a1,07,95,e2,82,bc,b3,0f,\
a9,82,ee,f0,89,92,ee,a0,a8,ea,09,2f,a3,41,63,39,73,40,5a,be,f0,ef,21,2d,93,\
6e,aa,c2,80,e5,ca,12,c4,bd,98,e5,db,11,15,43,75,5f,13,d1,79,84,4f,5e,4b,e7,\
e1,ba,4a,f4,d6,c7,9d,cc,1b,d2,30,ac,3a,9c,23,f9,e9,ae,d2,80,d5,aa,dd,9e,00,\
db,78,85,66,9b,a4,00,32,b8,03,fc,32,1d,eb,48,89,ae,b9,99,a4,73,68,d1,6f,f9,\
62,81,c8,f5,95,ac,33,2b,ca,ce,d0,8e,32,1c,8b,a9,42,0e,93,3d,c1,1b,0d,2c,20,\
c3,09,95,09,d3,b5,41,3a,e5,d0,3e,94,26,9b,62,c9,6f,5c,ab,71,31,27,59,7a,1f,\
86,fd,80,72,9e,c0,5c,ae,b7,52,4b,2f,88,24,4d,05,b4,d7,cc,02,94,f4,7e,10,37,\
dd,8c,c8,a7,04,f4,41,6e,5a,2c,26,59,0a,08,0c,7c,68,dd,02,76,24,e7,69,f6,c4,\
e8,06,7e,51,12,55,68,50,27,20,26,f3,df,51,cd,a8,91,8a,04,d5,54,f6,e1,1a,31,\
93,a9,27,1e,d5,0e,b4,7f,da,c8,6d,e1,4d,e5,f6,ea,8a,61,2b,90,03,f6,ac,8a,e2,\
35,99,04,ef,d6,9a,97,b5,4d,23,78,e0,9d,f6,f0,ea,71,e9,0c,f7,69,e9,95,fd,b2,\
3f,42,27,d9,12,2d,7c,e1,2d,84,bb,93,03,81,8a,15,f0,e3,9c,d0,be,c2,ff,60,29,\
78,3a,d7,88,49,38,c7,3b,e9,71,15,a1,07,62,9f,2f,1a,3a,22,bf,5d,d7,5b,2a,18,\
f0,6d,18,22,94,83,17,a4,d3,b6,eb,1f,ba,31,25,b1,85,93,f7,94,11,94,47,e7,90,\
ec,02,b1,80,70,b3,23,de,7f,54,1d,97,9c,64,f4,3f,5c,39,72,d3,05,83,98,1f,e7,\
6a,83,bf,22,a4,52,1c,ed,e0,05,06,66,11,d9,97,cd,cd,19,bb,f0,f3,37,f0,e6,91,\
1b,4b,00,05,bb,bc,fd,62,ec,92,7d,14,78,42,b8,c8,70,64,70,86,c4,fe,24,20,10,\
05,87,d0,b9,21,30,1d,39,b1,93,fe,b7,0f,30,42,db,15,0a,2f,e0,e0,ba,5b,6a,eb,\
d3,86,16,9b,df,4d,40,e1,02,44,7b,12,0e,86,c7,3a,ac,a6,b8,b3,a0,e9,d4,f7,4f,\
b2,3c,b3,7e,3d,8e,1c,5c,90,0b,86,c3,af,f5,33,bb,10,3b,69,40,4e,58,c7,44,21,\
79,d8,f8,8e,de,e9,48,5b,82,18,a4,c6,fe,ae,06,76,ab,af,31,b2,07,ae,36,e8,d1,\
5a,e6,3d,f2,99,87,82,ed,8a,4e,9e,88,29,58,08,ef,4a,38,db,5e,81,47,da,21,3f,\
3b,b1,be,3d,fc,7d,71,1e,b2,8f,d8,4f,23,6d,f0,33,3c,1a,40,7d,ed,98,54,dc,3a,\
aa,6d,de,90,de,77,0e,55,cb,3b,60,c2,98,d6,d0,f5,bd,6a,45,42,0e,13,bb,cb,f5,\
d7,1d,a1,50,ff,74,80,48,9a,5b,de,30,1c,61,62,23,08,91,38,ab,8d,ea,b7,d6,50,\
0e,42,8d,6b,3e,6c,22,b6,86,5f,28,45,35,7e,87,32,90,49,cf,9c,c8,81,cd,ef,29,\
8d,5c,66,93,1d,7e,cf,2e,0d,ac,8e,5a,8c,6a,e5,e5,7d,1d,73,81,1d,21,fa,75,e7,\
17,65,95,92,b4,7c,09,69,27,80,2b,bb,48,15,c2,31,6f,46,7f,4d,64,ca,0b,a1,c4,\
d9,8f,3f,a7,3e,7a,70,7f,ae,7e,a9,43,58,dc,ba,ce,bd,e2,49,81,c2,b2,7f,30,03,\
44,01,3c,6b,af,22,fc,01,a4,56,62,05,3b,ea,db,3c,f2,f3,76,88,f2,85,49,bb,95,\
25,10,ad,26,b6,80,18,8c,e7,5c,5c,74,59,d0,ed,40,b7,b0,97,9f,c4,4c,c1,6a,c6,\
5a,95,35,d3,30,61,23,4b,36,3d,ff,a6,9c,ee,89,70,48,0b,0e,91,13,5e,3c,d2,34,\
8d,33,9d,fc,fa,df,04,c4,e7,86,05,24,de,9d,0d,66,50,e0,ba,3b,7c,a1,e5,ac,92,\
61,e0,53,19,9d,fc,ec,ca,8e,ea,4f,64,4e,44,b4,1b,b5,a4,12,ca,88,d0,e2,9c,90,\
77,eb,c5,88,7d,50,70,39,94,cd,f8,e4,0c,3e,5a,e0,ec,61,eb,84,41,dc,46,47,b6,\
82,89,26,65,d2,c1,47,ed,c0,a2,db,c5,b8,7b,48,cf,e1,6a,88,31,9f,cc,cc,60,5b,\
f8,66,7d,86,2d,e5,e5,db,b3,c8,82,04,e5,bb,bb,69,c2,3a,3d,20,26,b7,07,3c,a2,\
11,cd,b3,27,09,9a,6f,c6,f5,ba,a1,b9,b8,d7,59,a7,f1,62,53,24,73,34,14,77,f5,\
76,36,a1,0b,be,01,9a,55,7a,3a,de,f7,92,40,28,49,49,54,7e,cf,64,39,6d,6b,8f,\
fd,96,d1,fc,16,69,3c,4d,b0,31,d1,5f,b4,46,51,9f,59,70,cd,7f,fc,fc,0c,5c,db,\
3f,dc,5a,d6,ad,b6,9e,d1,a8,43,be,5a,96,20,75,8b,36,de,9c,32,34,4e,55,30,fb,\
fb,89,1f,ca,f7,96,38,0a,db,41,73,df,09,f2,ef,fd,34,20,95,bc,23,0a,f8,6f,b1,\
a8,80,f2,19,e1,c8,83,70,fe,44,d3,73,a1,5f,27,5c,83,6c,84,f4,ee,cf,b3,a3,70,\
e0,f6,b2,fa,61,5c,04,b1,6c,e6,a9,3a,a9,e9,b1,35,c4,b3,3e,07,1f,71,dd,dd,c4,\
50,17,ed,9d,e3,42,ff,e7,c5,9d,2d,e4,7f,9d,e7,d0,ac,81,39,17,5a,2c,51,c5,b4,\
34,3c,3e,de,37,f0,2f,21,6e,8f,c4,48,84,ea,9a,1c,4a,a8,44,f9,29,e0,59,bd,19,\
a1,9f,92,e5,9d,cc,e8,8f,dd,98,24,36,0f,c4,96,3d,21,5b,ac,aa,0f,38,66,cc,f9,\
c8,0a,21,78,11,19,76,32,f4,81,50,ac,af,14,8b,60,a5,39,41,10,62,e2,ed,59,da,\
be,d1,8b,f1,af,95,b8,41,7e,30,0b,17,cd,0b,5b,be,a7,4e,64,00,01,33,f1,e6,eb,\
e6,c7,df,d1,f9,79,3e,92,60,84,a1,1e,de,eb,0e,35,bd,1e,42,71,c2,20,45,87,60,\
e9,42,ca,2c,09,96,f1,91,8f,27,19,c5,29,f7,0d,fb,8d,f8,c6,db,17,23,2e,2f,b3,\
c4,29,df,fd,18,d6,1f,a7,19,12,e7,1b,99,3f,a3,62,8e,43,9c,2c,45,ad,d3,f8,b2,\
3a,f1,8d,60,1e,b3,3c,b6,3a,47,0b,ea,fb,34,f3,66,2e,e2,4c,6f,16,5d,85,08,bc,\
56,18,14,87,6a,bd,bc,0c,a7,de,10,27,4d,4c,f1,4b,d1,30,2e,16,28,44,ed,29,41,\
43,4d,36,d4,9d,49,5a,5a,70,df,ae,5c,b4,72,18,f1,b5,6e,68,82,b2,c7,2a,a0,d1,\
35,12,92,3a,7a,05,b1,38,b4,fc,21,2a,55,ed,10,58,1c,ee,49,31,43,9e,06,d6,fa,\
c1,06,dd,15,2a,e0,4e,02,de,97,f2,fd,76,6e,ce,87,c5,fe,ea,14,bb,85,56,04,89,\
81,6f,d4,06,7e,5f,96,52,2c,e3,9e,b9,b4,51,7f,da,4c,d9,35,08,09,0b,aa,a4,f0,\
f5,99,41,7c,62,5f,10,f8,7e,a0,ce,73,27,93,6f,69,00,1e,cb,9e,c4,e1,94,4d,da,\
76,8b,82,2a,f7,f3,c5,30,c1,46,f8,4e,78,28,82,67,4b,99,ae,a9,7a,6e,4d,aa,15,\
02,a3,b7,06,29,81,68,51,65,ae,78,9b,5d,8b,d4,e9,8a,f7,f2,ab,34,71,64,f9,fa,\
9d,7c,ad,1c,7b,48,53,50,ac,8e,35,c8,26,bc,1f,f3,2d,52,9c,fe,c8,8c,0c,9a,75,\
41,f6,ff,1c,0b,9f,31,42,a8,db,82,7f,a0,23,58,32,28,e8,30,73,47,27,e3,49,37,\
3e,28,1d,0e,fd,5b,6f,9d,01,7d,c8,99,3d,7b,f0,f8,da,b3,60,9e,41,b4,fa,39,76,\
45,e2,f8,6a,a7,a9,23,25,04,22,45,5a,d2,b4,e0,d5,bb,2b,20,62,69,5f,0f,36,53,\
b7,08,8a,d6,ec,6e,89,87,10,9d,6c,c8,ce,21,e4,99,f3,26,b8,b1,2d,30,af,cd,13,\
0d,b0,49,66,07,28,ed,97,5d,ac,09,89,f5,df,c4,97,4b,97,b1,d9,ad,3b,a3,a3,aa,\
6f,c3,4f,a6,c8,f4,df,3d,75,c9,05,17,40,97,51,5a,49,4b,03,12,f6,05,d4,e4,e8,\
31,8a,52,2e,f3,cb,3b,b8,c9,2f,a1,0e,6c,98,af,41,f6,c6,fb,22,4a,26,08,b3,b1,\
eb,0f,db,c1,60,ff,5e,83,7d,c2,0b,d4,b8,c2,37,0c,1d,ac,6b,de,a1,73,5a,7f,b4,\
98,16,0b,15,aa,eb,83,24,ea,08,0b,dc,10,ee,93,d5,b0,b0,ae,a6,13,40,11,81,b7,\
f6,47,13,a2,91,a6,ac,f6,79,82,a0,c6,46,a0,ed,28,86,ee,1e,8b,bb,71,6f,4b,a4,\
7e,31,83,be,2d,70,22,09,0b,d4,42,0f,0f,c5,b5,23,d0,d2,e0,e7,f4,54,cc,10,ec,\
4e,7a,6e,de,98,77,26,a3,e3,3d,b1,42,73,21,89,6d,1d,e7,29,f7,7c,11,18,20,66,\
69,0b,92,66,a0,ff,2f,6d,36,84,0d,c4,99,5c,bf,45,91,44,d7,cb,db,12,a8,e7,14,\
00,51,d5,d9,48,f6,ae,2d,f1,51,de,1b,e8,6a,d9,9c,52,a2,0a,ba,21,f6,0c,f6,e5,\
82,1d,e8,e5,44,d0,25,6f,23,7c,01,65,6c,30,0e,e6,37,2b,44,0b,b0,49,98,49,8b,\
34,98,43,ee,54,a1,34,3c,4d,51,8e,2b,c9,3f,e0,1d,77,ea,fd,ad,53,f0,5b,88,29,\
81,b9,7e,54,12,05,d8,cc,56,7c,ed,60,6a,13,f0,3f,4f,16,0c,bd,9e,0f,b3,54,77,\
e9,33,e9,bb,55,8a,51,7b,6d,7b,14,ff,b0,97,e1,71,2c,ad,44,a2,d0,5b,aa,60,00,\
c8,af,aa,54,78,d8,c3,90,70,25,7a,d7,9c,e5,ad,1b,6f,ce,10,d8,c9,4d,2b,02,1d,\
1b,a2,3b,d3,11,b9,4a,eb,3d,17,c9,e4,35,ca,1d,dc,ab,8c,ab,f8,42,45,49,06,a0,\
d0,f3,61,c5,02,c0,15,9b,e9,14,44,ce,51,d4,16,c9,dd,8d,65,1a,72,74,06,73,ee,\
a9,a1,31,49,1f,ee,7b,19,dd,6a,28,f0,ff,4e,dd,eb,fe,c1,76,88,31,4d,a8,b8,93,\
90,e4,36,c6,34,7e,16,58,20,0e,a1,45,f0,16,60,be,a3,e6,77,29,94,bd,34,69,ac,\
31,e8,5f,d5,d1,f6,b1,b2,08,29,ca,8d,44,4b,22,b6,91,58,f3,bf,39,1f,9e,fb,08,\
63,01,89,7b,fd,9e,b3,3b,3d,96,e5,98,8c,be,6f,33,4f,f4,87,fa,0f,b4,8d,5a,d7,\
e6,93,af,de,fa,1d,00,66,37,25,e9,e4,50,63,d8,61,39,cb,7c,20,38,56,7b,81,3f,\
05,64,25,79,23,e4,53,23,cb,3c,9b,9d,ab,f2,b9,c1,07,d9,c7,bb,73,01,ea,66,79,\
17,6b,d7,8d,ed,f2,66,b1,4d,b1,cf,c3,6c,97,94,51,6f,c7,9d,ae,2d,48,22,46,37,\
fe,ca,2e,15,d9,15,ff,d3,4c,f7,e5,bc,01,c5,f3,66,cb,55,ba,ef,db,61,19,85,38,\
2d,56,2c,69,6a,6e,bb,74,59,aa,28,0d,34,73,06,07,c9,67,4c,d9,0e,68,ac,58,98,\
ff,85,34,19,84,23,17,76,93,bd,2f,bd,59,e3,9d,13,b0,0f,c1,ed,8b,7d,b9,84,95,\
3c,24,82,15,85,2c,02,15,4c,c3,b7,c3,16,2c,6b,17,0a,be,ac,b6,4a,e5,c2,17,84,\
69,e3,e4,c3,f3,aa,a3,8c,cd,c6,95,26,e9,ef,de,39,25,1f,e7,9a,cd,a0,fe,01,66,\
61,9e,4b,4e,99,68,d5,31,a7,57,05,f0,bc,63,3a,7e,cd,41,b0,36,97,49,a3,72,e1,\
b7,b8,59,01,17,98,f8,a1,fb,de,94,c3,ef,33,3f,03,af,b7,aa,1c,97,a3,3a,ae,5a,\
2d,5e,3f,f7,ac,1f,7f,e9,fd,f8,d0,9e,25,e9,05,2b,38,c7,6a,3e,79,d6,05,fd,54,\
c2,99,1c,2c,27,e9,f7,7b,d6,45,e7,e1,41,69,87,1c,80,22,42,7b,f0,60,16,96,21,\
8d,97,3d,ef,1d,36,ae,ee,67,c3,0b,0c,b3,31,0b,71,94,9a,ef,aa,78,82,b8,07,7d,\
60,97,41,86,5a,a5,60,8e,51,d4,dc,3d,1d,25,03,b9,1a,1c,9a,bf,e3,71,c7,f2,5d,\
a6,09,2e,73,f8,24,5b,b1,31,d8,60,83,5b,be,bf,74,a0,eb,8a,5d,43,22,c8,3a,27,\
47,1b,36,95,17,a0,08,3a,17,17,82,6f,ca,44,67,bd,27,94,7e,a1,4a,04,e4,8c,6a,\
3f,a6,2e,0b,06,8f,f4,75,d5,3f,d0,64,c4,7d,38,01,ab,ce,71,11,89,47,0d,6d,27,\
9f,b2,c5,b2,f8,88,1e,39,44,40,68,4a,85,63,89,8c,11,03,1a,c0,fa,fa,5f,af,33,\
7f,85,61,f4,f8,28,90,5f,0f,18,5c,63,08,5d,40,e1,52,79,45,0d,5c,ec,76,17,a9,\
fe,93,0b,27,b8,0a,f6,bd,34,22,4b,23,16,7a,85,f6,5b,b2,0d,0c,52,68,5d,04,e7,\
66,66,22,27,d7,19,2f,5a,01,45,c0,ab,4a,f8,3e,af,04,bc,57,6f,e0,11,e0,7b,01,\
1b,bd,3b,03,97,02,80,3c,13,57,5e,42,5f,a1,3e,ad,3f,df,2f,1e,62,51,7d,7f,98,\
e0,85,8d,3f,ba,c7,94,fe,3d,3d,7a,b6,16,eb,ff,b6,aa,b8,43,2f,b4,7c,89,e7,30,\
5a,3a,31,78,50,2d,d8,1c,ae,0c,25,eb,59,02,9c,c5,53,bb,bf,ae,e2,70,b9,b6,25,\
d7,34,70,b2,3d,1d,a6,7d,d5,a8,4b,fb,50,95,b1,88,ad,b1,fc,06,53,9f,d7,c8,5d,\
d8,65,ae,35,f1,7b,91,64,1c,0c,e1,a8,f2,e5,8c,47,70,9a,22,a4,3f,c0,37,10,38,\
5c,09,e2,27,9c,63,ca,cf,a7,c5,c2,62,2f,6d,b5,06,04,ea,8a,e6,8f,0a,26,59,98,\
04,35,74,b3,af,84,dc,c2,f2,aa,d8,bb,7c,ee,ab,ac,b5,65,20,fc,f4,5b,66,f3,f2,\
f4,1e,7c,7e,13,b3,2a,73,7b,ea,7a,e8,34,ba,58,a6,31,5d,e4,df,2f,a7,75,1c,e0,\
97,de,78,49,2b,f1,0c,69,79,42,d0,aa,1b,fc,2d,ce,3d,2c,1b,d1,12,51,00,60,e5,\
98,28,2d,f0,67,34,e4,7b,ee,5f,61,48,fe,07,20,2f,1f,68,f5,06,dd,aa,fd,c3,62,\
1e,d4,e5,4a,c4,08,10,b2,12,ce,f7,92,f0,f4,7e,4d,07,17,20,87,3b,16,8f,37,76,\
c6,9b,fd,a8,e8,55,b5,0c,58,74,4c,ac,b5,86,f8,d2,27,2a,0c,d1,b2,34,31,de,5d,\
02,99,6d,97,d6,d1,e9,f5,87,a3,05,2f,77,3b,4c,6b,c4,88,00,bf,c3,e5,21,f1,aa,\
f9,cc,81,8c,dc,c6,e9,8b,7b,59,23,48,3d,5f,6c,9f,e7,9c,48,92,bc,51,c6,82,e9,\
0d,05,a5,21,c7,f7,b4,85,2a,65,e4,c6,30,33,9d,18,8d,f2,e6,55,1b,be,63,76,2c,\
6b,f9,21,22,e9,a2,f9,5f,1c,86,15,f3,eb,c1,b1,77,94,66,24,38,42,c4,12,98,e1,\
e8,e3,b2,31,62,74,3d,19,4c,0c,b3,3e,89,91,b2,d5,4b,fc,a2,b5,d8,0a,98,b1,8d,\
34,7a,24,23,e2,64,cd,31,dc,4b,de,f2,01,e1,4f,49,e2,3b,b8,78,02,b2,a9,df,5b,\
40,77,4f,c3,25,b0,2a,e1,fd,d4,ff,d8,ee,b9,5f,ca,26,2e,ed,9a,85,df,b5,f7,96,\
78,bf,96,c4,0e,e3,be,cb,ba,de,0a,6c,87,a6,6a,65,8e,fb,6c,a0,5f,3f,ba,ab,a3,\
87,e3,68,00,f2,5e,06,3d,39,cb,2f,a7,88,7d,83,b3,8d,36,b3,46,e4,ce,31,55,ef,\
3f,66,5f,1d,14,09,51,f2,d4,54,12,0c,af,86,71,4d,11,2c,5b,3d,77,9f,52,a9,81,\
ce,1a,90,49,3d,b6,40,f4,4e,92,bd,86,bf,02,62,fb,75,eb,cb,93,78,c0,f1,6d,3e,\
b1,97,57,2c,1f,e6,e5,5a,52,54,c0,97,6e,ca,41,ad,a3,05,3f,e5,cf,a5,3c,25,ce,\
5c,04,47,3b,dc,71,76,8b,97,7f,d1,2d,d1,b0,df,62,55,f6,db,45,67,d2,4f,09,f9,\
be,e4,83,21,c9,79,e8,cb,81,72,d7,ab,15,53,9a,76,bb,8d,a9,52,50,97,6f,8b,3e,\
41,51,87,a3,46,ed,fc,b0,20,9f,60,4e,20,4a,a2,08,bd,55,17,25,2c,f3,97,b7,14,\
32,a8,89,0e,37,08,5c,f6,9b,c2,b8,84,4d,de,14,a2,99,43,49,16,41,7c,47,62,d0,\
bc,07,e8,2b,1f,c0,52,69,32,5e,31,e4,b6,30,e4,90,a1,e1,bc,8c,66,a9,5d,f7,76,\
c4,68,05,07,24,57,52,14,63,a7,76,a5,fb,3d,d9,50,b9,03,c8,00,6f,d2,c9,f5,c4,\
e9,94,2c,0c,23,aa,e3,41,b9,8b,93,72,9f,ae,eb,65,12,aa,35,0d,cf,9c,2b,09,82,\
ca,0b,6e,81,86,ee,c6,ba,54,55,58,ea,4f,05,aa,10,c8,15,45,22,31,45,b8,fe,39,\
91,e0,a3,39,06,66,a1,cf,d5,88,ce,c8,a6,1d,3b,44,2e,d3,67,14,04,bc,b2,67,b0,\
09,ef,14,a6,05,14,0e,9c,b1,a4,e1,da,13,6d,ff,5a,4c,d7,bf,62,99,01,54,ab,e0,\
04,00,c3,88,7c,85,b0,8e,45,dc,d6,d6,82,2a,1a,bf,e4,f0,48,f9,28,82,b2,9b,e2,\
ba,1a,70,7a,ed,d3,92,74,1e,22,3b,f4,72,ea,d7,81,e4,89,5e,09,3a,fd,e0,25,38,\
4b,61,9f,dd,13,21,e8,31,28,ba,d3,90,ee,02,6d,a9,2a,fb,c3,2b,62,5f,b3,45,93,\
86,45,b1,26,8b,3e,f1,21,aa,f3,d9,9b,ed,5c,4d,72,08,69,4c,40,81,99,2d,8a,14,\
c8,29,3b,55,48,1a,51,97,34,82,d7,0d,01,cf,13,2f,56,de,00,5f,1e,bd,fe,cd,db,\
b5,c9,98,3d,88,f3,a8,35,f3,f7,e6,15,c1,87,86,82,d3,85,33,ca,51,48,76,a0,33,\
b6,2c,bf,57,09,36,d0,d0,d3,72,8e,81,40,ea,28,eb,9c,4c,e7,44,15,9a,10,c9,c1,\
23,0c,54,e3,b2,c6,31,6a,05,55,2e,ba,81,db,f1,af,23,ad,8f,df,ba,b4,59,20,54,\
12,f9,4a,f6,09,bf,3e,e3,90,19,35,28,2f,69,f9,00,75,68,cc,57,46,b4,e6,50,c5,\
3b,8c,ed,7f,a0,e5,8c,e5,e0,0a,b1,00,35,5c,05,60,3b,1a,9f,56,51,32,83,62,42,\
58,68,ef,24,56,bf,3e,81,a3,f0,a1,b5,36,e7,e9,97,9c,cf,21,5c,49,1d,7d,b7,2c,\
d1,8d,45,85,f8,b6,29,fb,76,ba,e3,f3,e9,02,78,c7,fa,72,87,bb,f5,39,47,80,da,\
2e,c2,45,2d,8e,cd,d8,92,45,3d,0f,9a,69,58,66,dd,08,8a,e9,49,23,59,55,b9,fa,\
9b,7a,c9,8a,e7,e3,e9,55,49,b9,b1,61,3a,e5,74,83,cf,75,18,dd,30,41,25,a6,4c,\
ce,1b,29,cb,72,09,11,44,b9,5b,e3,e9,b1,08,f4,cc,20,80,7d,9d,aa,25,fc,14,a9,\
40,a8,5d,26,01,fb,d8,91,69,0a,1d,b5,67,12,3d,ea,42,53,4b,8d,36,21,1c,ad,62,\
38,4a,07,e1,50,7f,35,38,f1,f0,22,f0,89,27,c1,83,bb,06,ff,7d,fb,09,f5,db,58,\
cb,63,b7,98,cc,5a,27,8a,71,38,62,98,4c,f5,d9,24,9c,9e,0c,54,f4,1a,44,e4,d9,\
ec,90,f9,ec,fa,ce,4d,12,6a,1b,d1,82,64,8d,96,1c,19,25,ed,fd,04,ff,cd,50,6f,\
cc,76,67,3a,82,54,0a,d8,52,26,0f,9a,db,5f,2a,30,9d,cd,07,6c,b0,78,96,4a,b6,\
cd,a6,2e,0e,fc,b6,6c,4a,9e,08,0d,e4,9b,f6,d0,bb,2c,4b,89,70,85,db,48,25,d1,\
f3,4e,6d,2a,95,a0,0c,d3,48,bd,52,6e,77,76,9c,6f,14,ff,1d,d0,80,47,df,06,af,\
85,04,35,87,13,52,a0,8a,80,ef,63,b5,e0,68,64,a8,67,f8,87,06,37,08,21,1f,75,\
f2,af,cd,a2,0a,c9,9b,29,df,51,2d,34,be,f0,dc,c4,78,f7,c3,a0,01,65,51,33,ce,\
a9,c1,73,a1,b6,49,08,92,12,ea,48,b1,5b,5b,57,9d,88,42,93,53,71,aa,2f,43,92,\
b2,1d,a9,0c,82,32,1a,ec,84,85,5d,b0,d0,18,7d,07,e7,ba,1c,d9,a5,2b,0a,87,71,\
82,16,74,b7,cc,25,c4,98,f6,81,64,e0,ec,73,4a,38,03,13,fe,f5,9c,94,5f,59,10,\
ea,8b,8c,8f,5f,98,65,45,c1,28,ce,fd,fb,91,96,dd,f1,30,75,51,ab,ff,4a,45,b6,\
6a,a6,97,c7,5f,8e,cc,a2,a5,7d,02,3a,6e,a9,25,1a,2f,87,66,03,af,91,e9,d7,5e,\
47,be,b5,e9,74,13,66,0b,b2,a8,f8,a6,30,82,a8,12,b3,e4,05,b5,db,c2,7b,53,d4,\
a8,d9,2e,a8,3c,24,6f,b5,e3,10,54,57,50,0a,da,9e,29,b6,6e,5b,c7,9c,c5,7b,36,\
1e,09,94,84,ae,35,be,38,3e,c2,a4,20,f7,83,da,50,2d,cd,72,67,93,dc,ca,14,ab,\
72,a7,d9,81,c1,88,0f,99,8b,34,2b,26,88,96,3f,7c,08,ca,c3,c8,d9,78,96,a6,ff,\
6b,61,40,14,32,37,7a,6e,4c,b2,f0,99,64,e0,45,3c,d6,bc,58,4b,14,03,c6,7d,48,\
43,af,01,3b,35,be,6c,75,4c,63,f6,a5,8e,63,e7,44,a3,93,4c,76,2c,e0,ee,31,55,\
93,85,a0,ae,d3,28,ca,36,6c,08,6f,b9,ce,5e,32,5d,59,a2,fd,77,d8,fe,a2,a3,4b,\
ad,02,be,13,e9,99,e3,27,65,3c,f6,3e,71,65,d5,cc,80,47,3d,ad,d1,bc,eb,ba,a9,\
7f,02,99,df,9b,ad,d9,9e,23,05,3e,67,24,35,59,55,d8,dc,5c,a5,1c,b2,2d,75,24,\
6f,b9,cc,6e,e9,8b,db,f4,7c,9d,83,a6,ae,6e,16,17,13,54,62,77,6f,14,ec,c1,1b,\
b0,79,93,35,aa,80,d3,09,cb,84,c9,5c,71,f9,78,6b,32,2a,c9,07,ed,89,3b,46,b0,\
fe,e3,7a,d9,7f,b0,5f,7b,e1,f4,98,03,ee,20,5d,1b,b7,cf,6e,ce,2b,07,4b,ed,e9,\
bb,a6,b2,53,94,19,a4,e4,f0,15,ba,c3,2b,1a,c3,98,1e,2e,05,9e,e6,88,25,f9,e7,\
8c,46,4b,10,cd,fc,75,82,60,6c,45,f3,a9,f6,b6,ad,94,30,5c,07,e5,5b,bd,7c,00,\
dd,fa,b9,ac,f1,b2,f3,18,9e,23,7e,1b,e5,92,9c,c0,3f,ed,92,02,47,b0,02,d4,b3,\
05,74,65,88,2f,36,a1,8e,28,66,fb,02,89,4d,6a,8c,ab,ee,b1,70,0c,df,e4,08,f4,\
58,28,72,58,8a,ba,9d,86,fe,32,33,0b,e2,6d,0a,2a,d8,ce,5a,22,74,ae,e5,3e,27,\
c3,59,04,aa,f4,d3,b0,a0,6c,a2,e1,77,ee,4d,91,8f,68,d7,4a,9e,ca,41,97,53,18,\
51,b9,39,be,92,9c,de,25,9c,09,35,83,95,1d,3a,f7,f8,fa,d4,d5,95,bc,ff,3e,d9,\
af,2a,f5,50,bf,de,6d,68,a3,30,a1,27,78,8f,1a,3a,01,e8,76,33,33,39,09,20,b3,\
27,39,e8,9b,f0,98,de,c2,a1,50,95,3e,88,c4,f5,28,ed,74,8e,9f,fd,21,2d,10,07,\
32,ad,b4,eb,57,10,5a,ce,6c,ce,66,13,a0,6d,1a,87,d6,52,14,dc,4b,d7,18,59,7a,\
9e,10,cf,3d,24,51,cf,34,99,20,ce,1a,6a,ef,75,59,36,30,fe,0f,60,16,67,cb,85,\
d5,d9,a2,bd,3c,c1,dc,7a,fc,d2,ee,b3,47,4d,a8,43,9e,80,b0,8c,e4,8c,2f,5f,b6,\
6c,ca,20,ff,33,d4,25,c6,95,c2,60,4b,a9,df,3e,53,ed,40,ce,c0,8b,fb,26,64,db,\
94,02,17,28,b8,af,07,b7,2e,28,50,05,eb,0a,7e,cd,51,24,7d,2d,5a,c8,8c,49,6a,\
af,d5,b4,93,2e,a6,94,39,ae,17,b1,d0,5c,ee,cc,e7,21,bf,32,66,d5,57,90,14,b0,\
5b,09,5c,01,2d,86,50,22,0f,4e,ee,ab,8b,d6,a2,e6,12,da,0d,83,e3,ac,05,8d,2e,\
cc,dd,9d,7a,ba,e6,4e,44,08,35,f0,e9,b3,a7,c6,81,c5,b3,23,d8,9d,d1,1f,24,3a,\
b9,66,95,57,50,18,59,be,48,f2,ca,ad,f1,cf,e6,7e,52,6f,ff,87,78,78,b3,40,0e,\
ba,1f,a3,2e,b7,50,d9,77,63,fa,12,60,28,6d,b4,cb,2d,c4,b9,dd,d8,60,52,0e,91,\
95,d1,7c,ca,a2,c5,85,3c,e7,67,94,73,52,35,3b,8c,dd,1b,dc,83,3e,b1,5b,80,17,\
f3,66,28,08,a4,08,64,24,19,8d,68,a5,35,9f,40,30,97,af,ac,59,12,96,2e,6a,5e,\
7d,61,60,0d,fa,8c,37,c0,7b,77,68,9a,e8,7e,af,f5,84,e3,11,54,14,68,1e,99,44,\
1e,74,79,46,78,84,2c,bc,a3,99,69,d8,1a,15,91,c2,75,fe,cd,2a,3a,81,ba,90,7e,\
96,17,e7,6e,25,8e,54,ee,91,c9,6d,8c,40,62,ee,62,f1,ee,ad,3e,50,3a,d0,01,c7,\
d4,3d,45,98,ce,52,43,29,be,d6,f3,9e,09,30,74,ad,62,d7,af,ae,8d,0a,37,f2,69,\
c1,74,56,2d,e3,01,18,f2,b9,52,e9,72,a3,9a,43,0f,0a,ec,fc,16,c9,95,a0,1c,46,\
a0,f8,eb,8c,ea,03,4f,11,8d,c2,55,76,34,8a,0e,5e,88,a9,9c,2e,eb,4c,8c,10,69,\
a0,66,3e,eb,38,83,7d,ae,af,1f,e7,f4,8e,af,ee,fa,70,75,9e,29,64,51,22,90,92,\
da,8a,92,22,ad,cb,dc,59,05,08,9a,05,8d,10,eb,1c,72,27,92,a0,bb,09,cc,ee,c5,\
dd,2c,2c,56,8a,46,bb,55,cb,0f,00,e1,4e,48,4c,5d,01,fc,0b,cf,df,06,3d,86,0a,\
d3,2b,00,1b,69,52,0a,b6,a8,a4,29,61,d0,f0,39,96,44,9e,54,16,8e,9f,f6,81,a2,\
a4,5e,24,67,8e,37,12,73,26,77,76,16,0f,88,27,9b,f8,a5,7d,ca,16,87,63,b1,b3,\
d2,42,ae,a5,bf,69,ad,83,ce,79,02,3b,c5,75,b0,90,ed,cd,74,19,0b,84,59,8c,92,\
92,87,3b,17,88,5c,df,05,72,be,95,92,01,af,26,f2,ea,21,8b,ca,89,0c,b1,e7,ca,\
bf,79,30,49,73,03,d9,b8,26,2c,da,81,a7,55,a0,ad,ed,66,02,05,ac,13,76,77,2a,\
5e,cc,85,bb,4f,5e,7c,35,fc,3e,65,1e,9e,88,35,df,03,a4,47,bd,6c,9b,09,bb,e3,\
21,f5,bc,cf,d3,c4,e9,c5,bd,de,52,a1,1f,14,d8,d6,71,91,4a,02,a4,0e,ce,c5,ab,\
46,83,d4,3a,aa,64,49,ce,55,6f,3d,ed,42,07,99,af,bd,98,29,7d,17,79,f3,19,9e,\
16,c6,de,e2,cc,4e,15,49,bf,1a,06,b9,e9,70,c7,73,09,67,21,e9,5a,9b,4f,3c,0a,\
d3,10,ff,ed,e1,fb,3e,73,ca,13,bf,d8,27,9b,87,9a,cb,2b,a0,30,a6,04,1a,f9,e9,\
a1,50,73,6b,8e,6c,ad,4c,7d,2e,ff,d8,97,e8,f8,ae,10,ce,98,21,fe,6c,bf,de,6b,\
78,e6,cf,a9,ca,a4,0d,40,e5,a9,f4,41,ff,48,8e,4b,99,90,b3,26,6f,20,15,09,e6,\
93,75,03,e7,01,17,9b,ed,c8,73,b3,5d,8c,2d,b3,16,7c,47,e3,4a,d7,95,17,8c,af,\
72,92,2a,ed,b2,25,bc,96,d7,97,fd,4d,88,49,da,18,3e,1a,c9,67,41,89,5c,52,d3,\
19,16,22,ab,fa,7d,13,a7,a5,e5,70,58,b7,48,bb,60,27,a3,e9,58,fb,32,59,f1,b1,\
cc,94,63,31,0b,de,b1,00,ad,0b,2f,b6,3a,95,42,b2,e7,eb,68,0c,bb,0b,78,cb,f0,\
52,2a,59,9c,93,d9,33,90,67,88,e5,81,c5,24,36,65,d3,08,a0,20,fb,c6,03,60,40,\
25,99,c6,d3,66,2d,46,e1,cc,9a,88,d0,b0,5a,2d,30,ea,df,46,33,38,30,dd,0b,13,\
b5,4f,f4,d7,27,fe,18,1a,97,47,b0,3b,b3,b4,6d,3e,45,72,16,d7,fc,05,72,c4,6f,\
3a,68,60,5f,5d,65,76,3c,ad,fe,53,eb,0d,d7,1f,c7,fc,c3,6d,e6,c7,2c,10,9d,fd,\
b5,30,46,24,1f,9e,40,aa,69,65,38,aa,1e,3c,a1,a7,a0,85,95,9c,97,64,f7,bc,a1,\
45,8e,87,d0,4c,ff,dc,13,f7,e4,c0,f2,ff,1f,5b,7f,7f,6e,43,89,57,3f,fe,12,d3,\
c5,c1,03,88,4b,7e,1f,7f,c9,1e,36,96,b5,0b,9b,22,1b,f2,d7,d9,f0,c7,9f,f0,a3,\
09,04,80,f6,47,ea,2e,0c,e3,bb,0b,c3,16,f3,5c,b9,43,34,61,cf,d7,32,7d,7f,fc,\
65,3c,76,b8,8c,f4,04,2e,11,f8,7d,6e,8c,10,df,92,89,26,b5,06,8b,42,3b,27,50,\
b8,c2,10,57,a0,56,b0,a0,87,9f,20,b3,64,05,34,e3,ce,17,51,d4,6c,2e,7e,3b,ac,\
4d,bd,e5,b8,4c,9b,fb,a5,36,06,84,ee,ef,5f,2b,a3,22,1a,d0,43,d9,39,e0,08,ec,\
16,44,28,e6,62,f8,82,b5,9d,8f,2d,a5,35,c7,bc,90,f2,61,c0,4e,91,30,8f,73,af,\
6f,44,3a,ea,57,07,bc,42,f1,8f,66,c5,2a,e4,a9,6b,25,6a,f3,3f,d5,1b,df,bf,ca,\
14,a8,86,4b,53,e4,28,a6,bf,6f,5e,c4,68,a5,63,00,11,dd,d4,9d,39,eb,f0,80,26,\
a4,89,af,ea,a0,fb,65,e9,86,e5,14,d9,ff,dc,4c,1c,ba,60,dd,4d,b4,0e,40,19,b6,\
18,33,50,1f,f3,a4,3b,e3,4f,d0,31,d4,4c,ac,65,21,eb,84,02,1c,c2,e2,7a,40,f5,\
b1,1a,72,61,a2,e2,87,1a,cf,95,07,18,9e,0c,30,2d,e9,cf,3e,f8,3a,5c,e6,ea,a3,\
1e,ed,31,00,b3,67,56,16,21,54,2a,05,51,06,8b,c2,b9,30,2b,c8,38,40,92,0b,41,\
ef,67,2e,3c,16,eb,f5,29,c3,c6,fd,87,8c,06,ab,74,23,65,62,15,2b,ca,f9,38,4a,\
13,6c,38,80,12,d1,21,b7,d5,8e,15,9b,2b,ca,ef,ab,63,21,25,90,57,ad,9c,f3,ae,\
a9,e0,b6,fa,4d,a5,95,0b,48,6a,67,73,b7,67,d1,4f,12,c4,af,1d,b2,08,b6,ce,91,\
d4,57,1c,52,d1,e6,1e,81,e7,fb,1a,1b,b0,19,9a,51,2c,8d,c2,89,b6,99,e0,a6,36,\
d2,45,89,99,c7,53,d7,7e,e3,d8,fd,32,95,9a,72,df,ad,33,3c,00,09,20,b6,be,18,\
72,14,90,a4,c1,92,17,4e,46,ba,b7,63,6a,63,be,87,92,6b,62,a8,47,4b,06,30,94,\
ef,b9,7f,b0,c4,00,98,dd,12,d5,1a,90,8c,ef,72,d2,25,44,50,e6,26,cd,57,2c,7e,\
89,19,45,59,c4,42,78,f4,99,13,55,af,b6,13,98,63,5f,01,4f,f7,b5,0c,40,2e,39,\
f4,46,85,c3,8c,57,79,b8,78,6e,d8,eb,34,7d,21,ea,e4,a6,3f,08,60,f0,69,b1,36,\
3f,47,fa,f2,83,56,7c,9d,2f,8d,63,83,ed,41,c2,39,90,46,29,df,4a,57,7a,a3,1f,\
b7,f8,86,99,19,a1,63,be,bd,be,2d,3f,dd,b8,78,f2,47,2d,3b,82,4b,43,d4,65,d7,\
3d,4c,bf,0f,e1,4c,dd,66,05,a7,b1,75,70,dd,ed,64,fc,6a,ee,a8,9c,89,d2,77,fb,\
4a,3b,7f,60,e4,4f,d7,d5,4c,03,36,88,07,9a,63,71,3c,68,ec,35,0d,dc,1b,4b,27,\
be,26,5d,98,b4,a6,f1,e1,0b,4a,48,4d,b4,cd,86,81,8d,25,14,53,e2,fe,43,e0,34,\
66,32,d8,39,a2,ca,f1,1d,23,21,e6,8d,25,67,70,1b,34,4d,cb,25,0b,2f,34,01,71,\
46,4d,d9,be,1f,c2,ba,9c,4b,2d,e7,0b,58,37,73,a7,01,00,0f,2e,a2,c1,20,3d,ee,\
b0,15,5a,e4,25,f7,37,ff,fa,41,35,ae,37,f3,28,03,ef,e2,5a,af,65,52,d2,2e,73,\
c6,d6,3f,2d,17,ae,f3,97,c1,c4,ab,d6,a1,89,68,ba,e5,33,50,93,ea,b2,60,f7,40,\
70,2e,b6,c3,e1,2b,10,07,5b,25,26,fa,29,10,af,c4,da,05,ec,f2,df,8b,de,d4,56,\
16,00
"NoBandCustomize"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-08 12:06:22
C:\ComboFix-quarantined-files.txt ... 07-03-08 12:06



#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 08 April 2007 - 12:35 PM

Please download the Suspicious File Packer from here:
http://www.safer-networking.org/files/sfp.zip
Unzip it to the Desktop but do not run it.
Paste the following bold part into the Suspicious File Packer window:
C:\WINDOWS\system32\75C4AB8863.sys
C:\WINDOWS\mickey32.dll

Allow SFP to pack the file. This will generate a CAB archive on your desktop.
Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to the second field and browse to the CAB archive that was been created on your desktop.
The cab file will be called requested-files[*].cab (the * stands for the date and hour).
Then click the Send File button below.
Please let me know when you have submitted the files.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#14 bignight2

bignight2
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:01:44 AM

Posted 08 April 2007 - 12:48 PM

Malware Submission
Your file was successfully submitted. Please let the user helping you know that you have submitted the file.

#15 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 08 April 2007 - 04:07 PM

Hi there,
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

I see you have Viewpoint installed:
Viewpoint Manager is considered to be foistware rather than malware, since it is installed without your approval but doesn't actually spy or do anything "bad". This will soon change, according to this article, which you may want to read: http://www.clickz.com/news/article.php/3561546
I recommend that you remove the Viewpoint products. If you do decide to get rid of it, please remove all references to Viewpoint from Add/Remove Programs.

You have Weatherbug installed.
This is very much an ad-enabled application, which in addition to providing current outdoor temperature information in the System Tray together with real-time weather alerts, can also draw unwanted ads and popups to your computer.
My recommendation is that you uninstall it from your computer.
If you want a program which provides weather information, there is an ad-free alternative to Weatherbug called WeatherWatcher which is available free from here: http://www.snapfiles.com/get/weatherwatcher.html.

You are using peer-to-peer programs.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
For more information about infections as a result of p2p programs, take a look here: http://p2p.malwareremoval.com/

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.

Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Next, please find and delete the following file (if present):

C:\WINDOWS\info147.sys

Reboot into Normal Mode.

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

Post back the Panda log, and also give me a few more details as to why you think your computer is infected.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users