PDA

View Full Version : Help me!30 Problems wont go away!



Wizit
2007-12-22, 18:27
Here I have Created a log for you to see. Please help.


--- Search result list ---
Virtumonde: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-1677128483-854245398-1004\Software\Microsoft\rdfa

Virtumonde: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws

Virtumonde: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService

Virtumonde: System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DomainService

Virtumonde: System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DomainService

Virtumonde.ddc: Executable (File, nothing done)
C:\WINDOWS\system32\ahvxnmxp.exe

Virtumonde.ddc: Executable (File, nothing done)
C:\WINDOWS\system32\htxtrcoj.exe

Virtumonde.ddc: Executable (File, nothing done)
C:\WINDOWS\system32\oaloigdw.exe

Virtumonde.ddc: Executable (File, nothing done)
C:\WINDOWS\system32\qcutwjeq.exe

Virtumonde.ddc: Executable (File, nothing done)
C:\WINDOWS\system32\ttspieqr.exe

Virtumonde.generic: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}

Virtumonde.generic: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}

Virtumonde.generic: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}

Virtumonde.generic: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-1677128483-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A95B2816-1D7E-4561-A202-68C0DE02353A}

Smitfraud-C.CoreService: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core

Smitfraud-C.CoreService: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\core

Smitfraud-C.CoreService: Data (File, nothing done)
C:\WINDOWS\system32\drivers\core.cache.dsk

Smitfraud-C.CoreService: System file (File, nothing done)
C:\WINDOWS\system32\drivers\core.sys

Win32.Inject.bw: Executable (File, nothing done)
C:\WINDOWS\system32\windows

Virtumonde.Dll: Library (File, nothing done)
C:\WINDOWS\system32\yabxw.dll

AdRevolver: Tracking cookie (Internet Explorer: jd) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: jd) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: jd) (Cookie, nothing done)


Clickbank: Tracking cookie (Internet Explorer: jd) (Cookie, nothing done)


FastClick: Tracking cookie (Internet Explorer: jd) (Cookie, nothing done)


Zedo: Tracking cookie (Internet Explorer: jd) (Cookie, nothing done)


BurstMedia: Tracking cookie (Internet Explorer: jd) (Cookie, nothing done)


BlueStreak: Tracking cookie (Internet Explorer: jd) (Cookie, nothing done)


BurstMedia: Tracking cookie (Internet Explorer: jd) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: jd) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-08-02 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-12-19 Includes\Cookies.sbi (*)
2007-10-31 Includes\Dialer.sbi (*)
2007-12-19 Includes\DialerC.sbi (*)
2007-11-07 Includes\Hijackers.sbi (*)
2007-12-19 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2007-12-19 Includes\KeyloggersC.sbi (*)
2004-05-12 Includes\LSP.sbi (*)
2007-11-07 Includes\Malware.sbi (*)
2007-12-19 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-12-19 Includes\PUPSC.sbi (*)
2007-12-19 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-12-19 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2007-12-19 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-12-12 Includes\Trojans.sbi (*)
2007-12-19 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Update for Windows XP (KB920342)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Update for Windows XP (KB925876)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933566)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Security Update for Windows XP (KB937894)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)

Wizit
2007-12-22, 18:33
--- Startup entries list ---
Located: HK_LM:Run, 48f2f468
command: rundll32.exe "C:\WINDOWS\system32\unpdlupp.dll",b
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
file: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
size: 132496
MD5: 896e712a34d654a337c8cbb9deb07200

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1ac2c58b587c70de64582ad41ee79fba

Located: HK_LM:Run, winlog
command: winlog.exe
file:

Located: HK_LM:Run, Zune Launcher
command: "C:\Program Files\Zune\ZuneLauncher.exe"
file: C:\Program Files\Zune\ZuneLauncher.exe
size: 24104
MD5: b95cac6dd903338c2da88adca85151fd

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, OM_Monitor
command: C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
file:

Located: HK_CU:Run, Yahoo! Pager
command: "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
file: C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
size: 4670704
MD5: c7048e3dd4d9fa3af7bc2747ef5c433f

Located: Startup (user), Yahoo! Widget Engine.lnk
command: C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
file: C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
size: 2913584
MD5: 58e4f6d9446969d544a778590e6fe0bc

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, cutcyrpz
command: cutcyrpz.dll
file: cutcyrpz.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, yayvsts
command: yayvsts.dll
file: yayvsts.dll



--- Browser helper object list ---
{153da9c5-f35a-41b2-920c-d56846660c99} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: ettktlb.dll

{387c68a8-2847-48c1-b577-5f87fab22707} ({70722baf-78f5-775b-1c84-74828a86c783})
BHO name: {70722baf-78f5-775b-1c84-74828a86c783}
CLSID name:
Path: C:\WINDOWS\system32\
Long name: dalprhty.dll
Short name:
Date (created): 12/22/2007 10:02:32 AM
Date (last access): 12/22/2007 10:02:36 AM
Date (last write): 12/22/2007 10:02:36 AM
Filesize: 78400
Attributes: archive
MD5: C9D87DF7805C99869C57DF00223291F6
CRC32: 9CB7B5D7

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 10/31/2006 2:33:52 PM
Date (last access): 12/22/2007 1:02:22 AM
Date (last write): 10/31/2006 2:33:52 PM
Filesize: 198136
Attributes: archive
MD5: F8981F09E8DA4FDB7F6B6E2B5361AEAE
CRC32: 2CDBBB6C
Version: 2006.10.31.3

{7FDFEBE7-BD6F-4B9B-AA85-F1803CC80FFF} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: yabxw.dll
Short name:
Date (created): 12/15/2007 7:08:00 PM
Date (last access): 12/22/2007 10:02:12 AM
Date (last write): 12/15/2007 7:09:20 PM
Filesize: 329824
Attributes: archive
MD5: F96F4E062A71A2F09A9EB9CEF557D98E
CRC32: 3A20B3B9

{A95B2816-1D7E-4561-A202-68C0DE02353A} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: cutcyrpz.dll
Short name:
Date (created): 12/19/2007 8:12:42 PM
Date (last access): 12/22/2007 1:12:32 AM
Date (last write): 12/19/2007 8:12:42 PM
Filesize: 165472
Attributes: archive
MD5: 29D1065AB4CE7A2CBAAEC60D3A2C5931
CRC32: 6C3DE7F0

{DB0B918E-A0A8-482B-8D75-A682816B0C7B} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: yayvsts.dll
Short name:
Date (created): 12/15/2007 7:02:40 PM
Date (last access): 12/22/2007 12:55:24 AM
Date (last write): 12/15/2007 7:02:40 PM
Filesize: 40448
Attributes: archive
MD5: 6AABCF2D230A10DB0912C130881D4AEE
CRC32: C39E5693



--- ActiveX list ---


--- Process list ---
PID: 0 ( 0) [System]
PID: 552 ( 4) \SystemRoot\System32\smss.exe
PID: 620 ( 552) \??\C:\WINDOWS\system32\csrss.exe
PID: 672 ( 552) \??\C:\WINDOWS\system32\winlogon.exe
PID: 716 ( 672) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 728 ( 672) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 908 ( 716) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 960 ( 716) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1056 ( 716) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1104 ( 716) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1228 ( 716) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1288 ( 716) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1476 ( 716) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1600 ( 716) C:\WINDOWS\system32\Atievxx.exe
size: 37376
MD5: 2CF76775AB06244BF2F7E7599B5A8480
PID: 1684 ( 716) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1968 ( 716) C:\Program Files\Windows Media Player\WMPNetwk.exe
size: 913408
MD5: F74E3D9A7FA9556C3BBB14D4E5E63D3B
PID: 1996 ( 716) C:\Program Files\Zune\ZuneNss.exe
size: 975400
MD5: 6BBA0510E705A6B9891FDBD9806ED78E
PID: 444 ( 716) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3432 ( 716) C:\WINDOWS\system32\ttspieqr.exe
size: 74304
MD5: 5F43A8B08644C37C46F3405BD47634AF
PID: 10684 (1056) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 10636 (10716) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 10880 (10636) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1AC2C58B587C70DE64582AD41EE79FBA
PID: 10888 (10636) C:\Program Files\Zune\ZuneLauncher.exe
size: 24104
MD5: B95CAC6DD903338C2DA88ADCA85151FD
PID: 10904 (10636) C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
size: 132496
MD5: 896E712A34D654A337C8CBB9DEB07200
PID: 10916 (10636) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 10948 (10636) C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
size: 4670704
MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F
PID: 10960 (10636) C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
size: 233472
MD5: CB5FFB929674C8DA128921B34AEAF9D4
PID: 11160 (10636) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 11568 (10960) C:\Program Files\limewire\limewire.exe
size: 147456
MD5: 365418B2FEFCA481C6CE388DA076EAC2
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/22/2007 10:17:15 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.mmhp.net/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

Wizit
2007-12-22, 18:35
--- Winsock Layered Service Provider list ---


--- Uninstall list ---
Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0) 12/01/2006 1.2.0.0 (6F128087AFFFF5D4F4FEE6429736470CD5C1E4E2)
uninstall cmd: rundll32.exe C:\PROGRA~1\DIFX\F78795BBB376EE09\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\Zune_C6317AD6BF989B5AA21DD2422BEA915EC068CA80\Zune.inf
publisher: Microsoft

(AddressBook)

Adobe Flash Player ActiveX 9.0.115.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/

Battle Master 2.0 (Battle Master_is1)
uninstall cmd: "C:\Program Files\Battle Master 2\unins000.exe"
publisher: Phoebus
help link: http://battlemasterchess.tripod.com

(Branding)

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

DX-Ball 1.09 (DX-Ball 1.09)
uninstall cmd: C:\PROGRA~1\DX-Ball\UNWISE.EXE C:\PROGRA~1\DX-Ball\INSTALL.LOG

DX-Ball 2 v1.2 (DX-Ball 2 v1.2)
uninstall cmd: C:\PROGRA~1\DXBall2\UNWISE.EXE C:\PROGRA~1\DXBall2\INSTALL.LOG

(DXM_Runtime)

(Fontcore)

GhostMouse 2.0 (GhostMouse 2.0)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\GMouse20\DeIsL1.isu -cC:\GMouse20\_ISREG32.DLL

HyperCam 2 (HyperCam 2)
uninstall cmd: "C:\Program Files\HyCam2\UnHyCam2.exe"

(ICW)

Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(IE40)

(IE4Data)

(IE5BAKEX)

Windows Internet Explorer 7 20061107.210142 (ie7)
install date: 20070803
uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie

(IEData)

(InstallShield Uninstall Information)

Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Security Update for Windows XP (KB883939) 1 (KB883939)
install date: 20050622
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

(KB884267)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

(KB885353)

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

(KB886612)

(KB887078)

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

(KB887626)

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

(KB888656)

(KB889858)

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20050622
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050622
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

(KB891122)

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Windows Genuine Advantage Validation Tool (KB892130) (KB892130)
install date: 20070803
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

(KB892313)

Security Update for Windows XP (KB893066) 2 (KB893066)
install date: 20050622
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050622
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

(KB893240)

(KB893241)

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20061026
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20061026
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

(KB895181)

(KB895316)

(KB895572)

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20050622
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20050622
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20061026
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20061026
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050622
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

(KB897586)

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20061026
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

(KB898549)

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20061026
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899589) 1 (KB899589)
install date: 20061026
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20061026
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

(KB900399)

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20061026
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20061026
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20061026
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Wizit
2007-12-22, 18:38
(KB902344)

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20061026
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Update for Windows XP (KB904942) 2 (KB904942)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904942

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20061026
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20061026
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

(KB907658)

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Update for Windows XP (KB908531) 2 (KB908531)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Update for Windows XP (KB911280) 2 (KB911280)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

(KB911565)

Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

(KB911854)

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Hotfix for Windows XP (KB915865) 10 (KB915865)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=915865

Update for Windows XP (KB916595) 1 (KB916595)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595

Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422

Security Update for Windows Media Player 10 (KB917734) (KB917734_WMP10)
install date: 20061028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows Media Player 9 (KB917734) (KB917734_WMP9)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918118) 1 (KB918118)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918118

Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

Security Update for Windows XP (KB918899) 1 (KB918899)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918899

Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007

Security Update for Windows XP (KB920213) 1 (KB920213)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920213

Security Update for Windows XP (KB920214) 1 (KB920214)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920214

Update for Windows XP (KB920342) 1 (KB920342)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920342

Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670

Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683

Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685

Update for Windows XP (KB920872) 1 (KB920872)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872

Security Update for Windows XP (KB921398) 1 (KB921398)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921398

Security Update for Windows XP (KB921503) 1 (KB921503)
install date: 20070820
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921503

Security Update for Windows XP (KB921883) 1 (KB921883)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921883

Update for Windows XP (KB922582) 1 (KB922582)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582

Security Update for Windows XP (KB922616) 1 (KB922616)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922616

Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819

Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191

Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414

Security Update for Windows XP (KB923689) (KB923689)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923689

Security Update for Windows XP (KB923980) 1 (KB923980)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923980

Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191

Security Update for Windows XP (KB924270) 1 (KB924270)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924270

Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496

Security Update for Windows XP (KB924667) 1 (KB924667)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924667

Security Update for Windows Media Player 6.4 (KB925398) (KB925398_WMP64)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=925398

Security Update for Windows XP (KB925486) 1 (KB925486)
install date: 20061027
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925486

Update for Windows XP (KB925876) 1 (KB925876)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925876

Security Update for Windows XP (KB925902) 1 (KB925902)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925902

Hotfix for Windows XP (KB926239) 2 (KB926239)
install date: 20070827
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926239

Security Update for Windows XP (KB926255) 1 (KB926255)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926255

Security Update for Windows XP (KB926436) 1 (KB926436)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926436

Security Update for Windows XP (KB927779) 1 (KB927779)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927779

Security Update for Windows XP (KB927802) 1 (KB927802)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927802

Update for Windows XP (KB927891) 3 (KB927891)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927891

Wizit
2007-12-22, 18:39
Security Update for Windows XP (KB930178) 1 (KB930178)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=930178

Update for Windows XP (KB930916) 1 (KB930916)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=930916

Security Update for Windows XP (KB931261) 1 (KB931261)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931261

Security Update for Windows XP (KB931784) 1 (KB931784)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931784

Update for Windows XP (KB931836) 1 (KB931836)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931836

Security Update for Windows XP (KB932168) 1 (KB932168)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=932168

Update for Windows XP (KB933360) 1 (KB933360)
install date: 20070829
uninstall cmd: "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=933360

Security Update for Windows XP (KB933566) 1 (KB933566)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=933566

Security Update for Windows Internet Explorer 7 (KB933566) 1 (KB933566-IE7)
install date: 20070811
uninstall cmd: "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=933566

Security Update for Windows XP (KB933729) 1 (KB933729)
install date: 20071011
uninstall cmd: "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=933729

Security Update for Windows XP (KB935839) 1 (KB935839)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=935839

Security Update for Windows XP (KB935840) 1 (KB935840)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=935840

Security Update for Windows XP (KB936021) 1 (KB936021)
install date: 20070820
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936021

Update for Windows XP (KB936357) 1 (KB936357)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936357

Security Update for Windows Media Player 10 (KB936782) (KB936782_WMP10)
install date: 20070820
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=936782

Security Update for Windows Media Player 11 (KB936782) (KB936782_WMP11)
install date: 20070829
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=936782

Security Update for Windows Internet Explorer 7 (KB937143) 1 (KB937143-IE7)
install date: 20070820
uninstall cmd: "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=937143

Security Update for Windows XP (KB937894) 1 (KB937894)
install date: 20071212
uninstall cmd: "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=937894

Security Update for Windows Internet Explorer 7 (KB938127) 1 (KB938127-IE7)
install date: 20070820
uninstall cmd: "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938127

Update for Windows XP (KB938828) 1 (KB938828)
install date: 20070820
uninstall cmd: "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938828

Security Update for Windows XP (KB938829) 1 (KB938829)
install date: 20070820
uninstall cmd: "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938829

Security Update for Windows Internet Explorer 7 (KB939653) 1 (KB939653-IE7)
install date: 20071011
uninstall cmd: "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=939653

Hotfix for Windows Media Player 11 (KB939683) (KB939683)
install date: 20070901
uninstall cmd: "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=939683

Security Update for Windows XP (KB941202) 1 (KB941202)
install date: 20071011
uninstall cmd: "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=941202

Security Update for Windows XP (KB941568) 1 (KB941568)
install date: 20071212
uninstall cmd: "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=941568

Security Update for Windows XP (KB941569) (KB941569)
install date: 20071212
uninstall cmd: "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=941569

Security Update for Windows Internet Explorer 7 (KB942615) 1 (KB942615-IE7)
install date: 20071212
uninstall cmd: "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=942615

Update for Windows XP (KB942763) 1 (KB942763)
install date: 20071212
uninstall cmd: "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=942763

Security Update for Windows XP (KB943460) 1 (KB943460)
install date: 20071114
uninstall cmd: "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=943460

Security Update for Windows XP (KB944653) 1 (KB944653)
install date: 20071212
uninstall cmd: "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=944653

(MobileOptionPack)

(MPlayer2)

Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20070827
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=74087

Wizit
2007-12-22, 18:40
(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(NetMeeting)

Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
install date: 20070803
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

(RM03)

RPG Maker 2003 (RPG Maker 20031.09a (Eng))
uninstall cmd: C:\WINDOWS\iun6002.exe "C:\Program Files\Enterbrain\RPG2003\irunin.ini"

(SchedulingAgent)

9.0.115.0 (ShockwaveFlash)

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Windows Genuine Advantage Validation Tool (KB892130) 1.7.0036.0 (WGA)
install date: 20061027
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768

Windows Media Player 11 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

(WMCSetup)

Windows Media Format 11 runtime (WMFDist11)
install date: 20070827
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Windows Media Player 11 (wmp11)
install date: 20070827
uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Microsoft User-Mode Driver Framework Feature Pack 1.0 (Wudf01000)
install date: 20070827
uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
comments: Build Number 5716

Yahoo! Browser Services (Yahoo! Extras)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S

Yahoo! Messenger (Yahoo! Messenger)
uninstall cmd: C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Yahoo! Widgets 4.0.5.0 (Yahoo! Widget Engine)
uninstall cmd: C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
publisher: Yahoo! Inc.

Yahoo! Install Manager (YInstHelper)
uninstall cmd: C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

Zone Rings from Outer-Space (Zone Rings from Outer-Space)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\ZoneRings\DeIsL1.isu"

Microsoft Office 2000 SR-1 Premium 9.00.9327 ({00000409-78E1-11D2-B60F-006097C998E7})
version: 151004271
version (major): 9
estimated size: 130864
install date: 20050622
install source: C:\Program Files\Microsoft Office\o2k\
uninstall cmd: MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office\ofread9.txt

AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: C:\Program Files\DivX

Java(TM) 6 Update 2 1.6.0.20 ({3248F0A8-6813-11D6-A77B-00B0D0160020})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 113906
install date: 20071021
install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_02-b06/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_02\README.txt

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20050622
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

({62369F2F77534556AEF4C58152E3BDE5})

6.5.1 ({7585478E9D9B42108671C12F8714CEFE})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
publisher: DivX, Inc.

Adobe Reader 7.0 7.0.0 ({AC76BA86-7AD7-1033-7B44-A70000000000})
version: 117440512
version (major): 7
estimated size: 62959
install date: 20050623
install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

RCA Video Converter 1.05.0200 ({B6B834C0-0000-4F87-B767-D58D8035EC0E})
version: 17105096
install location: C:\Program Files\RCA\RCA Video Converter
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6B834C0-0000-4F87-B767-D58D8035EC0E}\setup.exe" -l0x9 -remove

Zune 1.3.5728.0 ({ED55BFEF-90F3-4926-9536-D94FDBBF65DC})
version: 16979552
version (major): 1
version (minor): 3
estimated size: 43824
install date: 20071026
install source: C:\DOCUME~1\jd\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{ED55BFEF-90F3-4926-9536-D94FDBBF65DC}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkID=71730



--- System Services ---
Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 1EE7B434BA961EF845DE136224C30FEC
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Display name: Intel AGP Bus Filter
Image path: system32\DRIVERS\agp440.sys
Image size: 42368
Image MD5: 2C428FA0C3E3A01ED93C9B2A27D8D4BB
Start: 0
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): Ati HotKey Poller
Object name: LocalSystem
Image path: %SystemRoot%\system32\Atievxx.exe
Image size: 37376
Image MD5: 2CF76775AB06244BF2F7E7599B5A8480
Start: 2
Type: 272
Error Control: 1

Service (registry key): atimtai
Image path: system32\DRIVERS\atimtai.sys
Image size: 281600
Image MD5: 84A86A5D286AFA48D4EE88BA869806DD
Start: 3
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: system32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1

Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): cdrbsdrv
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 49536
Image MD5: AF9C19B3100FE010496B1A27181FBF72
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): CiSvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5632
Image MD5: 3192BD04D032A9C4A85A3278C268A13A
Start: 3
Type: 288
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): CmBatt
Display name: Microsoft AC Adapter Driver
Image path: system32\DRIVERS\CmBatt.sys
Image size: 14080
Image MD5: 4266BE808F85826AEDF3C64C1E240203
Start: 3
Type: 1
Error Control: 1

Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): Compbatt
Display name: Microsoft Composite Battery Driver
Image path: system32\DRIVERS\compbatt.sys
Image size: 9344
Image MD5: DF1B1A24BF52D0EBC01ED4ECE8979F50
Start: 0
Type: 1
Error Control: 1

Wizit
2007-12-22, 18:41
Service (registry key): COMSysApp
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0

Service (registry key): core
Image path: system32\drivers\core.sys
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cpqarray
Start: 4
Type: 1
Error Control: 1

Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): dac2w2k
Start: 4
Type: 1
Error Control: 0

Service (registry key): dac960nt
Start: 4
Type: 1
Error Control: 1

Service (registry key): DcomLaunch
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 799744
Image MD5: C0FBB516E06E243F0CF31F597E7EBF7D
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Image path: System32\drivers\dmio.sys
Image size: 153344
Image MD5: F5E7B358A732D09F4BCF2824B88B9E28
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmload
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): DMusic
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: A6F881284AC1150E37D9AE47FF601267
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): DomainService
Display name: DomainService
Description: DomainService
Object name: LocalSystem
Image path: C:\WINDOWS\system32\ttspieqr.exe /service
Image size: 74304
Image MD5: 5F43A8B08644C37C46F3405BD47634AF
Start: 2
Type: 16
Error Control: 0

Service (registry key): dpti2o
Start: 4
Type: 1
Error Control: 1

Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
Start: 3
Type: 1
Error Control: 1

Service (registry key): EL556ND5
Display name: 3Com 10/100 MiniPCI Ethernet Adapter Driver
Image path: system32\DRIVERS\EL556ND5.sys
Image size: 55999
Image MD5: 14304CB9FF0A9D2A79A7A54B28A5909A
Start: 3
Type: 1
Error Control: 1

Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1

Service (registry key): FastUserSwitchingCompatibility
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService

Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Image size: 27392
Image MD5: CED2E8396A8838E59D8FD529C680E02C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1

Service (registry key): Flpydisk
Start: 1
Type: 1
Error Control: 0

Service (registry key): FltMgr
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\DRIVERS\fltMgr.sys
Image size: 128896
Image MD5: 3D234FB6D6EE875EB009864A299BEA29
Start: 0
Type: 2
Error Control: 1

Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0

Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: system32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Start: 0
Type: 1
Error Control: 1

Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: system32\DRIVERS\msgpc.sys
Image size: 35072
Image MD5: C0F1D4A21DE5A415DF8170616703DEBF
Start: 3
Type: 1
Error Control: 1

Service (registry key): helpsvc
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): hidusb
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Image size: 9600
Image MD5: 1DE6783B918F540149AA69943BDFEBA8
Start: 3
Type: 1
Error Control: 0

Service (registry key): hpn
Start: 4
Type: 1
Error Control: 1

Service (registry key): HTTP
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Image size: 262784
Image MD5: CB77BB47E67E84DEB17BA29632501730
Start: 3
Type: 1
Error Control: 1

Service (registry key): HTTPFilter
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1

Service (registry key): i2omp
Start: 4
Type: 1
Error Control: 1

Wizit
2007-12-22, 18:41
Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 52736
Image MD5: 5502B58EEF7486EE6F93F3F164DCB808
Start: 1
Type: 1
Error Control: 1

Service (registry key): Imapi
Display name: CD-Burning Filter Driver
Image path: system32\DRIVERS\imapi.sys
Image size: 41856
Image MD5: F8AA320C6A0409C0380E5D8A99D76EC6
Start: 1
Type: 1
Error Control: 1

Service (registry key): ImapiService
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\imapi.exe
Image size: 150016
Image MD5: FA788520BCAC0F5D9D5CDE5615C0D931
Start: 3
Type: 16
Error Control: 1

Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0

Service (registry key): ini910u
Start: 4
Type: 1
Error Control: 1

Service (registry key): Inport
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntelIde
Image path: system32\DRIVERS\intelide.sys
Image size: 5504
Image MD5: 2D722B2B54AB55B2FA475EB58D7B2AAD
Start: 0
Type: 1
Error Control: 1

Service (registry key): Ip6Fw
Display name: IPv6 Windows Firewall Driver
Description: Provides intrusion prevention service for a home or small office network.
Image path: system32\DRIVERS\Ip6Fw.sys
Image size: 29056
Image MD5: 4448006B6BC60E6C027932CFC38D6855
Start: 3
Type: 1
Error Control: 1

Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Image size: 20992
Image MD5: E1EC7F5DA720B640CD8FB8424F1B14BB
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpNat
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 134912
Image MD5: E2168CBC7098FFE963C6F23F472A3593
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IPSec
Display name: IPSEC driver
Description: IPSEC driver
Image path: system32\DRIVERS\ipsec.sys
Image size: 74752
Image MD5: 64537AA5C003A6AFEEE1DF819062D0D1
Start: 1
Type: 1
Error Control: 1

Service (registry key): IRENUM
Display name: IR Enumerator Service
Image path: system32\DRIVERS\irenum.sys
Image size: 11264
Image MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410
Start: 3
Type: 1
Error Control: 1

Service (registry key): ISAPISearch
Start: 0
Type: 0
Error Control: 0

Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: system32\DRIVERS\isapnp.sys
Image size: 35840
Image MD5: E504F706CCB699C2596E9A3DA1596E87
Start: 0
Type: 1
Error Control: 3

Service (registry key): Kbdclass
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 24576
Image MD5: EBDEE8A2EE5393890A1ACEE971C4C246
Start: 1
Type: 1
Error Control: 1

Service (registry key): kmixer
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 172416
Image MD5: BA5DEDA4D934E6288C2F66CAF58D2562
Start: 3
Type: 1
Error Control: 1

Service (registry key): KSecDD
Start: 0
Type: 1
Error Control: 1

Service (registry key): lanmanserver
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): lanmanworkstation
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): lbrtfdc
Start: 1
Type: 1
Error Control: 0

Service (registry key): ldap
Start: 0
Type: 0
Error Control: 0

Service (registry key): LicenseService
Start: 0
Type: 0
Error Control: 0

Service (registry key): LmHosts
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): maestro
Display name: ESS Maestro Audio Driver (WDM)
Image path: system32\drivers\es198xdl.sys
Image size: 414400
Image MD5: CF549836CBE72508FB87162F56060601
Start: 3
Type: 1
Error Control: 1

Service (registry key): Messenger
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS

Service (registry key): mnmdd
Start: 1
Type: 1
Error Control: 0

Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\mnmsrvc.exe
Image size: 32768
Image MD5: F6415361201915B9FE3896B0E4E724FF
Start: 3
Type: 272
Error Control: 1

Service (registry key): Modem
Start: 3
Type: 1
Error Control: 0

Service (registry key): Mouclass
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 23040
Image MD5: 34E1F0031153E491910E12551400192C
Start: 1
Type: 1
Error Control: 1

Service (registry key): mouhid
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 12160
Image MD5: B1C303E17FB9D46E87A98E4BA6769685
Start: 3
Type: 1
Error Control: 0

Service (registry key): MountMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): mraid35x
Start: 4
Type: 1
Error Control: 1

Service (registry key): MRxDAV
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: system32\DRIVERS\mrxdav.sys
Image size: 181248
Image MD5: 46EDCC8F2DB2F322C24F48785CB46366
Start: 3
Type: 2
Error Control: 1

Service (registry key): MRxSmb
Display name: MRXSMB
Description: MRXSMB
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 453120
Image MD5: 025AF03CE51645C62F3B6907A7E2BE5E
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSDTC
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\system32\msdtc.exe
Image size: 6144
Image MD5: C7C3D89EB0A6F3DBA622EA737FA335B1
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSIServer
Display name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\msiexec.exe /V
Image size: 78848
Image MD5: F5F0146580E7023ADB963879840777F8
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7552
Image MD5: AE431A8DD3C1D0D0610CDBAC16057AD0
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5376
Image MD5: 13E75FEF9DFEB08EEDED9D0246E1F448
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4992
Image MD5: 1988A33FF19242576C3D0EF9CE785DA7
Start: 3
Type: 1
Error Control: 1

Service (registry key): mssmbios
Display name: Microsoft System Management BIOS Driver
Image path: system32\DRIVERS\mssmbios.sys
Image size: 15488
Image MD5: 469541F8BFD2B32659D5D463A6714BCE
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Display name: Mup
Start: 0
Type: 2
Error Control: 1

Service (registry key): NDIS
Display name: NDIS System Driver
Start: 0
Type: 1
Error Control: 1

Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: system32\DRIVERS\ndistapi.sys
Image size: 9600
Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 12928
Image MD5: 34D6CD56409DA9A7ED573E1C90A308BF
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: system32\DRIVERS\ndiswan.sys
Image size: 91776
Image MD5: 0B90E255A9490166AB368CD55A529893
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1

Wizit
2007-12-22, 18:42
Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 34560
Image MD5: 3A2ACA8FC1D7786902CA434998D7CEB4
Start: 1
Type: 2
Error Control: 1

Service (registry key): NetBT
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: system32\DRIVERS\netbt.sys
Image size: 162816
Image MD5: 0C80E410CD2F47134407EE7DD19CC86B
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): NetDDE
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM

Service (registry key): NetDDEdsdm
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1

Service (registry key): Netlogon
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): Nla
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd

Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): Ntfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): NtLmSsp
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1

Service (registry key): NtmsSvc
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Null
Start: 1
Type: 1
Error Control: 1

Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: system32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: system32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Start: 3
Type: 1
Error Control: 1

Service (registry key): odysseyIM3
Display name: Odyssey Network Services Miniport
Image path: system32\DRIVERS\odysseyIM3.sys
Image size: 62865
Image MD5: 5DCC587DEBA479B1F8E33AA8FB079B8A
Start: 3
Type: 1
Error Control: 1

Service (registry key): P3
Display name: Intel PentiumIII Processor Driver
Image path: system32\DRIVERS\p3.sys
Image size: 42496
Image MD5: 3E16EFF2A6FED2D8D7F5A66DFE65D183
Start: 1
Type: 1
Error Control: 1

Service (registry key): Parport
Display name: Parallel port driver
Image path: system32\DRIVERS\parport.sys
Image size: 80128
Image MD5: 29744EB4CE659DFE3B4122DEB45BC478
Start: 3
Type: 1
Error Control: 1

Service (registry key): PartMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): ParVdm
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PCI
Display name: PCI Bus Driver
Image path: system32\DRIVERS\pci.sys
Image size: 68224
Image MD5: 8086D9979234B603AD5BC2F5D890B234
Start: 0
Type: 1
Error Control: 3

Service (registry key): PCIDump
Start: 1
Type: 1
Error Control: 0

Service (registry key): PCIIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): Pcmcia
Image path: system32\DRIVERS\pcmcia.sys
Image size: 119936
Image MD5: 82A087207DECEC8456FBE8537947D579
Start: 0
Type: 1
Error Control: 1

Service (registry key): PDCOMP
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRELI
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): perc2
Start: 4
Type: 1
Error Control: 1

Service (registry key): perc2hib
Start: 4
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0

Service (registry key): PlugPlay
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1

Service (registry key): PolicyAgent
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec

Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: system32\DRIVERS\raspptp.sys
Image size: 48384
Image MD5: 1C5CC65AAC0783C344F16353E60B72AC
Start: 3
Type: 1
Error Control: 1

Service (registry key): ProtectedStorage
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): PSched
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: system32\DRIVERS\psched.sys
Image size: 69120
Image MD5: 48671F327553DCF1D27F6197F622A668
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc

Service (registry key): Ptilink
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: system32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Start: 3
Type: 1
Error Control: 1

Service (registry key): PxHelp20
Display name: PxHelp20
Image path: System32\Drivers\PxHelp20.sys
Image size: 43528
Image MD5: D86B4A68565E444D76457F14172C875A
Start: 0
Type: 1
Error Control: 1

Service (registry key): ql1080
Start: 4
Type: 1
Error Control: 1

Service (registry key): Ql10wnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql12160
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1240
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1280
Start: 4
Type: 1
Error Control: 1

Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: system32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 51328
Image MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv

Service (registry key): RasPppoe
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: system32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 7306EEED8895454CBED4669BE9F79FAA
Start: 3
Type: 1
Error Control: 1

Wizit
2007-12-22, 18:43
Service (registry key): Raspti
Display name: Direct Parallel
Description: Direct Parallel
Image path: system32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Start: 3
Type: 1
Error Control: 1

Service (registry key): Rdbss
Display name: Rdbss
Description: Rdbss
Image path: system32\DRIVERS\rdbss.sys
Image size: 174592
Image MD5: 03B965B1CA47F6EF60EB5E51CB50E0AF
Start: 1
Type: 2
Error Control: 1

Service (registry key): RDPCDD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): rdpdr
Display name: Terminal Server Device Redirector Driver
Image path: system32\DRIVERS\rdpdr.sys
Image size: 196864
Image MD5: A2CAE2C60BC37E0751EF9DDA7CEAF4AD
Start: 3
Type: 1
Error Control: 1

Service (registry key): RDPNP
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPWD
Start: 3
Type: 1
Error Control: 0

Service (registry key): RDSessMgr
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 140800
Image MD5: 729798E0933076B8FCFCD9934698F164
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): redbook
Display name: Digital CD Audio Playback Filter Driver
Image path: system32\DRIVERS\redbook.sys
Image size: 57472
Image MD5: B31B4588E4086D8D84ADBF9845C2402B
Start: 1
Type: 1
Error Control: 1

Service (registry key): RemoteAccess
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
Display name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): RpcLocator
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 75264
Image MD5: 793F04A09B15E7C6C11DBDFFAF06C0AB
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): RpcSs
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): RSVP
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\system32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs

Service (registry key): RT2500
Display name: Belkin RT2500 Wireless Driver
Image path: system32\DRIVERS\RT2500.sys
Image size: 243200
Image MD5: 16F6F00E7A89224EB3C5B354BE8ECCEE
Start: 3
Type: 1
Error Control: 1

Service (registry key): SamSs
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): SCardSvr
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 95744
Image MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay

Service (registry key): Schedule
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Secdrv
Display name: Secdrv
Description: SafeDisc driver
Image path: system32\DRIVERS\secdrv.sys
Image size: 20480
Image MD5: 90A3935D05B494A5A39D37E71F09A677
Start: 3
Type: 1
Error Control: 1

Service (registry key): seclogon
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 288
Error Control: 0

Service (registry key): SENS
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): serenum
Display name: Serenum Filter Driver
Image path: system32\DRIVERS\serenum.sys
Image size: 15488
Image MD5: A2D868AEEFF612E70E213C451A70CAFB
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Display name: Serial port driver
Image path: system32\DRIVERS\serial.sys
Image size: 64896
Image MD5: CD9404D115A00D249F70A371B46D5A26
Start: 1
Type: 1
Error Control: 0

Service (registry key): Sfloppy
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI miniport"

Service (registry key): SharedAccess
Display name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt

Service (registry key): ShellHWDetection
Display name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Simbad
Start: 4
Type: 1
Error Control: 1

Service (registry key): Sparrow
Start: 4
Type: 1
Error Control: 1

Service (registry key): splitter
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 6400
Image MD5: 0CE218578FFF5F4F7E4201539C45C78F
Start: 3
Type: 1
Error Control: 1

Service (registry key): Spooler
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 57856
Image MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): sr
Display name: System Restore Filter Driver
Image path: system32\DRIVERS\sr.sys
Image size: 73472
Image MD5: E41B6D037D6CD08461470AF04500DC24
Start: 0
Type: 2
Error Control: 1

Service (registry key): srservice
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Srv
Display name: Srv
Description: Srv
Image path: system32\DRIVERS\srv.sys
Image size: 332928
Image MD5: EA554A3FFC3F536FE8320EB38F5E4843
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): stisvc
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): swenum
Display name: Software Bus Driver
Image path: system32\DRIVERS\swenum.sys
Image size: 4352
Image MD5: 03C1BAE4766E2450219D20B993D6E046
Start: 3
Type: 1
Error Control: 1

Service (registry key): swmidi
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 54272
Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D
Start: 3
Type: 1
Error Control: 1

Service (registry key): SwPrv
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{92010625-5227-4070-B698-CA283848DC84}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss

Service (registry key): symc810
Start: 4
Type: 1
Error Control: 1

Service (registry key): symc8xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): sym_hi
Start: 4
Type: 1
Error Control: 1

Service (registry key): sym_u3
Start: 4
Type: 1
Error Control: 1

Service (registry key): sysaudio
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 60800
Image MD5: 650AD082D46BAC0E64C9C0E0928492FD
Start: 3
Type: 1
Error Control: 1

Service (registry key): SysmonLog
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 89600
Image MD5: 8B54AA346D1B1B113FFAA75501B8B1B2
Start: 3
Type: 16
Error Control: 1

Service (registry key): TapiSrv
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): Tcpip
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 359808
Image MD5: 1DBF125862891817F374F407626967F4
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec

Service (registry key): TDPIPE
Start: 3
Type: 1
Error Control: 0

Service (registry key): TDTCP
Start: 3
Type: 1
Error Control: 0

Wizit
2007-12-22, 18:44
Service (registry key): TermDD
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 40840
Image MD5: A540A99C281D933F3D69D55E48727F47
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost -k DComLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Themes
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): TlntSvr
Display name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\tlntsvr.exe
Image size: 73216
Image MD5: 37DB0A7D097310E8B4DE803FC3119C78
Start: 4
Type: 16
Error Control: 1
Depends On services: RPCSS,TCPIP,NTLMSSP

Service (registry key): TosIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): TrkWks
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TSDDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): Udfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): ultra
Start: 4
Type: 1
Error Control: 1

Service (registry key): Update
Display name: Microcode Update Driver
Image path: system32\DRIVERS\update.sys
Image size: 364160
Image MD5: CED744117E91BDC0BEB810F7D8608183
Start: 3
Type: 1
Error Control: 1

Service (registry key): upnphost
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): UPS
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\ups.exe
Image size: 18432
Image MD5: 3F5DF65B0758675F95A2D43918A740A3
Start: 3
Type: 16
Error Control: 1

Service (registry key): usbhub
Display name: USB2 Enabled Hub
Image path: system32\DRIVERS\usbhub.sys
Image size: 57600
Image MD5: C72F40947F92CEA56A8FB532EDF025F1
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 26496
Image MD5: 6CD7B22193718F1D17A47A1CD6D37E75
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbuhci
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: system32\DRIVERS\usbuhci.sys
Image size: 20480
Image MD5: F8FD1400092E23C8F2F31406EF06167B
Start: 3
Type: 1
Error Control: 1

Service (registry key): USB_RNDIS
Display name: TI AR7 DSL Modem Device Driver
Image path: system32\DRIVERS\usb8023.sys
Image size: 12672
Image MD5: AF090265EC388BAB320F1FF7E7A7D5EA
Start: 3
Type: 1
Error Control: 1

Service (registry key): VgaSave
Image path: \SystemRoot\System32\drivers\vga.sys
Start: 1
Type: 1
Error Control: 0

Service (registry key): ViaIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): VolSnap
Start: 0
Type: 1
Error Control: 1

Service (registry key): VSS
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 289792
Image MD5: 3EE00364AE0FD8D604F46CBAF512838A
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): W32Time
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): W3SVC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Wanarp
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 34560
Image MD5: 984EF0B9788ABF89974CFED4BFBAACBC
Start: 3
Type: 1
Error Control: 1

Service (registry key): WDHAALBA
Display name: WDHAALBAMiniPCI Winmodem
Image path: system32\DRIVERS\WDHAALBA.sys
Image size: 701386
Image MD5: 477ED2208E2E501987DD4A1304E92091
Start: 3
Type: 1
Error Control: 1

Service (registry key): WDICA
Start: 3
Type: 1
Error Control: 0

Service (registry key): wdmaud
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 82944
Image MD5: EFD235CA22B57C81118C1AEB4798F1C1
Start: 3
Type: 1
Error Control: 1

Service (registry key): WebClient
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): winmgmt
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): Winsock
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinTrust
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmdmPmSN
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): Wmi
Display name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): WmiApRpl
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmiApSrv
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Image size: 126464
Image MD5: BA8CECC3E813E1F7C441B20393D4F86C
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WMPNetworkSvc
Display name: Windows Media Player Network Sharing Service
Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
Object name: NT AUTHORITY\NetworkService
Image path: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Image size: 913408
Image MD5: F74E3D9A7FA9556C3BBB14D4E5E63D3B
Start: 2
Type: 16
Error Control: 1
Depends On services: upnphost,http,HTTPFilter

Service (registry key): WpdUsb
Display name: WpdUsb
Image path: system32\DRIVERS\wpdusb.sys
Image size: 38528
Image MD5: CF4DEF1BF66F06964DC0D91844239104
Start: 3
Type: 1
Error Control: 1

Service (registry key): WS2IFSL
Start: 1
Type: 0
Error Control: 0

Service (registry key): wscsvc
Display name: Security Center
Description: Monitors system security settings and configurations.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt

Service (registry key): wuauserv
Display name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): WudfPf
Display name: Windows Driver Foundation - User-mode Driver Framework Platform Driver
Description: Provide communciation services for UMDF components.
Image path: system32\DRIVERS\WudfPf.sys
Image size: 77568
Image MD5: F15FEAFFFBB3644CCC80C5DA584E6311
Start: 0
Type: 1
Error Control: 1

Service (registry key): WudfRd
Display name: Windows Driver Foundation - User-mode Driver Framework Reflector
Description: Reflect device requests to user-mode driver drivers
Image path: system32\DRIVERS\wudfrd.sys
Image size: 82944
Image MD5: 28B524262BCE6DE1F7EF9F510BA3985B
Start: 3
Type: 1
Error Control: 1

Service (registry key): WudfSvc
Display name: Windows Driver Foundation - User-mode Driver Framework
Description: Manages user-mode driver host processes
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): WZCSVC
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio

Service (registry key): xmlprov
Display name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ZuneNetworkSvc
Display name: Zune Network Sharing Service
Description: Shares Zune media libraries to Zune devices using Universal Plug and Play
Object name: NT Authority\NetworkService
Image path: "C:\Program Files\Zune\ZuneNss.exe"
Image size: 975400
Image MD5: 6BBA0510E705A6B9891FDBD9806ED78E
Start: 2
Type: 16
Error Control: 1
Depends On services: upnphost,http,HTTPFilter

Service (registry key): {53582671-EEEC-4626-BD4C-78ED9760960F}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {7C98FE09-1542-4CCB-885E-3B86F15E8860}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {A6100067-7925-4862-BB2E-E242DC9DD6CF}
Start: 0
Type: 0
Error Control: 0

Wizit
2007-12-22, 18:45
Sorry about the big log but that shows you how big the problem is.

tashi
2007-12-22, 22:14
Please start again Wizit. :alien:

I am concerned that because of the volume of posts (12) to your own topic, helpers will think you are already being assisted. :eek:

We ask only for a HJT log and the results of an on-line anti virus scan.
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Also:

Copy and paste that information into your next post if the AV content will fit into one post only.
If the results of the anti virus scan itself will take more than one post to contain, it is best not to post it. Just make a note for our volunteers so they are aware, as it would be best to start off with no more than two posts (total) in your topic before a helper responds.

If you do not understand the information given in the sticky topics, please let us know so we can guide you.

Best wishes.

Wizit
2007-12-22, 22:51
Please Help me! I dont know how to do this! I dont know how to create these logs and stuff so you can help me:sad:. Please who ever can guide me through this please do SO! Ive had enough of this virtumonde and smitfraud-c.coreservice viruses. PLEASE HELP!

katana
2007-12-22, 23:35
Don't worry, I'll take it from here :bigthumb:


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

VundoFix
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Click here (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe) to download HJTinstall.exe
Save HJTinstall.exe to your desktop.
Double click on the HJTinstall.exe icon on your desktop.
By default it will install to C:\\Program Files\\Trend Micro\\Hijack This.
Click I accept
Close HJT


Rename HJT
Please open your Hijack This folder
Right click on Hijackthis.exe
Select Rename
Rename Hijack This to showme.exe
Double click showme
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Wizit
2007-12-23, 04:30
Ok, you put and then paste a new hijackthis log. Am i supposed to post one before i do a scan?

Wizit
2007-12-23, 04:35
Ok here let me quote this better.

In the message you put "post the contents of C://Vundofix.txt and a new hijackthis log". Does this mean that i do a hijack this search, post a log ,then do a vundo and make another hijack log w/ a vundo log? Or do i just do the vundo search fix then reboot and THEN do a hijackthis log?

12/22/07 21:52

katana
2007-12-23, 13:56
Run VundoFix, reboot, then run HJT and post that log :bigthumb:

Wizit
2007-12-23, 22:19
Heres the contents of the Vundo


VundoFix V6.7.7

Checking Java version...

Scan started at 8:19:57 PM 12/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\cfjoyehl.dll
version...

Scan started at 12:05:23 PM 12/23/2007

Listing files found while scanning....

C:\WINDOWS\system32\cutcyrpz.dll
C:\WINDOWS\system32\dalprhty.dll
C:\WINDOWS\system32\dnikvuqv.dll
C:\WINDOWS\system32\enqyaeft.ini
C:\WINDOWS\system32\eouqhtkr.dll
C:\WINDOWS\system32\gijcqsqh.dll
C:\WINDOWS\system32\hqpjlkrf.dll
C:\WINDOWS\system32\jscfmmfs.dll
C:\WINDOWS\system32\keskugxu.dll
C:\WINDOWS\system32\lvesbntv.dll
C:\WINDOWS\system32\npgktrlm.dll
C:\WINDOWS\system32\ptorrbxj.dll
C:\WINDOWS\system32\tbgsjiaa.dll
C:\WINDOWS\system32\tfeayqne.dll
C:\WINDOWS\system32\tprwdjxj.dll
C:\WINDOWS\system32\unpdlupp.dll
C:\WINDOWS\system32\vcgunrbq.dll
C:\WINDOWS\system32\vdudvqob.dll
C:\WINDOWS\system32\vptlfctr.dll
C:\WINDOWS\system32\vtnbsevl.ini
C:\WINDOWS\system32\xbsimgda.dll
C:\WINDOWS\system32\ygbbpvuu.dll
C:\WINDOWS\system32\cfjoyehl.dll
C:\WINDOWS\system32\cutcyrpz.dll
C:\windows\system32\cutcyrpz.dllbox
C:\WINDOWS\system32\dalprhty.dll
C:\WINDOWS\system32\dnikvuqv.dll
C:\WINDOWS\system32\enqyaeft.ini
C:\WINDOWS\system32\eouqhtkr.dll
C:\WINDOWS\system32\gijcqsqh.dll
C:\WINDOWS\system32\hqpjlkrf.dll
C:\WINDOWS\system32\jscfmmfs.dll
C:\WINDOWS\system32\keskugxu.dll
C:\WINDOWS\system32\lvesbntv.dll
C:\WINDOWS\system32\npgktrlm.dll
C:\WINDOWS\system32\ptorrbxj.dll
C:\WINDOWS\system32\tbgsjiaa.dll
C:\WINDOWS\system32\tfeayqne.dll
C:\WINDOWS\system32\tprwdjxj.dll
C:\WINDOWS\system32\unpdlupp.dll
C:\WINDOWS\system32\vcgunrbq.dll
C:\WINDOWS\system32\vdudvqob.dll
C:\WINDOWS\system32\vptlfctr.dll
C:\WINDOWS\system32\vtnbsevl.ini
C:\WINDOWS\system32\xbsimgda.dll
C:\WINDOWS\system32\ygbbpvuu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cfjoyehl.dll
C:\WINDOWS\system32\cfjoyehl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cutcyrpz.dll
C:\WINDOWS\system32\cutcyrpz.dll Has been deleted!

Attempting to delete C:\windows\system32\cutcyrpz.dllbox
C:\windows\system32\cutcyrpz.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\dalprhty.dll
C:\WINDOWS\system32\dalprhty.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dnikvuqv.dll
C:\WINDOWS\system32\dnikvuqv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\enqyaeft.ini
C:\WINDOWS\system32\enqyaeft.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\eouqhtkr.dll
C:\WINDOWS\system32\eouqhtkr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gijcqsqh.dll
C:\WINDOWS\system32\gijcqsqh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hqpjlkrf.dll
C:\WINDOWS\system32\hqpjlkrf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jscfmmfs.dll
C:\WINDOWS\system32\jscfmmfs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\keskugxu.dll
C:\WINDOWS\system32\keskugxu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lvesbntv.dll
C:\WINDOWS\system32\lvesbntv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\npgktrlm.dll
C:\WINDOWS\system32\npgktrlm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ptorrbxj.dll
C:\WINDOWS\system32\ptorrbxj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tbgsjiaa.dll
C:\WINDOWS\system32\tbgsjiaa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tfeayqne.dll
C:\WINDOWS\system32\tfeayqne.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tprwdjxj.dll
C:\WINDOWS\system32\tprwdjxj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\unpdlupp.dll
C:\WINDOWS\system32\unpdlupp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vcgunrbq.dll
C:\WINDOWS\system32\vcgunrbq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vdudvqob.dll
C:\WINDOWS\system32\vdudvqob.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vptlfctr.dll
C:\WINDOWS\system32\vptlfctr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtnbsevl.ini
C:\WINDOWS\system32\vtnbsevl.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xbsimgda.dll
C:\WINDOWS\system32\xbsimgda.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ygbbpvuu.dll
C:\WINDOWS\system32\ygbbpvuu.dll Has been deleted!

Performing Repairs to the registry.
Done!

Wizit
2007-12-23, 22:20
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:27 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Atievxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\limewire\limewire.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmhp.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {153da9c5-f35a-41b2-920c-d56846660c99} - C:\WINDOWS\system32\ettktlb.dll (file missing)
O2 - BHO: {fccf5eef-74a1-00ea-c6c4-cc89156cfd74} - {47dfc651-98cc-4c6c-ae00-1a47fee5fccf} - C:\WINDOWS\system32\ptorrbxj.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7FDFEBE7-BD6F-4B9B-AA85-F1803CC80FFF} - C:\WINDOWS\system32\yabxw.dll (file missing)
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\yayvsts.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: svchost.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186100614029
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: yayvsts - C:\WINDOWS\SYSTEM32\yayvsts.dll
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

--
End of file - 5308 bytes

katana
2007-12-23, 22:47
That's looking better :bigthumb:

Still a bit more needs to go though.

Please download ComboFix by sUBs from HERE (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or HERE (http://subs.geekstogo.com/ComboFix.exe)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Wizit
2007-12-24, 02:54
We might have a problem. One Of the Viruses always pulls up command prompts when i boot up the computer. It wont let it run because the virus is already using it! What do I do now! Reply soon with an answer or not.

katana
2007-12-24, 03:59
Try this

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:




Killall::


Save this as CFScript.txt and place it on your desktop.


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Wizit
2007-12-24, 04:51
When i do that is pops up a little window and says

"C:/WINDOWS/system32/cmd.exe":
"Another program is currently using this file"

I think its the virus because it opens cmd prompts when i log in. It never did that until i caught these viruses.

:angel:Please help!:angel:

katana
2007-12-24, 06:38
Disable Teatimer
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
OTMoveIt
Please download OTMoveIt by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe).

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\WINDOWS\system32\yayvsts.dll
C:\WINDOWS\system32\winlog.exe
C:\ONOES.EXE

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt
Copy and paste the contents of the results box as a reply to this topic

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\\_OTMoveIt\\MovedFiles\\********_******.log
(where "********_******" is the "date_time")

Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {153da9c5-f35a-41b2-920c-d56846660c99} - C:\WINDOWS\system32\ettktlb.dll (file missing)
O2 - BHO: {fccf5eef-74a1-00ea-c6c4-cc89156cfd74} - {47dfc651-98cc-4c6c-ae00-1a47fee5fccf} - C:\WINDOWS\system32\ptorrbxj.dll (file missing)
O2 - BHO: (no name) - {7FDFEBE7-BD6F-4B9B-AA85-F1803CC80FFF} - C:\WINDOWS\system32\yabxw.dll (file missing)
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\yayvsts.dll
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - Global Startup: svchost.exe
O20 - Winlogon Notify: yayvsts - C:\WINDOWS\SYSTEM32\yayvsts.dll
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis


No Antivirus
I can see no indication of any Antivirus software.

Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
Free AV list
AVG Free (http://free.grisoft.com/doc/downloads-products/us/frt/0?prd=aff)
Avira AntiVir (http://www.free-av.com/)
Avast (http://www.avast.com/eng/products.html)

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.
If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Antivirus is a MUST


Logs/Information to Post in Reply
Please post the following logs/Information in your reply

OTMoveIt log
A fresh HJT log
How are things running now ?

Wizit
2007-12-24, 08:37
The only things on the hijackthis log were
O4 - HKLM\..\Run: [winlog] winlog.exe &
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

I deleted those so here are the logs

Wizit
2007-12-24, 08:37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:29 AM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Atievxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmhp.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - .DEFAULT User Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186100614029
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

--
End of file - 4051 bytes

Wizit
2007-12-24, 08:40
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yayvsts.dll
C:\WINDOWS\system32\yayvsts.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\yayvsts.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\winlog.exe not found.
File/Folder C:\ONOES.EXE not found.

Created on 12/24/2007 00:22:47


So am i supposed to do the combofix thing now or is my pc clean?:2thumb:

Wizit
2007-12-24, 10:53
I downloaded that AVG software thing and now I my pc is running slower and it keeps saying theres trojans on my pc. Are you sure that the website was safe. Im gona Run the Vundo Fix again because it did wonders for me the first time.:D:

katana
2007-12-24, 13:52
Vundo fix shouldn't do anything now,

Try running ComboFix again,

Wizit
2007-12-24, 20:45
:eek:Finally the combofix worked:eek: Heres the log

ComboFix 07-12-21.4 - jd 2007-12-24 12:02:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.170 [GMT -6:00]Running from: C:\Documents and Settings\jd\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
C:\install.exe
C:\Program Files\outlook
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\abc2
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\nwgcxlbw.dllbox
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\winlogo.exe
C:\winlogon.exe
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\core
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-24 02:20 . 2007-12-24 02:20 14,033 --a------ C:\posE1C.tmp
2007-12-24 02:19 . 2007-12-24 02:19 165,472 --a------ C:\WINDOWS\system32\ucaapnft.dll
2007-12-24 02:19 . 2007-12-24 02:19 74,304 --a------ C:\WINDOWS\system32\fregymvv.exe
2007-12-24 02:17 . 2007-12-24 02:17 359,351 --ahs---- C:\WINDOWS\system32\acfhk.bak2
2007-12-24 02:12 . 2007-12-24 02:23 <DIR> d-------- C:\Program Files\Runescape Apocalypse Client
2007-12-24 01:39 . 2007-12-24 01:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-24 01:39 . 2007-12-24 08:01 <DIR> d-------- C:\Documents and Settings\jd\Application Data\AVG7
2007-12-24 01:38 . 2007-12-24 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 01:38 . 2007-12-24 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-23 14:17 . 2007-12-24 02:32 361,196 --ahs---- C:\WINDOWS\system32\acfhk.ini
2007-12-23 14:17 . 2007-12-23 14:17 6,560 --ahs---- C:\WINDOWS\system32\acfhk.bak1
2007-12-22 20:25 . 2007-12-22 20:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-22 20:19 . 2007-12-24 09:45 <DIR> d-------- C:\VundoFix Backups
2007-12-22 15:14 . 2007-12-22 15:15 991,464 --ahs---- C:\WINDOWS\system32\adgmisbx.ini
2007-12-22 10:05 . 2007-12-22 13:00 991,293 --ahs---- C:\WINDOWS\system32\ppuldpnu.ini
2007-12-21 22:12 . 2007-12-21 22:13 1,676,194 --ahs---- C:\WINDOWS\system32\jxjdwrpt.ini
2007-12-21 21:06 . 2007-12-21 21:06 14,033 --a------ C:\posC75.tmp
2007-12-21 19:41 . 2007-12-21 22:13 1,674,954 --ahs---- C:\WINDOWS\system32\rtcfltpv.ini
2007-12-21 19:38 . 2007-12-21 19:38 14,033 --a------ C:\posAC4.tmp
2007-12-21 16:06 . 2007-12-21 19:39 1,676,014 --ahs---- C:\WINDOWS\system32\neygqjlf.ini
2007-12-21 16:01 . 2007-12-21 16:01 14,033 --a------ C:\pos94B.tmp
2007-12-21 16:00 . 2007-12-21 16:00 14,033 --a------ C:\pos844.tmp
2007-12-21 14:08 . 2007-12-21 16:01 1,829,183 --ahs---- C:\WINDOWS\system32\xvxispda.ini
2007-12-21 13:53 . 2007-12-21 13:53 14,033 --a------ C:\pos4FA.tmp
2007-12-20 17:11 . 2007-12-21 13:56 1,975,012 --ahs---- C:\WINDOWS\system32\dclsaaby.ini
2007-12-20 15:59 . 2007-12-20 16:28 993,178 --ahs---- C:\WINDOWS\system32\rvrfiknv.ini
2007-12-20 15:57 . 2007-12-20 15:57 14,033 --a------ C:\pos7A4.tmp
2007-12-20 15:56 . 2007-12-20 15:56 14,033 --a------ C:\pos68B.tmp
2007-12-19 21:08 . 2007-12-20 15:56 993,109 --ahs---- C:\WINDOWS\system32\pqgvwcxq.ini
2007-12-19 21:01 . 2007-12-19 21:01 14,033 --a------ C:\posA.tmp
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Store Purchased
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Shared
2007-12-19 20:29 . 2007-12-21 21:09 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Saved
2007-12-19 20:26 . 2007-12-21 21:10 <DIR> d-------- C:\Program Files\LimeWire
2007-12-19 20:15 . 2007-12-19 21:02 992,989 --ahs---- C:\WINDOWS\system32\vfmpauef.ini
2007-12-19 20:12 . 2007-12-19 20:12 165,472 --a------ C:\WINDOWS\system32\kowomwfv.dll
2007-12-18 20:14 . 2007-12-19 20:14 992,869 --ahs---- C:\WINDOWS\system32\fmjysakr.ini
2007-12-17 19:33 . 2007-12-17 19:33 <DIR> d-------- C:\Program Files\RCA
2007-12-17 17:46 . 2007-12-17 20:17 971,241 --ahs---- C:\WINDOWS\system32\vkxctjjm.ini
2007-12-17 16:15 . 2007-12-17 17:43 971,121 --ahs---- C:\WINDOWS\system32\vwhcrjeg.ini
2007-12-17 13:28 . 2007-12-17 13:20 338,965 --ahs---- C:\WINDOWS\system32\wxbay.ini
2007-12-17 13:20 . 2007-12-22 20:08 360,140 --ahs---- C:\WINDOWS\system32\wxbay.ini2
2007-12-17 13:20 . 2007-12-22 12:57 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-17 13:16 . 2007-12-17 13:16 <DIR> dr-h----- C:\Documents and Settings\Kyle\Application Data\yahoo!
2007-12-17 13:14 . 2007-12-17 13:20 338,965 --ahs---- C:\WINDOWS\system32\wxbay.tmp
2007-12-16 17:47 . 2007-08-03 19:31 <DIR> d-------- C:\Documents and Settings\Kyle\WINDOWS
2007-12-16 17:47 . 2007-12-16 17:47 <DIR> d--hs---- C:\Documents and Settings\Kyle\UserData
2007-12-16 17:47 . 2007-08-03 19:36 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\McAfee.com Personal Firewall
2007-12-16 17:44 . 2007-12-16 17:44 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-16 15:22 . 2007-12-22 17:01 2,402 --a------ C:\WINDOWS\wininit.ini
2007-12-16 14:27 . 2007-12-22 15:09 366,160 --ahs---- C:\WINDOWS\system32\wxbay.bak2
2007-12-16 11:20 . 2007-12-16 19:48 <DIR> d-------- C:\Documents and Settings\jd\Application Data\DivX
2007-12-15 23:09 . 2007-12-15 23:09 167 --a------ C:\Documents and Settings\jd\1563.bat
2007-12-15 22:16 . 2007-12-16 17:36 <DIR> d-------- C:\Documents and Settings\jd\Application Data\Lavasoft
2007-12-15 21:54 . 2007-12-15 21:54 167 --a------ C:\Documents and Settings\jd\1618.bat
2007-12-15 21:46 . 2007-12-15 23:09 36,864 --a------ C:\Documents and Settings\jd\winlogo.exe
2007-12-15 19:11 . 2007-12-18 20:10 333,774 --ahs---- C:\WINDOWS\system32\wxbay.bak1
2007-12-15 19:07 . 2007-12-15 19:09 329,824 --a------ C:\WINDOWS\system32\yabxw.dll_old
2007-12-15 19:03 . 2007-12-15 19:03 167 --a------ C:\WINDOWS\system32\8029.bat
2007-12-15 19:02 . 2007-12-15 21:51 <DIR> d-------- C:\WINDOWS\system32\shel9
2007-12-15 19:02 . 2007-12-16 11:17 <DIR> d-------- C:\WINDOWS\system32\oc9
2007-12-15 19:02 . 2007-12-15 19:02 <DIR> d-------- C:\WINDOWS\system32\ipd1
2007-12-15 19:02 . 2007-12-16 11:17 <DIR> d-------- C:\WINDOWS\system32\ex1
2007-12-15 19:02 . 2007-12-15 19:02 68,096 --------- C:\app.exe
2007-12-15 19:02 . 2007-12-15 19:02 134 --a------ C:\n.bat
2007-12-15 19:02 . 2007-12-15 19:02 0 --a------ C:\WINDOWS\system32\z.dat
2007-12-15 19:02 . 2007-12-15 19:02 0 --a------ C:\WINDOWS\system32\x.dat
2007-12-15 19:01 . 2007-12-15 19:01 <DIR> d-------- C:\WINDOWS\system32\ineWc07
2007-12-15 19:01 . 2007-12-15 19:02 <DIR> d-------- C:\Temp\tpBe12
2007-12-15 19:01 . 2007-12-24 12:27 <DIR> d-------- C:\Temp
2007-12-11 16:35 . 2007-12-11 16:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 16:35 . 2007-12-11 16:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 16:34 . 2007-12-11 16:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 16:34 . 2007-12-11 16:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 16:34 . 2007-12-11 16:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 16:32 . 2007-12-11 16:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-12-11 16:32 . 2007-12-11 16:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 16:32 . 2007-12-11 16:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-10 19:00 . 2007-12-10 19:00 <DIR> d-------- C:\GMouse20
2007-12-02 00:40 . 2007-12-17 19:49 74 --a------ C:\WINDOWS\RCAMPEG4VC.ini
2007-12-01 23:35 . 2006-09-13 14:52 561,152 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-01 23:35 . 2006-09-13 15:01 237,568 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-01 23:35 . 2005-12-30 15:34 2,864 --a------ C:\WINDOWS\system32\xvid.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 05:26 --------- d-----w C:\Program Files\RegistryFix
2007-12-22 03:09 --------- d-----w C:\Documents and Settings\jd\Application Data\LimeWire
2007-12-18 01:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 19:34 --------- d-----w C:\Program Files\Java
2007-12-17 00:17 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-08 19:02 --------- d-----w C:\Program Files\Yahoo!
2007-12-02 05:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-18 03:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-18 03:17 --------- d-----w C:\Program Files\rpg2003
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-03 20:22 --------- d-----w C:\Documents and Settings\jd\Application Data\Yahoo!
2007-11-03 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-01 20:04 --------- d-----w C:\Program Files\FileZilla
2007-11-01 14:03 0 ----a-w C:\Documents and Settings\jd\AutoTalkerPro20.exe
2007-10-27 00:15 --------- d-----w C:\Program Files\Zune
2007-08-02 13:43 282,624 ----a-w C:\Program Files\Common Files\meqot83122.dll
2007-08-02 13:43 282,624 ----a-w C:\Program Files\Common Files\meqot4444.dll
2007-09-04 23:56 56 --sh--r C:\WINDOWS\system32\A3D88A52D0.sys
2007-09-04 23:56 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{153da9c5-f35a-41b2-920c-d56846660c99}]
C:\WINDOWS\system32\ettktlb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47dfc651-98cc-4c6c-ae00-1a47fee5fccf}]
C:\WINDOWS\system32\ptorrbxj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FDFEBE7-BD6F-4B9B-AA85-F1803CC80FFF}]
C:\WINDOWS\system32\yabxw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C79D9874-87DB-4FDD-968E-C895E9690DEA}]
C:\WINDOWS\system32\khfca.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-27 18:09]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 16:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-24 09:44]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-24 01:38]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\Kyle\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\jd\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwgcxlbw]
nwgcxlbw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvsts]
yayvsts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

R3 atimtai;atimtai;C:\WINDOWS\system32\DRIVERS\atimtai.sys [2001-08-17 06:48]
R3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\EL556ND5.sys [2001-08-17 06:10]
R3 maestro;ESS Maestro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198xdl.sys [2002-06-20 16:53]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2005-06-22 18:54]
R3 WDHAALBA;WDHAALBAMiniPCI Winmodem;C:\WINDOWS\system32\DRIVERS\WDHAALBA.sys [2001-08-17 07:28]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0a4aa71-4959-11dc-a30f-0000864da474}]
\Shell\AutoRun\command - D:\setup.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 12:39:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-24 12:42:09 - machine was rebooted
.
2007-12-12 01:06:33 --- E O F ---

katana
2007-12-24, 21:32
You have some very nasty infections showing there, one or more is a Password Stealer
Please do the following in the order given

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it katlook.bat Please save it on your desktop.



echo "Data stolen" >> C:\Katlook.txt
type C:\qoobox\Quarantine\C\x.dat >> C:\Katlook.txt
type C:\qoobox\Quarantine\C\z.dat >> C:\Katlook.txt
type C:\WINDOWS\system32\x.dat >> C:\Katlook.txt
type C:\WINDOWS\system32\z.dat >> C:\Katlook.txt
Notepad C:\katlook.txt
del /q katlook.bat
exit

Double click on Katlook.bat

Notepad will open, if it is empty that is great.
If it is not empty, it will contain any data that may have been stolen


Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:



DirLook::
C:\WINDOWS\system32\shel9
C:\WINDOWS\system32\oc9
C:\WINDOWS\system32\ipd1
C:\WINDOWS\system32\ex1

File::
C:\WINDOWS\system32\ucaapnft.dll
C:\WINDOWS\system32\fregymvv.exe
C:\WINDOWS\system32\acfhk.bak2
C:\WINDOWS\system32\acfhk.ini
C:\WINDOWS\system32\acfhk.bak1
C:\WINDOWS\system32\adgmisbx.ini
C:\WINDOWS\system32\ppuldpnu.ini
C:\WINDOWS\system32\jxjdwrpt.ini
C:\WINDOWS\system32\rtcfltpv.ini
C:\WINDOWS\system32\neygqjlf.ini
C:\WINDOWS\system32\xvxispda.ini
C:\WINDOWS\system32\dclsaaby.ini
C:\WINDOWS\system32\rvrfiknv.ini
C:\WINDOWS\system32\pqgvwcxq.ini
C:\WINDOWS\system32\vfmpauef.ini
C:\WINDOWS\system32\kowomwfv.dll
C:\WINDOWS\system32\fmjysakr.ini
C:\WINDOWS\system32\vkxctjjm.ini
C:\WINDOWS\system32\vwhcrjeg.ini
C:\WINDOWS\system32\wxbay.ini
C:\WINDOWS\system32\wxbay.ini2
C:\WINDOWS\system32\wxbay.tmp
C:\WINDOWS\system32\wxbay.bak2
C:\Documents and Settings\jd\1563.bat
C:\Documents and Settings\jd\1618.bat
C:\Documents and Settings\jd\winlogo.exe
C:\WINDOWS\system32\wxbay.bak1
C:\WINDOWS\system32\yabxw.dll_old
C:\WINDOWS\system32\8029.bat
C:\app.exe
C:\n.bat
C:\WINDOWS\system32\khfca.dll
C:\WINDOWS\system32\yabxw.dll
C:\WINDOWS\system32\ettktlb.dll
C:\WINDOWS\system32\ptorrbxj.dll
C:\WINDOWS\RCAMPEG4VC.ini
C:\WINDOWS\iun6002.exe
C:\Program Files\Common Files\meqot83122.dll
C:\Program Files\Common Files\meqot4444.dll
Folder::
C:\Temp\tpBe12
Driver::
Microsoft cache control
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{153da9c5-f35a-41b2-920c-d56846660c99}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47dfc651-98cc-4c6c-ae00-1a47fee5fccf}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FDFEBE7-BD6F-4B9B-AA85-F1803CC80FFF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C79D9874-87DB-4FDD-968E-C895E9690DEA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwgcxlbw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvsts]

Save this as CFScript.txt and place it on your desktop.


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Wizit
2007-12-25, 03:31
dont.:bigthumb:
heres to you :beerbeerb: lol. Heres is the new Combofix log


ComboFix 07-12-21.4 - jd 2007-12-24 18:45:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.242 [GMT -6:00]
Running from: C:\Documents and Settings\jd\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jd\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\app.exe
C:\Documents and Settings\jd\1563.bat
C:\Documents and Settings\jd\1618.bat
C:\Documents and Settings\jd\winlogo.exe
C:\n.bat
C:\Program Files\Common Files\meqot4444.dll
C:\Program Files\Common Files\meqot83122.dll
C:\WINDOWS\iun6002.exe
C:\WINDOWS\RCAMPEG4VC.ini
C:\WINDOWS\system32\8029.bat
C:\WINDOWS\system32\acfhk.bak1
C:\WINDOWS\system32\acfhk.bak2
C:\WINDOWS\system32\acfhk.ini
C:\WINDOWS\system32\adgmisbx.ini
C:\WINDOWS\system32\dclsaaby.ini
C:\WINDOWS\system32\ettktlb.dll
C:\WINDOWS\system32\fmjysakr.ini
C:\WINDOWS\system32\fregymvv.exe
C:\WINDOWS\system32\jxjdwrpt.ini
C:\WINDOWS\system32\khfca.dll
C:\WINDOWS\system32\kowomwfv.dll
C:\WINDOWS\system32\neygqjlf.ini
C:\WINDOWS\system32\ppuldpnu.ini
C:\WINDOWS\system32\pqgvwcxq.ini
C:\WINDOWS\system32\ptorrbxj.dll
C:\WINDOWS\system32\rtcfltpv.ini
C:\WINDOWS\system32\rvrfiknv.ini
C:\WINDOWS\system32\ucaapnft.dll
C:\WINDOWS\system32\vfmpauef.ini
C:\WINDOWS\system32\vkxctjjm.ini
C:\WINDOWS\system32\vwhcrjeg.ini
C:\WINDOWS\system32\wxbay.bak1
C:\WINDOWS\system32\wxbay.bak2
C:\WINDOWS\system32\wxbay.ini
C:\WINDOWS\system32\wxbay.ini2
C:\WINDOWS\system32\wxbay.tmp
C:\WINDOWS\system32\xvxispda.ini
C:\WINDOWS\system32\yabxw.dll
C:\WINDOWS\system32\yabxw.dll_old
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\app.exe
C:\Documents and Settings\jd\1563.bat
C:\Documents and Settings\jd\1618.bat
C:\Documents and Settings\jd\winlogo.exe
C:\n.bat
C:\Program Files\Common Files\meqot4444.dll
C:\Program Files\Common Files\meqot83122.dll
C:\Temp\tpBe12
C:\Temp\tpBe12\etFr.log
C:\WINDOWS\iun6002.exe
C:\WINDOWS\RCAMPEG4VC.ini
C:\WINDOWS\system32\8029.bat
C:\WINDOWS\system32\acfhk.bak1
C:\WINDOWS\system32\acfhk.bak2
C:\WINDOWS\system32\acfhk.ini
C:\WINDOWS\system32\adgmisbx.ini
C:\WINDOWS\system32\dclsaaby.ini
C:\WINDOWS\system32\fmjysakr.ini
C:\WINDOWS\system32\fregymvv.exe
C:\WINDOWS\system32\jxjdwrpt.ini
C:\WINDOWS\system32\kowomwfv.dll
C:\WINDOWS\system32\neygqjlf.ini
C:\WINDOWS\system32\ppuldpnu.ini
C:\WINDOWS\system32\pqgvwcxq.ini
C:\WINDOWS\system32\rtcfltpv.ini
C:\WINDOWS\system32\rvrfiknv.ini
C:\WINDOWS\system32\ucaapnft.dll
C:\WINDOWS\system32\vfmpauef.ini
C:\WINDOWS\system32\vkxctjjm.ini
C:\WINDOWS\system32\vwhcrjeg.ini
C:\WINDOWS\system32\wxbay.bak1
C:\WINDOWS\system32\wxbay.bak2
C:\WINDOWS\system32\wxbay.ini
C:\WINDOWS\system32\wxbay.ini2
C:\WINDOWS\system32\wxbay.tmp
C:\WINDOWS\system32\xvxispda.ini
C:\WINDOWS\system32\yabxw.dll_old

.
((((((((((((((((((((((((( Files Created from 2007-11-25 to 2007-12-25 )))))))))))))))))))))))))))))))
.

2007-12-24 02:20 . 2007-12-24 02:20 14,033 --a------ C:\posE1C.tmp
2007-12-24 02:12 . 2007-12-24 02:23 <DIR> d-------- C:\Program Files\Runescape Apocalypse Client
2007-12-24 01:39 . 2007-12-24 01:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-24 01:39 . 2007-12-24 08:01 <DIR> d-------- C:\Documents and Settings\jd\Application Data\AVG7
2007-12-24 01:38 . 2007-12-24 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 01:38 . 2007-12-24 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-22 20:25 . 2007-12-22 20:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-22 20:19 . 2007-12-24 09:45 <DIR> d-------- C:\VundoFix Backups
2007-12-21 21:07 . 2007-12-21 21:07 14,033 --a------ C:\posDA8.tmp
2007-12-21 21:06 . 2007-12-21 21:06 14,033 --a------ C:\posC75.tmp
2007-12-21 19:39 . 2007-12-21 19:39 14,033 --a------ C:\posBB7.tmp
2007-12-21 19:38 . 2007-12-21 19:38 14,033 --a------ C:\posAC4.tmp
2007-12-21 16:02 . 2007-12-21 16:02 14,033 --a------ C:\pos9C4.tmp
2007-12-21 16:01 . 2007-12-21 16:01 14,033 --a------ C:\pos94B.tmp
2007-12-21 16:00 . 2007-12-21 16:00 14,033 --a------ C:\pos844.tmp
2007-12-21 13:54 . 2007-12-21 13:54 14,033 --a------ C:\pos5DB.tmp
2007-12-21 13:53 . 2007-12-21 13:53 14,033 --a------ C:\pos4FA.tmp
2007-12-20 15:58 . 2007-12-20 15:58 14,033 --a------ C:\pos811.tmp
2007-12-20 15:57 . 2007-12-20 15:57 14,033 --a------ C:\pos7A4.tmp
2007-12-20 15:56 . 2007-12-20 15:56 14,033 --a------ C:\pos68B.tmp
2007-12-19 21:02 . 2007-12-19 21:02 14,033 --a------ C:\pos3DF.tmp
2007-12-19 21:01 . 2007-12-19 21:01 14,033 --a------ C:\posA.tmp
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Store Purchased
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Shared
2007-12-19 20:29 . 2007-12-21 21:09 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Saved
2007-12-19 20:26 . 2007-12-21 21:10 <DIR> d-------- C:\Program Files\LimeWire
2007-12-19 20:13 . 2007-12-19 20:13 14,033 --a------ C:\posF3.tmp
2007-12-19 20:12 . 2007-12-19 20:13 14,033 --a------ C:\pos43.tmp
2007-12-17 19:33 . 2007-12-17 19:33 <DIR> d-------- C:\Program Files\RCA
2007-12-17 13:20 . 2007-12-22 12:57 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-17 13:16 . 2007-12-17 13:16 <DIR> dr-h----- C:\Documents and Settings\Kyle\Application Data\yahoo!
2007-12-16 17:47 . 2007-08-03 19:31 <DIR> d-------- C:\Documents and Settings\Kyle\WINDOWS
2007-12-16 17:47 . 2007-12-16 17:47 <DIR> d--hs---- C:\Documents and Settings\Kyle\UserData
2007-12-16 17:47 . 2007-08-03 19:36 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\McAfee.com Personal Firewall
2007-12-16 17:44 . 2007-12-16 17:44 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-16 15:22 . 2007-12-22 17:01 2,402 --a------ C:\WINDOWS\wininit.ini
2007-12-16 11:20 . 2007-12-16 19:48 <DIR> d-------- C:\Documents and Settings\jd\Application Data\DivX
2007-12-15 22:16 . 2007-12-16 17:36 <DIR> d-------- C:\Documents and Settings\jd\Application Data\Lavasoft
2007-12-15 19:02 . 2007-12-15 21:51 <DIR> d-------- C:\WINDOWS\system32\shel9
2007-12-15 19:02 . 2007-12-16 11:17 <DIR> d-------- C:\WINDOWS\system32\oc9
2007-12-15 19:02 . 2007-12-15 19:02 <DIR> d-------- C:\WINDOWS\system32\ipd1
2007-12-15 19:02 . 2007-12-16 11:17 <DIR> d-------- C:\WINDOWS\system32\ex1
2007-12-15 19:02 . 2007-12-15 19:02 0 --a------ C:\WINDOWS\system32\z.dat
2007-12-15 19:02 . 2007-12-15 19:02 0 --a------ C:\WINDOWS\system32\x.dat
2007-12-15 19:01 . 2007-12-15 19:01 <DIR> d-------- C:\WINDOWS\system32\ineWc07
2007-12-15 19:01 . 2007-12-24 18:49 <DIR> d-------- C:\Temp
2007-12-11 16:35 . 2007-12-11 16:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 16:35 . 2007-12-11 16:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 16:34 . 2007-12-11 16:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 16:34 . 2007-12-11 16:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 16:34 . 2007-12-11 16:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 16:32 . 2007-12-11 16:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-12-11 16:32 . 2007-12-11 16:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 16:32 . 2007-12-11 16:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-10 19:00 . 2007-12-10 19:00 <DIR> d-------- C:\GMouse20
2007-12-01 23:35 . 2006-09-13 14:52 561,152 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-01 23:35 . 2006-09-13 15:01 237,568 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-01 23:35 . 2005-12-30 15:34 2,864 --a------ C:\WINDOWS\system32\xvid.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 05:26 --------- d-----w C:\Program Files\RegistryFix
2007-12-22 03:09 --------- d-----w C:\Documents and Settings\jd\Application Data\LimeWire
2007-12-18 01:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 19:34 --------- d-----w C:\Program Files\Java
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-08 19:02 --------- d-----w C:\Program Files\Yahoo!
2007-12-02 05:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-18 03:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-18 03:17 --------- d-----w C:\Program Files\rpg2003
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-03 20:22 --------- d-----w C:\Documents and Settings\jd\Application Data\Yahoo!
2007-11-03 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-01 20:04 --------- d-----w C:\Program Files\FileZilla
2007-11-01 14:03 0 ----a-w C:\Documents and Settings\jd\AutoTalkerPro20.exe
2007-10-27 00:15 --------- d-----w C:\Program Files\Zune
2007-09-04 23:56 56 --sh--r C:\WINDOWS\system32\A3D88A52D0.sys
2007-09-04 23:56 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\ex1 ----


---- Directory of C:\WINDOWS\system32\ipd1 ----

2007-12-12 11:31 9302 --a------ C:\WINDOWS\system32\ipd1\zpr121dll.exe

---- Directory of C:\WINDOWS\system32\oc9 ----


---- Directory of C:\WINDOWS\system32\shel9 ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-27 18:09]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 16:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-24 09:44]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-24 01:38]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\Kyle\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\jd\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

R3 atimtai;atimtai;C:\WINDOWS\system32\DRIVERS\atimtai.sys [2001-08-17 06:48]
R3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\EL556ND5.sys [2001-08-17 06:10]
R3 maestro;ESS Maestro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198xdl.sys [2002-06-20 16:53]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2005-06-22 18:54]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 WDHAALBA;WDHAALBAMiniPCI Winmodem;C:\WINDOWS\system32\DRIVERS\WDHAALBA.sys [2001-08-17 07:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0a4aa71-4959-11dc-a30f-0000864da474}]
\Shell\AutoRun\command - D:\setup.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 19:05:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-24 19:07:26 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-24 12:42
.
2007-12-12 01:06:33 --- E O F ---

katana
2007-12-25, 10:15
That's looking a lot better :)
Happy Christmas


Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:




File::
C:\WINDOWS\system32\z.dat
C:\WINDOWS\system32\x.dat
Folder::
C:\WINDOWS\system32\shel9
C:\WINDOWS\system32\oc9
C:\WINDOWS\system32\ipd1
C:\WINDOWS\system32\ex1
C:\WINDOWS\system32\ineWc07

Save this as CFScript.txt and place it on your desktop.


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.




Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/virusscanner

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.



Logs/Information to Post in Reply
Please post the following logs/Information in your reply

ComboFix Log
Kaspersky Log
How are things running now ?

Wizit
2007-12-26, 00:47
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 25, 2007 4:42:36 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/12/2007
Kaspersky Anti-Virus database records: 493598
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\

Scan Statistics:
Total number of scanned objects: 49276
Number of viruses found: 10
Number of infected objects: 52
Number of suspicious objects: 0
Duration of the scan process: 02:03:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw.zip/windows Infected: Trojan.Win32.Zapchast.dt skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw1.zip/windows Infected: Trojan.Win32.Zapchast.dt skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\jd\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package\Autofighter Cheat Package\Hackers\wpeproalpha\wpeproalpha\WPE PRO.exe Infected: Sniffer.Win32.WpePro.f skipped
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package.zip/Autofighter Cheat Package/Hackers/wpeproalpha/wpeproalpha/WPE PRO.exe Infected: Sniffer.Win32.WpePro.f skipped
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package.zip ZIP: infected - 1 skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Microsoft\Zune\CurrentDatabase_365.wmdb Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Yahoo\Widget Engine\Widgets DB\widgets.db Object is locked skipped
C:\Documents and Settings\jd\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\History\History.IE5\MSHist012007122520071226\index.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Temp\Perflib_Perfdata_f18.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jd\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\jd\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ComPlus Applications\qucanob.dll Object is locked skipped
C:\Program Files\ComPlus Applications\qucanob615.dll Object is locked skipped
C:\Program Files\ComPlus Applications\qucanob759.dll Object is locked skipped
C:\Program Files\ComPlus Applications\rtelecirt.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_jd.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_jd.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_jd.log Object is locked skipped
C:\qoobox\Quarantine\C\Documents and Settings\jd\winlogo.exe.vir Infected: Trojan.Win32.VB.bky skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\meqot4444.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\meqot83122.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ipd1\zpr121dll.exe.vir Infected: Trojan-Downloader.Win32.Small.gzs skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\winlogo.exe.vir Infected: Trojan.Win32.VB.bky skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP101\A0067822.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP101\A0067831.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP101\A0067834.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067991.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067994.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067995.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067996.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067998.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067999.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068000.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068003.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068004.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068004.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068005.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068006.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068007.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068007.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP104\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP105\A0068107.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP105\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069420.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069421.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069427.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069428.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP114\A0070425.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP114\A0070426.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP115\A0070439.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP115\A0070440.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP115\A0070441.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP116\A0070450.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070466.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070466.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070467.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070468.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070469.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071467.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071477.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071477.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071478.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071480.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071481.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072467.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072468.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072476.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

Wizit
2007-12-26, 00:50
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 25, 2007 4:42:36 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/12/2007
Kaspersky Anti-Virus database records: 493598
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\

Scan Statistics:
Total number of scanned objects: 49276
Number of viruses found: 10
Number of infected objects: 52
Number of suspicious objects: 0
Duration of the scan process: 02:03:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw.zip/windows Infected: Trojan.Win32.Zapchast.dt skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw1.zip/windows Infected: Trojan.Win32.Zapchast.dt skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\jd\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package\Autofighter Cheat Package\Hackers\wpeproalpha\wpeproalpha\WPE PRO.exe Infected: Sniffer.Win32.WpePro.f skipped
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package.zip/Autofighter Cheat Package/Hackers/wpeproalpha/wpeproalpha/WPE PRO.exe Infected: Sniffer.Win32.WpePro.f skipped
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package.zip ZIP: infected - 1 skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Microsoft\Zune\CurrentDatabase_365.wmdb Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Yahoo\Widget Engine\Widgets DB\widgets.db Object is locked skipped
C:\Documents and Settings\jd\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\History\History.IE5\MSHist012007122520071226\index.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Temp\Perflib_Perfdata_f18.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jd\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\jd\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

Wizit
2007-12-26, 00:51
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ComPlus Applications\qucanob.dll Object is locked skipped
C:\Program Files\ComPlus Applications\qucanob615.dll Object is locked skipped
C:\Program Files\ComPlus Applications\qucanob759.dll Object is locked skipped
C:\Program Files\ComPlus Applications\rtelecirt.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_jd.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_jd.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_jd.log Object is locked skipped
C:\qoobox\Quarantine\C\Documents and Settings\jd\winlogo.exe.vir Infected: Trojan.Win32.VB.bky skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\meqot4444.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\meqot83122.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ipd1\zpr121dll.exe.vir Infected: Trojan-Downloader.Win32.Small.gzs skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\winlogo.exe.vir Infected: Trojan.Win32.VB.bky skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP101\A0067822.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP101\A0067831.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP101\A0067834.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067991.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067994.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067995.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067996.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067998.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067999.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068000.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068003.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068004.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068004.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068005.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068006.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068007.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068007.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP104\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP105\A0068107.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP105\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069420.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069421.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069427.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069428.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP114\A0070425.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP114\A0070426.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP115\A0070439.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP115\A0070440.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP115\A0070441.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP116\A0070450.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070466.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070466.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070467.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070468.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070469.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071467.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071477.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071477.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071478.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071480.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071481.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072467.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072468.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072476.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072476.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072477.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0073467.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0073468.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0073494.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0073494.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0073495.exe Object is locked skipped

Wizit
2007-12-26, 00:52
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP119\A0073497.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP119\A0073497.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP119\A0073499.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP119\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP120\A0073510.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP120\A0073511.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP120\A0073512.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP120\A0073513.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP120\A0073514.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP121\A0073526.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP122\A0073536.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP122\A0073537.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073560.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073561.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073568.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073569.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073570.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073571.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073573.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073574.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073575.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073576.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073577.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073578.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073579.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073580.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073581.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073582.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073583.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073584.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073585.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073586.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073587.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073589.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073590.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP124\A0073631.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP124\A0073632.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP124\A0073639.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP124\A0073640.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP124\A0073641.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP125\A0073690.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP126\A0073746.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP126\A0073749.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP126\A0073751.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP126\A0073752.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP126\A0073760.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP126\A0073762.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP126\A0073768.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073829.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073830.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073888.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073889.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073890.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073891.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073892.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073893.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073894.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073895.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073896.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073897.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073898.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073899.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073900.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073901.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073902.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073903.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073904.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073905.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073906.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073907.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073908.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073909.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073910.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073911.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073912.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073913.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073914.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073915.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073916.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073917.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073918.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073919.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073920.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073921.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073922.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073923.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073924.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073925.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073926.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073927.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073928.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073929.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073930.exe Object is locked skipped

Wizit
2007-12-26, 00:53
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073931.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073932.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073933.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073934.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073935.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073936.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073937.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073938.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073939.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073940.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073941.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073942.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073943.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073944.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073945.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073946.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073947.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073948.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073949.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073950.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073951.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073952.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073953.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073954.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073955.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073956.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073957.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073958.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073959.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073960.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073961.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073962.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073963.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073964.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073965.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073966.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073967.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073968.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073969.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073970.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073971.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073972.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073973.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073974.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073975.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073976.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073977.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073978.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073979.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073980.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073981.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073982.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073983.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073984.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073985.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073986.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073987.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073988.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073989.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073990.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073991.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073992.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073993.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073994.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073995.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073996.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073997.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073998.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073999.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074000.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074001.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074002.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074003.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074004.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074005.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074006.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074007.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074008.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074009.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074010.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074011.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074012.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074013.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074014.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074015.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074016.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074017.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074018.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074019.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\change.log Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP82\A0056661.exe Infected: Sniffer.Win32.WpePro.f skipped

Wizit
2007-12-26, 00:54
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP97\A0066788.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP97\A0067796.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP97\A0067799.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP97\A0067800.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP97\A0067801.exe Object is locked skipped
C:\VundoFix Backups\cfjoyehl.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\dnikvuqv.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\eouqhtkr.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\gijcqsqh.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\hqpjlkrf.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\jscfmmfs.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\keskugxu.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\lvesbntv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\VundoFix Backups\npgktrlm.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\tbgsjiaa.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\tfeayqne.dll.bad Infected: Backdoor.Win32.Agent.dlj skipped
C:\VundoFix Backups\tprwdjxj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\VundoFix Backups\unpdlupp.dll.bad Infected: Backdoor.Win32.Agent.dlj skipped
C:\VundoFix Backups\vdudvqob.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\vptlfctr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\VundoFix Backups\xbsimgda.dll.bad Infected: Backdoor.Win32.Agent.dlj skipped
C:\VundoFix Backups\ygbbpvuu.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{791A0697-DA20-49D7-AD5F-701AB4DE7FB9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe Object is locked skipped

Scan process completed.

Wizit
2007-12-26, 00:55
VundoFix V6.7.7

Checking Java version...

Scan started at 2:42:35 AM 12/24/2007

Listing files found while scanning....

C:\WINDOWS\system32\nwgcxlbw.dll
C:\windows\system32\nwgcxlbw.dllbox

katana
2007-12-26, 01:39
Do you know what this is ?
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package\Autofighter Cheat Package\Hackers\wpeproalpha\wpeproalpha\WPE PRO.exe



Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:



Folder::
C:\VundoFix Backups
File::
C:\WINDOWS\system32\nwgcxlbw.dll
C:\windows\system32\nwgcxlbw.dllbox
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw1.zip
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package.zip
C:\Program Files\ComPlus Applications\rtelecirt.html
Folder::

Save this as CFScript.txt and place it on your desktop.


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


How are things running now ?

Wizit
2007-12-26, 03:11
ComboFix 07-12-21.4 - jd 2007-12-25 19:03:34.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.236 [GMT -6:00]
Running from: C:\Documents and Settings\jd\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jd\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw1.zip
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package.zip
C:\Program Files\ComPlus Applications\rtelecirt.html
C:\WINDOWS\system32\nwgcxlbw.dll
C:\windows\system32\nwgcxlbw.dllbox
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw1.zip
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package.zip
C:\Program Files\ComPlus Applications\rtelecirt.html
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\cfjoyehl.dll.bad
C:\VundoFix Backups\cutcyrpz.dll.bad
C:\VundoFix Backups\cutcyrpz.dllbox.bad
C:\VundoFix Backups\dalprhty.dll.bad
C:\VundoFix Backups\dnikvuqv.dll.bad
C:\VundoFix Backups\enqyaeft.ini.bad
C:\VundoFix Backups\eouqhtkr.dll.bad
C:\VundoFix Backups\gijcqsqh.dll.bad
C:\VundoFix Backups\hqpjlkrf.dll.bad
C:\VundoFix Backups\jscfmmfs.dll.bad
C:\VundoFix Backups\keskugxu.dll.bad
C:\VundoFix Backups\lvesbntv.dll.bad
C:\VundoFix Backups\npgktrlm.dll.bad
C:\VundoFix Backups\ptorrbxj.dll.bad
C:\VundoFix Backups\tbgsjiaa.dll.bad
C:\VundoFix Backups\tfeayqne.dll.bad
C:\VundoFix Backups\tprwdjxj.dll.bad
C:\VundoFix Backups\unpdlupp.dll.bad
C:\VundoFix Backups\vcgunrbq.dll.bad
C:\VundoFix Backups\vdudvqob.dll.bad
C:\VundoFix Backups\vptlfctr.dll.bad
C:\VundoFix Backups\vtnbsevl.ini.bad
C:\VundoFix Backups\xbsimgda.dll.bad
C:\VundoFix Backups\ygbbpvuu.dll.bad

.
((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.

2007-12-25 11:38 . 2007-12-25 13:55 74 --a------ C:\WINDOWS\RCAMPEG4VC.ini
2007-12-25 10:53 . 2007-12-25 10:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-25 10:53 . 2007-12-25 10:53 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-25 10:53 . 2007-12-25 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-24 02:20 . 2007-12-24 02:20 14,033 --a------ C:\posE1C.tmp
2007-12-24 02:12 . 2007-12-24 02:23 <DIR> d-------- C:\Program Files\Runescape Apocalypse Client
2007-12-24 01:39 . 2007-12-24 01:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-24 01:39 . 2007-12-25 13:20 <DIR> d-------- C:\Documents and Settings\jd\Application Data\AVG7
2007-12-24 01:38 . 2007-12-24 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 01:38 . 2007-12-24 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-22 20:25 . 2007-12-22 20:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-21 21:07 . 2007-12-21 21:07 14,033 --a------ C:\posDA8.tmp
2007-12-21 21:06 . 2007-12-21 21:06 14,033 --a------ C:\posC75.tmp
2007-12-21 19:39 . 2007-12-21 19:39 14,033 --a------ C:\posBB7.tmp
2007-12-21 19:38 . 2007-12-21 19:38 14,033 --a------ C:\posAC4.tmp
2007-12-21 16:02 . 2007-12-21 16:02 14,033 --a------ C:\pos9C4.tmp
2007-12-21 16:01 . 2007-12-21 16:01 14,033 --a------ C:\pos94B.tmp
2007-12-21 16:00 . 2007-12-21 16:00 14,033 --a------ C:\pos844.tmp
2007-12-21 13:54 . 2007-12-21 13:54 14,033 --a------ C:\pos5DB.tmp
2007-12-21 13:53 . 2007-12-21 13:53 14,033 --a------ C:\pos4FA.tmp
2007-12-20 15:58 . 2007-12-20 15:58 14,033 --a------ C:\pos811.tmp
2007-12-20 15:57 . 2007-12-20 15:57 14,033 --a------ C:\pos7A4.tmp
2007-12-20 15:56 . 2007-12-20 15:56 14,033 --a------ C:\pos68B.tmp
2007-12-19 21:02 . 2007-12-19 21:02 14,033 --a------ C:\pos3DF.tmp
2007-12-19 21:01 . 2007-12-19 21:01 14,033 --a------ C:\posA.tmp
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Store Purchased
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Shared
2007-12-19 20:29 . 2007-12-25 16:56 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Saved
2007-12-19 20:26 . 2007-12-24 19:23 <DIR> d-------- C:\Program Files\LimeWire
2007-12-19 20:13 . 2007-12-19 20:13 14,033 --a------ C:\posF3.tmp
2007-12-19 20:12 . 2007-12-19 20:13 14,033 --a------ C:\pos43.tmp
2007-12-17 19:33 . 2007-12-17 19:33 <DIR> d-------- C:\Program Files\RCA
2007-12-17 13:20 . 2007-12-22 12:57 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-17 13:16 . 2007-12-17 13:16 <DIR> dr-h----- C:\Documents and Settings\Kyle\Application Data\yahoo!
2007-12-16 17:47 . 2007-08-03 19:31 <DIR> d-------- C:\Documents and Settings\Kyle\WINDOWS
2007-12-16 17:47 . 2007-12-16 17:47 <DIR> d--hs---- C:\Documents and Settings\Kyle\UserData
2007-12-16 17:47 . 2007-08-03 19:36 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\McAfee.com Personal Firewall
2007-12-16 17:44 . 2007-12-16 17:44 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-16 15:22 . 2007-12-22 17:01 2,402 --a------ C:\WINDOWS\wininit.ini
2007-12-16 11:20 . 2007-12-16 19:48 <DIR> d-------- C:\Documents and Settings\jd\Application Data\DivX
2007-12-15 22:16 . 2007-12-16 17:36 <DIR> d-------- C:\Documents and Settings\jd\Application Data\Lavasoft
2007-12-15 19:01 . 2007-12-24 18:49 <DIR> d-------- C:\Temp
2007-12-11 16:35 . 2007-12-11 16:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 16:35 . 2007-12-11 16:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 16:34 . 2007-12-11 16:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 16:34 . 2007-12-11 16:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 16:34 . 2007-12-11 16:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 16:32 . 2007-12-11 16:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-12-11 16:32 . 2007-12-11 16:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 16:32 . 2007-12-11 16:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-10 19:00 . 2007-12-10 19:00 <DIR> d-------- C:\GMouse20
2007-12-01 23:35 . 2006-09-13 14:52 561,152 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-01 23:35 . 2006-09-13 15:01 237,568 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-01 23:35 . 2005-12-30 15:34 2,864 --a------ C:\WINDOWS\system32\xvid.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-25 22:56 --------- d-----w C:\Documents and Settings\jd\Application Data\LimeWire
2007-12-22 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 05:26 --------- d-----w C:\Program Files\RegistryFix
2007-12-18 01:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 19:34 --------- d-----w C:\Program Files\Java
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-08 19:02 --------- d-----w C:\Program Files\Yahoo!
2007-12-02 05:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-18 03:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-18 03:17 --------- d-----w C:\Program Files\rpg2003
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-03 20:22 --------- d-----w C:\Documents and Settings\jd\Application Data\Yahoo!
2007-11-03 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-01 20:04 --------- d-----w C:\Program Files\FileZilla
2007-11-01 14:03 0 ----a-w C:\Documents and Settings\jd\AutoTalkerPro20.exe
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 00:15 --------- d-----w C:\Program Files\Zune
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-09-04 23:56 56 --sh--r C:\WINDOWS\system32\A3D88A52D0.sys
2007-09-04 23:56 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-24_12.41.06.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-27 18:09]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 16:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-24 09:44]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-24 01:38]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\Kyle\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\jd\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

R3 atimtai;atimtai;C:\WINDOWS\system32\DRIVERS\atimtai.sys [2001-08-17 06:48]
R3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\EL556ND5.sys [2001-08-17 06:10]
R3 maestro;ESS Maestro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198xdl.sys [2002-06-20 16:53]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2005-06-22 18:54]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 WDHAALBA;WDHAALBAMiniPCI Winmodem;C:\WINDOWS\system32\DRIVERS\WDHAALBA.sys [2001-08-17 07:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0a4aa71-4959-11dc-a30f-0000864da474}]
\Shell\AutoRun\command - D:\setup.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 19:06:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-25 19:07:39
C:\ComboFix2.txt ... 2007-12-25 09:47
C:\ComboFix3.txt ... 2007-12-24 19:07
.
2007-12-12 01:06:33 --- E O F ---

Wizit
2007-12-26, 08:16
Ummmmmm, when i go to my computer my local disk (C:) has a big red x for a symbol and then it has litteraly thousands of "TMP Files". Whats wierd is that when i go to my windows media player or anything really and open a file from my Local Disk (C:), it works, and i dont see any temp files. Is there a way to fix this? Thx:bigthumb:

katana
2007-12-27, 03:15
Hi Wizit,

SD Fix

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F5 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Wizit
2007-12-27, 19:40
Ok heres the SDFix log,


SDFix: Version 1.119

Run by jd on Thu 12/27/2007 at 07:56 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\PROGRA~1\COMPLU~1\QUCANO~1 - Deleted
C:\PROGRA~1\COMPLU~1\QUCANO~2 - Deleted
C:\DOCUME~1\jd\LOCALS~1\Temp\hdo18.tmp - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 10:11:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 4 Sep 2007 56 ..SHR --- "C:\WINDOWS\system32\A3D88A52D0.sys"
Tue 4 Sep 2007 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 2 Dec 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 26 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 28 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a53bf224a188f23c622431aa5c569c34\BIT1.tmp"

Finished!

Wizit
2007-12-27, 19:41
And heres the new hijackthis log,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:23 AM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Atievxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmhp.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186100614029
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

--
End of file - 5584 bytes

katana
2007-12-27, 22:11
Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:



File::
C:\posDA8.tmp
C:\posC75.tmp
C:\posBB7.tmp
C:\posAC4.tmp
C:\pos9C4.tmp
C:\pos94B.tmp
C:\pos844.tmp
C:\pos5DB.tmp
C:\pos4FA.tmp
C:\pos811.tmp
C:\pos7A4.tmp
C:\pos68B.tmp
C:\pos3DF.tmp
C:\posA.tmp
C:\pos43.tmp
C:\posF3.tmp
C:\WINDOWS\wininit.ini
C:\posE1C.tmp
Driver::
MSControlService
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0a4aa71-4959-11dc-a30f-0000864da474}]

Save this as CFScript.txt and place it on your desktop.


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


find a file
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it findfiles.bat Please save it on your desktop.


@echo off
if exist C:\look*.txt del /q C:\look*.txt
if exist C:\kresults.txt del /q C:\kresults.txt
dir /a "C:\pos???.tmp" >> C:\look.txt
type C:\look*.txt >> C:\kresults.txt
start notepad C:\kresults.txt
del /q C:\look*.txt
del /q findfiles.bat
Exit

Double click findfiles.bat. Notepad will open, copy and paste the contents in your reply.

Wizit
2007-12-28, 02:19
ComboFix 07-12-21.4 - jd 2007-12-27 18:04:09.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.184 [GMT -6:00]
Running from: C:\Documents and Settings\jd\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jd\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\pos3DF.tmp
C:\pos43.tmp
C:\pos4FA.tmp
C:\pos5DB.tmp
C:\pos68B.tmp
C:\pos7A4.tmp
C:\pos811.tmp
C:\pos844.tmp
C:\pos94B.tmp
C:\pos9C4.tmp
C:\posA.tmp
C:\posAC4.tmp
C:\posBB7.tmp
C:\posC75.tmp
C:\posDA8.tmp
C:\posE1C.tmp
C:\posF3.tmp
C:\WINDOWS\wininit.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\pos3DF.tmp
C:\pos43.tmp
C:\pos4FA.tmp
C:\pos5DB.tmp
C:\pos68B.tmp
C:\pos7A4.tmp
C:\pos811.tmp
C:\pos844.tmp
C:\pos94B.tmp
C:\pos9C4.tmp
C:\posA.tmp
C:\WINDOWS\wininit.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSCONTROLSERVICE
-------\MSControlService


((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-27 07:28 . 2007-12-27 07:28 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-26 00:08 . 2007-12-26 00:12 <DIR> d-------- C:\TMP Files
2007-12-25 11:38 . 2007-12-27 07:51 82 --a------ C:\WINDOWS\RCAMPEG4VC.ini
2007-12-25 10:53 . 2007-12-25 10:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-25 10:53 . 2007-12-25 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-24 02:12 . 2007-12-24 02:23 <DIR> d-------- C:\Program Files\Runescape Apocalypse Client
2007-12-24 01:39 . 2007-12-24 01:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-24 01:39 . 2007-12-27 10:18 <DIR> d-------- C:\Documents and Settings\jd\Application Data\AVG7
2007-12-24 01:38 . 2007-12-24 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 01:38 . 2007-12-24 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-22 20:25 . 2007-12-22 20:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-21 21:06 . 2007-12-21 21:06 9,033 --a------ C:\pos9DA.tmp
2007-12-21 21:06 . 2007-12-21 21:06 7,033 --a------ C:\pos9C8.tmp
2007-12-21 21:06 . 2007-12-21 21:06 6,033 --a------ C:\pos9DC.tmp
2007-12-21 21:06 . 2007-12-21 21:06 5,033 --a------ C:\posA8B.tmp
2007-12-21 16:02 . 2007-12-21 16:02 14,033 --a------ C:\pos9C1.tmp
2007-12-21 16:01 . 2007-12-21 16:01 14,033 --a------ C:\pos945.tmp
2007-12-21 16:00 . 2007-12-21 16:00 14,033 --a------ C:\pos83E.tmp
2007-12-21 13:54 . 2007-12-21 13:54 14,033 --a------ C:\pos5D9.tmp
2007-12-21 13:53 . 2007-12-21 13:53 14,033 --a------ C:\pos4EE.tmp
2007-12-20 15:58 . 2007-12-20 15:58 14,033 --a------ C:\pos80F.tmp
2007-12-20 15:57 . 2007-12-20 15:57 14,033 --a------ C:\pos78D.tmp
2007-12-20 15:56 . 2007-12-20 15:56 14,033 --a------ C:\pos68A.tmp
2007-12-19 21:02 . 2007-12-19 21:02 14,033 --a------ C:\pos3D9.tmp
2007-12-19 21:01 . 2007-12-19 21:02 14,033 --a------ C:\pos297.tmp
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Store Purchased
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Shared
2007-12-19 20:29 . 2007-12-27 18:06 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Saved
2007-12-19 20:26 . 2007-12-24 19:23 <DIR> d-------- C:\Program Files\LimeWire
2007-12-19 20:13 . 2007-12-19 20:13 14,033 --a------ C:\posA3.tmp
2007-12-19 20:12 . 2007-12-19 20:13 14,033 --a------ C:\pos3B.tmp
2007-12-17 19:33 . 2007-12-17 19:33 <DIR> d-------- C:\Program Files\RCA
2007-12-17 13:20 . 2007-12-22 12:57 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-17 13:16 . 2007-12-17 13:16 <DIR> dr-h----- C:\Documents and Settings\Kyle\Application Data\yahoo!
2007-12-16 17:47 . 2007-08-03 19:31 <DIR> d-------- C:\Documents and Settings\Kyle\WINDOWS
2007-12-16 17:47 . 2007-12-16 17:47 <DIR> d--hs---- C:\Documents and Settings\Kyle\UserData
2007-12-16 17:47 . 2007-08-03 19:36 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\McAfee.com Personal Firewall
2007-12-16 17:44 . 2007-12-16 17:44 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-16 11:20 . 2007-12-16 19:48 <DIR> d-------- C:\Documents and Settings\jd\Application Data\DivX
2007-12-15 22:16 . 2007-12-16 17:36 <DIR> d-------- C:\Documents and Settings\jd\Application Data\Lavasoft
2007-12-15 19:01 . 2007-12-24 18:49 <DIR> d-------- C:\Temp
2007-12-11 16:35 . 2007-12-11 16:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 16:35 . 2007-12-11 16:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 16:34 . 2007-12-11 16:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 16:34 . 2007-12-11 16:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 16:34 . 2007-12-11 16:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 16:32 . 2007-12-11 16:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-12-11 16:32 . 2007-12-11 16:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 16:32 . 2007-12-11 16:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-10 19:00 . 2007-12-10 19:00 <DIR> d-------- C:\GMouse20
2007-12-01 23:35 . 2006-09-13 14:52 561,152 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-01 23:35 . 2006-09-13 15:01 237,568 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-01 23:35 . 2005-12-30 15:34 2,864 --a------ C:\WINDOWS\system32\xvid.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 13:05 --------- d-----w C:\Documents and Settings\jd\Application Data\LimeWire
2007-12-22 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 05:26 --------- d-----w C:\Program Files\RegistryFix
2007-12-18 01:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 19:34 --------- d-----w C:\Program Files\Java
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-08 19:02 --------- d-----w C:\Program Files\Yahoo!
2007-12-02 05:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-18 03:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-18 03:17 --------- d-----w C:\Program Files\rpg2003
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-03 20:22 --------- d-----w C:\Documents and Settings\jd\Application Data\Yahoo!
2007-11-03 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-01 20:04 --------- d-----w C:\Program Files\FileZilla
2007-11-01 14:03 0 ----a-w C:\Documents and Settings\jd\AutoTalkerPro20.exe
2007-09-04 23:56 56 --sh--r C:\WINDOWS\system32\A3D88A52D0.sys
2007-09-04 23:56 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-24_12.41.06.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-24 06:54:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-27 13:56:09 5,476,352 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2007-12-27 13:56:09 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-12-24 06:54:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-27 13:28:21 5,476,352 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2007-12-27 13:28:21 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-27 18:09]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 16:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-24 09:44]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-24 01:38]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\Kyle\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\jd\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

R3 atimtai;atimtai;C:\WINDOWS\system32\DRIVERS\atimtai.sys [2001-08-17 06:48]
R3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\EL556ND5.sys [2001-08-17 06:10]
R3 maestro;ESS Maestro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198xdl.sys [2002-06-20 16:53]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2005-06-22 18:54]
R3 WDHAALBA;WDHAALBAMiniPCI Winmodem;C:\WINDOWS\system32\DRIVERS\WDHAALBA.sys [2001-08-17 07:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0a4aa71-4959-11dc-a30f-0000864da474}]
\Shell\AutoRun\command - D:\setup.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 18:13:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-27 18:15:21 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-25 19:07
C:\ComboFix3.txt ... 2007-12-25 09:47
.
2007-12-12 01:06:33 --- E O F ---

Wizit
2007-12-28, 02:21
Volume in drive C has no label.
Volume Serial Number is 48F2-F4C7

Directory of C:\

12/19/2007 09:01 PM 9,033 pos1.tmp
12/19/2007 09:01 PM 10,033 pos10.tmp
12/19/2007 08:13 PM 14,033 pos100.tmp
12/19/2007 08:13 PM 12,033 pos101.tmp
12/19/2007 08:13 PM 13,033 pos102.tmp
12/19/2007 08:13 PM 14,033 pos103.tmp
12/19/2007 08:13 PM 5,033 pos104.tmp
12/19/2007 08:13 PM 12,033 pos105.tmp
12/19/2007 08:13 PM 8,033 pos106.tmp
12/19/2007 08:13 PM 9,033 pos107.tmp
12/19/2007 08:13 PM 8,033 pos108.tmp
12/19/2007 08:13 PM 11,033 pos109.tmp
12/19/2007 08:13 PM 6,033 pos10A.tmp
12/19/2007 08:13 PM 13,033 pos10B.tmp
12/19/2007 08:13 PM 14,033 pos10C.tmp
12/19/2007 08:13 PM 13,033 pos10D.tmp
12/19/2007 08:13 PM 13,033 pos10E.tmp
12/19/2007 08:13 PM 5,033 pos10F.tmp
12/19/2007 09:01 PM 11,033 pos11.tmp
12/19/2007 08:13 PM 6,033 pos110.tmp
12/19/2007 08:13 PM 8,033 pos111.tmp
12/19/2007 08:13 PM 6,033 pos112.tmp
12/19/2007 08:13 PM 14,033 pos113.tmp
12/19/2007 08:13 PM 7,033 pos114.tmp
12/19/2007 08:13 PM 10,033 pos115.tmp
12/19/2007 08:13 PM 11,033 pos116.tmp
12/19/2007 08:13 PM 11,033 pos117.tmp
12/19/2007 08:13 PM 10,033 pos118.tmp
12/19/2007 08:13 PM 7,033 pos119.tmp
12/19/2007 08:13 PM 11,033 pos11A.tmp
12/19/2007 08:13 PM 8,033 pos11B.tmp
12/19/2007 08:13 PM 7,033 pos11C.tmp
12/19/2007 08:13 PM 11,033 pos11D.tmp
12/19/2007 08:13 PM 8,033 pos11E.tmp
12/19/2007 08:13 PM 5,033 pos11F.tmp
12/19/2007 09:01 PM 8,033 pos12.tmp
12/19/2007 08:13 PM 7,033 pos120.tmp
12/19/2007 08:13 PM 9,033 pos121.tmp
12/19/2007 08:13 PM 10,033 pos122.tmp
12/19/2007 08:13 PM 14,033 pos123.tmp
12/19/2007 08:13 PM 12,033 pos124.tmp
12/19/2007 08:13 PM 9,033 pos125.tmp
12/19/2007 08:13 PM 5,033 pos126.tmp
12/19/2007 08:13 PM 12,033 pos127.tmp
12/19/2007 08:13 PM 14,033 pos128.tmp
12/19/2007 08:13 PM 13,033 pos129.tmp
12/19/2007 08:13 PM 10,033 pos12A.tmp
12/19/2007 08:13 PM 7,033 pos12B.tmp
12/19/2007 08:13 PM 7,033 pos12C.tmp
12/19/2007 08:13 PM 14,033 pos12D.tmp
12/19/2007 08:13 PM 10,033 pos12E.tmp
12/19/2007 08:13 PM 7,033 pos12F.tmp
12/19/2007 09:01 PM 13,033 pos13.tmp
12/19/2007 08:13 PM 10,033 pos130.tmp
12/19/2007 08:13 PM 7,033 pos131.tmp
12/19/2007 08:13 PM 14,033 pos132.tmp
12/19/2007 08:13 PM 6,033 pos133.tmp
12/19/2007 08:13 PM 9,033 pos134.tmp
12/19/2007 08:13 PM 8,033 pos135.tmp
12/19/2007 08:13 PM 10,033 pos136.tmp
12/19/2007 08:13 PM 9,033 pos137.tmp
12/19/2007 08:13 PM 5,033 pos138.tmp
12/19/2007 08:13 PM 5,033 pos139.tmp
12/19/2007 08:13 PM 13,033 pos13A.tmp
12/19/2007 08:13 PM 10,033 pos13B.tmp
12/19/2007 08:13 PM 5,033 pos13C.tmp
12/19/2007 08:13 PM 12,033 pos13D.tmp
12/19/2007 08:13 PM 11,033 pos13E.tmp
12/19/2007 08:13 PM 12,033 pos13F.tmp
12/19/2007 09:01 PM 7,033 pos14.tmp
12/19/2007 08:13 PM 5,033 pos140.tmp
12/19/2007 08:13 PM 12,033 pos141.tmp
12/19/2007 08:13 PM 13,033 pos142.tmp
12/19/2007 08:13 PM 13,033 pos143.tmp
12/19/2007 08:13 PM 5,033 pos144.tmp
12/19/2007 08:13 PM 12,033 pos145.tmp
12/19/2007 08:13 PM 9,033 pos146.tmp
12/19/2007 08:13 PM 14,033 pos147.tmp
12/19/2007 08:13 PM 13,033 pos148.tmp
12/19/2007 08:13 PM 8,033 pos149.tmp
12/19/2007 08:13 PM 12,033 pos14A.tmp
12/19/2007 08:13 PM 7,033 pos14B.tmp
12/19/2007 08:13 PM 14,033 pos14C.tmp
12/19/2007 08:13 PM 6,033 pos14D.tmp
12/19/2007 08:13 PM 11,033 pos14E.tmp
12/19/2007 08:13 PM 10,033 pos14F.tmp
12/19/2007 09:01 PM 10,033 pos15.tmp
12/19/2007 08:13 PM 8,033 pos150.tmp
12/19/2007 08:13 PM 14,033 pos151.tmp
12/19/2007 08:13 PM 9,033 pos152.tmp
12/19/2007 08:13 PM 14,033 pos153.tmp
12/19/2007 08:13 PM 11,033 pos154.tmp
12/19/2007 08:13 PM 5,033 pos155.tmp
12/19/2007 08:13 PM 10,033 pos156.tmp
12/19/2007 08:13 PM 10,033 pos157.tmp
12/19/2007 08:13 PM 14,033 pos158.tmp
12/19/2007 08:13 PM 7,033 pos159.tmp
12/19/2007 08:13 PM 14,033 pos15A.tmp
12/19/2007 08:13 PM 7,033 pos15B.tmp
12/19/2007 08:13 PM 6,033 pos15C.tmp
12/19/2007 08:13 PM 8,033 pos15D.tmp
12/19/2007 08:13 PM 6,033 pos15E.tmp
12/19/2007 08:13 PM 8,033 pos15F.tmp
12/19/2007 09:01 PM 8,033 pos16.tmp
12/19/2007 08:13 PM 12,033 pos160.tmp
12/19/2007 08:13 PM 11,033 pos161.tmp
12/19/2007 08:13 PM 9,033 pos162.tmp
12/19/2007 08:13 PM 13,033 pos163.tmp
12/19/2007 08:13 PM 11,033 pos164.tmp
12/19/2007 08:13 PM 9,033 pos165.tmp
12/19/2007 08:13 PM 6,033 pos166.tmp
12/19/2007 08:13 PM 13,033 pos167.tmp
12/19/2007 08:13 PM 8,033 pos168.tmp
12/19/2007 08:13 PM 11,033 pos169.tmp
12/19/2007 08:13 PM 11,033 pos16A.tmp
12/19/2007 08:13 PM 8,033 pos16B.tmp
12/19/2007 08:13 PM 6,033 pos16C.tmp
12/19/2007 08:13 PM 14,033 pos16D.tmp
12/19/2007 08:13 PM 10,033 pos16E.tmp
12/19/2007 08:13 PM 9,033 pos16F.tmp
12/19/2007 09:01 PM 13,033 pos17.tmp
12/19/2007 08:13 PM 13,033 pos170.tmp
12/19/2007 08:13 PM 14,033 pos171.tmp
12/19/2007 08:13 PM 11,033 pos172.tmp
12/19/2007 08:13 PM 14,033 pos173.tmp
12/19/2007 08:13 PM 10,033 pos174.tmp
12/19/2007 08:13 PM 13,033 pos175.tmp
12/19/2007 08:13 PM 12,033 pos176.tmp
12/19/2007 08:13 PM 9,033 pos177.tmp
12/19/2007 08:13 PM 12,033 pos178.tmp
12/19/2007 08:13 PM 13,033 pos179.tmp
12/19/2007 08:13 PM 5,033 pos17A.tmp
12/19/2007 08:13 PM 13,033 pos17B.tmp
12/19/2007 08:13 PM 6,033 pos17C.tmp
12/19/2007 08:13 PM 7,033 pos17D.tmp
12/19/2007 08:13 PM 11,033 pos17E.tmp
12/19/2007 08:13 PM 12,033 pos17F.tmp
12/19/2007 09:01 PM 8,033 pos18.tmp
12/19/2007 08:13 PM 13,033 pos180.tmp
12/19/2007 08:13 PM 9,033 pos181.tmp
12/19/2007 08:13 PM 8,033 pos182.tmp
12/19/2007 08:13 PM 11,033 pos183.tmp
12/19/2007 08:13 PM 9,033 pos184.tmp
12/19/2007 08:13 PM 12,033 pos185.tmp
12/19/2007 08:13 PM 7,033 pos186.tmp
12/19/2007 08:13 PM 13,033 pos187.tmp
12/19/2007 08:13 PM 14,033 pos188.tmp
12/19/2007 08:13 PM 5,033 pos189.tmp
12/19/2007 08:13 PM 9,033 pos18A.tmp
12/19/2007 08:13 PM 8,033 pos18B.tmp
12/19/2007 08:13 PM 14,033 pos18C.tmp
12/19/2007 08:13 PM 11,033 pos18D.tmp
12/19/2007 08:13 PM 10,033 pos18E.tmp
12/19/2007 08:13 PM 14,033 pos18F.tmp
12/19/2007 09:01 PM 11,033 pos19.tmp
12/19/2007 08:13 PM 8,033 pos190.tmp
12/19/2007 08:13 PM 11,033 pos191.tmp
12/19/2007 08:13 PM 5,033 pos192.tmp
12/19/2007 08:13 PM 6,033 pos193.tmp
12/19/2007 08:13 PM 12,033 pos194.tmp
12/19/2007 08:13 PM 9,033 pos195.tmp
12/19/2007 08:13 PM 10,033 pos196.tmp
12/19/2007 08:13 PM 7,033 pos197.tmp
12/19/2007 08:13 PM 5,033 pos198.tmp
12/19/2007 08:13 PM 8,033 pos199.tmp
12/19/2007 08:13 PM 12,033 pos19A.tmp
12/19/2007 08:13 PM 9,033 pos19B.tmp
12/19/2007 08:13 PM 12,033 pos19C.tmp
12/19/2007 08:13 PM 12,033 pos19D.tmp
12/19/2007 08:13 PM 10,033 pos19E.tmp
12/19/2007 08:13 PM 14,033 pos19F.tmp
12/19/2007 09:01 PM 10,033 pos1A.tmp
12/19/2007 08:13 PM 11,033 pos1A0.tmp
12/19/2007 08:13 PM 5,033 pos1A1.tmp
12/19/2007 08:13 PM 11,033 pos1A2.tmp
12/19/2007 08:13 PM 5,033 pos1A3.tmp
12/19/2007 08:13 PM 6,033 pos1A4.tmp
12/19/2007 08:13 PM 11,033 pos1A5.tmp
12/19/2007 08:13 PM 8,033 pos1A6.tmp
12/19/2007 08:13 PM 12,033 pos1A7.tmp
12/19/2007 08:13 PM 11,033 pos1A8.tmp
12/19/2007 08:13 PM 9,033 pos1A9.tmp
12/19/2007 08:13 PM 10,033 pos1AA.tmp
12/19/2007 08:13 PM 5,033 pos1AB.tmp
12/19/2007 08:13 PM 11,033 pos1AC.tmp
12/19/2007 08:13 PM 14,033 pos1AD.tmp
12/19/2007 08:13 PM 11,033 pos1AE.tmp
12/19/2007 08:13 PM 13,033 pos1AF.tmp
12/19/2007 09:01 PM 13,033 pos1B.tmp
12/19/2007 08:13 PM 12,033 pos1B0.tmp
12/19/2007 08:13 PM 12,033 pos1B1.tmp
12/19/2007 08:13 PM 5,033 pos1B2.tmp
12/19/2007 08:13 PM 8,033 pos1B3.tmp
12/19/2007 08:13 PM 14,033 pos1B4.tmp
12/19/2007 08:13 PM 10,033 pos1B5.tmp
12/19/2007 08:13 PM 12,033 pos1B6.tmp

Wizit
2007-12-28, 02:23
12/19/2007 08:13 PM 10,033 pos1B7.tmp
12/19/2007 08:13 PM 7,033 pos1B8.tmp
12/19/2007 08:13 PM 5,033 pos1B9.tmp
12/19/2007 08:13 PM 8,033 pos1BA.tmp
12/19/2007 08:13 PM 10,033 pos1BB.tmp
12/19/2007 08:13 PM 7,033 pos1BC.tmp
12/19/2007 08:13 PM 12,033 pos1BD.tmp
12/19/2007 08:13 PM 12,033 pos1BE.tmp
12/19/2007 08:13 PM 5,033 pos1BF.tmp
12/19/2007 09:01 PM 11,033 pos1C.tmp
12/19/2007 08:13 PM 11,033 pos1C0.tmp
12/19/2007 08:13 PM 5,033 pos1C1.tmp
12/19/2007 08:13 PM 8,033 pos1C2.tmp
12/19/2007 08:13 PM 9,033 pos1C3.tmp
12/19/2007 08:13 PM 9,033 pos1C4.tmp
12/19/2007 08:13 PM 10,033 pos1C5.tmp
12/19/2007 08:13 PM 14,033 pos1C6.tmp
12/19/2007 08:13 PM 11,033 pos1C7.tmp
12/19/2007 08:13 PM 6,033 pos1C8.tmp
12/19/2007 08:13 PM 9,033 pos1C9.tmp
12/19/2007 08:13 PM 13,033 pos1CA.tmp
12/19/2007 08:13 PM 9,033 pos1CB.tmp
12/19/2007 08:13 PM 6,033 pos1CC.tmp
12/19/2007 08:13 PM 13,033 pos1CD.tmp
12/19/2007 08:13 PM 6,033 pos1CE.tmp
12/19/2007 08:13 PM 14,033 pos1CF.tmp
12/19/2007 09:01 PM 7,033 pos1D.tmp
12/19/2007 08:13 PM 6,033 pos1D0.tmp
12/19/2007 08:13 PM 12,033 pos1D1.tmp
12/19/2007 08:13 PM 10,033 pos1D2.tmp
12/19/2007 08:13 PM 8,033 pos1D3.tmp
12/19/2007 08:13 PM 6,033 pos1D4.tmp
12/19/2007 08:13 PM 10,033 pos1D5.tmp
12/19/2007 08:13 PM 9,033 pos1D6.tmp
12/19/2007 08:13 PM 6,033 pos1D7.tmp
12/19/2007 08:13 PM 8,033 pos1D8.tmp
12/19/2007 08:13 PM 14,033 pos1D9.tmp
12/19/2007 08:13 PM 6,033 pos1DA.tmp
12/19/2007 08:13 PM 10,033 pos1DB.tmp
12/19/2007 08:13 PM 8,033 pos1DC.tmp
12/19/2007 08:13 PM 14,033 pos1DD.tmp
12/19/2007 08:13 PM 9,033 pos1DE.tmp
12/19/2007 08:13 PM 9,033 pos1DF.tmp
12/19/2007 09:01 PM 12,033 pos1E.tmp
12/19/2007 08:13 PM 11,033 pos1E0.tmp
12/19/2007 08:13 PM 12,033 pos1E1.tmp
12/19/2007 08:13 PM 6,033 pos1E2.tmp
12/19/2007 08:13 PM 12,033 pos1E3.tmp
12/19/2007 08:13 PM 13,033 pos1E4.tmp
12/19/2007 08:13 PM 9,033 pos1E5.tmp
12/19/2007 08:13 PM 11,033 pos1E6.tmp
12/19/2007 08:13 PM 11,033 pos1E7.tmp
12/19/2007 08:13 PM 12,033 pos1E8.tmp
12/19/2007 08:13 PM 11,033 pos1E9.tmp
12/19/2007 08:13 PM 10,033 pos1EA.tmp
12/19/2007 08:13 PM 11,033 pos1EB.tmp
12/19/2007 08:13 PM 7,033 pos1EC.tmp
12/19/2007 08:13 PM 6,033 pos1ED.tmp
12/19/2007 08:13 PM 8,033 pos1EE.tmp
12/19/2007 08:13 PM 14,033 pos1EF.tmp
12/19/2007 09:01 PM 5,033 pos1F.tmp
12/19/2007 08:13 PM 9,033 pos1F0.tmp
12/19/2007 08:13 PM 11,033 pos1F1.tmp
12/19/2007 08:13 PM 7,033 pos1F2.tmp
12/19/2007 08:13 PM 14,033 pos1F3.tmp
12/19/2007 08:13 PM 7,033 pos1F4.tmp
12/19/2007 08:13 PM 12,033 pos1F5.tmp
12/19/2007 08:13 PM 7,033 pos1F6.tmp
12/19/2007 08:13 PM 7,033 pos1F7.tmp
12/19/2007 08:13 PM 9,033 pos1F8.tmp
12/19/2007 08:13 PM 6,033 pos1F9.tmp
12/19/2007 08:13 PM 10,033 pos1FA.tmp
12/19/2007 08:13 PM 11,033 pos1FB.tmp
12/19/2007 08:13 PM 14,033 pos1FC.tmp
12/19/2007 08:13 PM 6,033 pos1FD.tmp
12/19/2007 08:13 PM 11,033 pos1FE.tmp
12/19/2007 08:13 PM 12,033 pos1FF.tmp
12/19/2007 09:01 PM 11,033 pos2.tmp
12/19/2007 09:01 PM 9,033 pos20.tmp
12/19/2007 08:13 PM 7,033 pos200.tmp
12/19/2007 08:13 PM 11,033 pos201.tmp
12/19/2007 08:13 PM 9,033 pos202.tmp
12/19/2007 08:13 PM 12,033 pos203.tmp
12/19/2007 08:13 PM 11,033 pos204.tmp
12/19/2007 08:13 PM 10,033 pos205.tmp
12/19/2007 08:13 PM 10,033 pos206.tmp
12/19/2007 08:13 PM 6,033 pos207.tmp
12/19/2007 08:13 PM 6,033 pos208.tmp
12/19/2007 08:13 PM 6,033 pos209.tmp
12/19/2007 08:13 PM 5,033 pos20A.tmp
12/19/2007 08:13 PM 11,033 pos20B.tmp
12/19/2007 08:13 PM 11,033 pos20C.tmp
12/19/2007 08:13 PM 13,033 pos20D.tmp
12/19/2007 08:13 PM 5,033 pos20E.tmp
12/19/2007 08:13 PM 14,033 pos20F.tmp
12/19/2007 09:01 PM 5,033 pos21.tmp
12/19/2007 08:13 PM 9,033 pos210.tmp
12/19/2007 08:13 PM 6,033 pos211.tmp
12/19/2007 08:13 PM 9,033 pos212.tmp
12/19/2007 08:13 PM 10,033 pos213.tmp
12/19/2007 08:13 PM 14,033 pos214.tmp
12/19/2007 08:13 PM 13,033 pos215.tmp
12/19/2007 08:13 PM 7,033 pos216.tmp
12/19/2007 08:13 PM 9,033 pos217.tmp
12/19/2007 08:13 PM 8,033 pos218.tmp
12/19/2007 08:13 PM 8,033 pos219.tmp
12/19/2007 08:13 PM 14,033 pos21A.tmp
12/19/2007 08:13 PM 7,033 pos21B.tmp
12/19/2007 08:13 PM 12,033 pos21C.tmp
12/19/2007 08:13 PM 6,033 pos21D.tmp
12/19/2007 08:13 PM 10,033 pos21E.tmp
12/19/2007 08:13 PM 11,033 pos21F.tmp
12/19/2007 09:01 PM 8,033 pos22.tmp
12/19/2007 09:01 PM 12,033 pos220.tmp
12/19/2007 09:01 PM 5,033 pos221.tmp
12/19/2007 09:01 PM 5,033 pos222.tmp
12/19/2007 09:01 PM 11,033 pos223.tmp
12/19/2007 09:01 PM 14,033 pos224.tmp
12/19/2007 09:01 PM 14,033 pos225.tmp
12/19/2007 09:01 PM 9,033 pos226.tmp
12/19/2007 09:01 PM 11,033 pos227.tmp
12/19/2007 09:01 PM 12,033 pos228.tmp
12/19/2007 09:01 PM 6,033 pos229.tmp
12/19/2007 09:01 PM 8,033 pos22A.tmp
12/19/2007 09:01 PM 10,033 pos22B.tmp
12/19/2007 09:01 PM 5,033 pos22C.tmp
12/19/2007 09:01 PM 6,033 pos22D.tmp
12/19/2007 09:01 PM 10,033 pos22E.tmp
12/19/2007 09:01 PM 11,033 pos22F.tmp
12/19/2007 09:01 PM 5,033 pos23.tmp
12/19/2007 09:01 PM 13,033 pos230.tmp
12/19/2007 09:01 PM 14,033 pos231.tmp
12/19/2007 09:01 PM 7,033 pos232.tmp
12/19/2007 09:01 PM 10,033 pos233.tmp
12/19/2007 09:01 PM 10,033 pos234.tmp
12/19/2007 09:01 PM 10,033 pos235.tmp
12/19/2007 09:01 PM 8,033 pos236.tmp
12/19/2007 09:01 PM 9,033 pos237.tmp
12/19/2007 09:01 PM 10,033 pos238.tmp
12/19/2007 09:01 PM 6,033 pos239.tmp
12/19/2007 09:01 PM 5,033 pos23A.tmp
12/19/2007 09:01 PM 6,033 pos23B.tmp
12/19/2007 09:01 PM 5,033 pos23C.tmp
12/19/2007 09:01 PM 11,033 pos23D.tmp
12/19/2007 09:01 PM 8,033 pos23E.tmp
12/19/2007 09:01 PM 9,033 pos23F.tmp
12/19/2007 09:01 PM 11,033 pos24.tmp
12/19/2007 09:01 PM 5,033 pos240.tmp
12/19/2007 09:01 PM 6,033 pos241.tmp
12/19/2007 09:01 PM 5,033 pos242.tmp
12/19/2007 09:01 PM 6,033 pos243.tmp
12/19/2007 09:01 PM 14,033 pos244.tmp
12/19/2007 09:01 PM 5,033 pos245.tmp
12/19/2007 09:01 PM 10,033 pos246.tmp
12/19/2007 09:01 PM 12,033 pos247.tmp
12/19/2007 09:01 PM 9,033 pos248.tmp
12/19/2007 09:01 PM 12,033 pos249.tmp
12/19/2007 09:01 PM 12,033 pos24A.tmp
12/19/2007 09:01 PM 7,033 pos24B.tmp
12/19/2007 09:01 PM 13,033 pos24C.tmp
12/19/2007 09:01 PM 9,033 pos24D.tmp
12/19/2007 09:01 PM 13,033 pos24E.tmp
12/19/2007 09:01 PM 8,033 pos24F.tmp
12/19/2007 09:01 PM 10,033 pos25.tmp
12/19/2007 09:01 PM 11,033 pos250.tmp
12/19/2007 09:01 PM 6,033 pos251.tmp
12/19/2007 09:01 PM 11,033 pos252.tmp
12/19/2007 09:01 PM 9,033 pos253.tmp
12/19/2007 09:01 PM 5,033 pos254.tmp
12/19/2007 09:01 PM 14,033 pos255.tmp
12/19/2007 09:01 PM 13,033 pos256.tmp
12/19/2007 09:01 PM 9,033 pos257.tmp
12/19/2007 09:01 PM 11,033 pos258.tmp
12/19/2007 09:01 PM 13,033 pos259.tmp
12/19/2007 09:01 PM 13,033 pos25A.tmp
12/19/2007 09:01 PM 8,033 pos25B.tmp
12/19/2007 09:01 PM 11,033 pos25C.tmp
12/19/2007 09:01 PM 14,033 pos25D.tmp
12/19/2007 09:01 PM 10,033 pos25E.tmp
12/19/2007 09:01 PM 11,033 pos25F.tmp
12/19/2007 09:01 PM 12,033 pos26.tmp
12/19/2007 09:01 PM 5,033 pos260.tmp
12/19/2007 09:01 PM 13,033 pos261.tmp
12/19/2007 09:01 PM 9,033 pos262.tmp
12/19/2007 09:01 PM 13,033 pos263.tmp
12/19/2007 09:01 PM 9,033 pos264.tmp
12/19/2007 09:01 PM 8,033 pos265.tmp
12/19/2007 09:01 PM 11,033 pos266.tmp
12/19/2007 09:01 PM 10,033 pos267.tmp
12/19/2007 09:01 PM 10,033 pos268.tmp
12/19/2007 09:01 PM 9,033 pos269.tmp
12/19/2007 09:01 PM 6,033 pos26A.tmp
12/19/2007 09:01 PM 5,033 pos26B.tmp
12/19/2007 09:01 PM 7,033 pos26C.tmp
12/19/2007 09:01 PM 7,033 pos26D.tmp
12/19/2007 09:01 PM 7,033 pos26E.tmp
12/19/2007 09:01 PM 8,033 pos26F.tmp
12/19/2007 09:01 PM 8,033 pos27.tmp
12/19/2007 09:01 PM 12,033 pos270.tmp
12/19/2007 09:01 PM 13,033 pos271.tmp
12/19/2007 09:01 PM 10,033 pos272.tmp
12/19/2007 09:01 PM 12,033 pos273.tmp
12/19/2007 09:01 PM 13,033 pos274.tmp
12/19/2007 09:01 PM 11,033 pos275.tmp
12/19/2007 09:01 PM 5,033 pos276.tmp
12/19/2007 09:01 PM 7,033 pos277.tmp
12/19/2007 09:01 PM 7,033 pos278.tmp
12/19/2007 09:01 PM 8,033 pos279.tmp
12/19/2007 09:01 PM 14,033 pos27A.tmp
12/19/2007 09:02 PM 6,033 pos27B.tmp
12/19/2007 09:02 PM 11,033 pos27C.tmp
12/19/2007 09:02 PM 8,033 pos27D.tmp
12/19/2007 09:02 PM 12,033 pos27E.tmp
12/19/2007 09:02 PM 12,033 pos27F.tmp
12/19/2007 09:01 PM 14,033 pos28.tmp
12/19/2007 09:02 PM 5,033 pos280.tmp
12/19/2007 09:02 PM 9,033 pos281.tmp
12/19/2007 09:02 PM 5,033 pos282.tmp
12/19/2007 09:02 PM 10,033 pos283.tmp
12/19/2007 09:02 PM 10,033 pos284.tmp
12/19/2007 09:02 PM 8,033 pos285.tmp
12/19/2007 09:02 PM 7,033 pos286.tmp
12/19/2007 09:02 PM 12,033 pos287.tmp
12/19/2007 09:02 PM 12,033 pos288.tmp
12/19/2007 09:02 PM 7,033 pos289.tmp
12/19/2007 09:02 PM 12,033 pos28A.tmp
12/19/2007 09:02 PM 14,033 pos28B.tmp
12/19/2007 09:02 PM 10,033 pos28C.tmp
12/19/2007 09:02 PM 6,033 pos28D.tmp
12/19/2007 09:02 PM 14,033 pos28E.tmp
12/19/2007 09:02 PM 9,033 pos28F.tmp
12/19/2007 09:01 PM 8,033 pos29.tmp
12/19/2007 09:02 PM 11,033 pos290.tmp
12/19/2007 09:02 PM 8,033 pos291.tmp
12/19/2007 09:02 PM 13,033 pos292.tmp
12/19/2007 09:02 PM 11,033 pos293.tmp
12/19/2007 09:02 PM 8,033 pos294.tmp
12/19/2007 09:02 PM 8,033 pos295.tmp
12/19/2007 09:02 PM 8,033 pos296.tmp
12/19/2007 09:02 PM 14,033 pos297.tmp
12/19/2007 09:02 PM 11,033 pos298.tmp
12/19/2007 09:02 PM 11,033 pos299.tmp
12/19/2007 09:02 PM 6,033 pos29A.tmp
12/19/2007 09:02 PM 13,033 pos29B.tmp
12/19/2007 09:02 PM 8,033 pos29C.tmp
12/19/2007 09:02 PM 12,033 pos29D.tmp
12/19/2007 09:02 PM 12,033 pos29E.tmp
12/19/2007 09:02 PM 12,033 pos29F.tmp
12/19/2007 08:12 PM 5,033 pos2A.tmp
12/19/2007 09:02 PM 13,033 pos2A0.tmp
12/19/2007 09:02 PM 14,033 pos2A1.tmp
12/19/2007 09:02 PM 13,033 pos2A2.tmp
12/19/2007 09:02 PM 9,033 pos2A3.tmp
12/19/2007 09:02 PM 12,033 pos2A4.tmp
12/19/2007 09:02 PM 8,033 pos2A5.tmp
12/19/2007 09:02 PM 7,033 pos2A6.tmp
12/19/2007 09:02 PM 8,033 pos2A7.tmp
12/19/2007 09:02 PM 8,033 pos2A8.tmp
12/19/2007 09:02 PM 6,033 pos2A9.tmp
12/19/2007 09:02 PM 10,033 pos2AA.tmp
12/19/2007 09:02 PM 10,033 pos2AB.tmp

Wizit
2007-12-28, 02:24
12/19/2007 09:02 PM 5,033 pos2AC.tmp
12/19/2007 09:02 PM 11,033 pos2AD.tmp
12/19/2007 09:02 PM 10,033 pos2AE.tmp
12/19/2007 09:02 PM 14,033 pos2AF.tmp
12/19/2007 08:12 PM 13,033 pos2B.tmp
12/19/2007 09:02 PM 13,033 pos2B0.tmp
12/19/2007 09:02 PM 6,033 pos2B1.tmp
12/19/2007 09:02 PM 10,033 pos2B2.tmp
12/19/2007 09:02 PM 7,033 pos2B3.tmp
12/19/2007 09:02 PM 11,033 pos2B4.tmp
12/19/2007 09:02 PM 13,033 pos2B5.tmp
12/19/2007 09:02 PM 12,033 pos2B6.tmp
12/19/2007 09:02 PM 12,033 pos2B7.tmp
12/19/2007 09:02 PM 9,033 pos2B8.tmp
12/19/2007 09:02 PM 14,033 pos2B9.tmp
12/19/2007 09:02 PM 14,033 pos2BA.tmp
12/19/2007 09:02 PM 8,033 pos2BB.tmp
12/19/2007 09:02 PM 14,033 pos2BC.tmp
12/19/2007 09:02 PM 9,033 pos2BD.tmp
12/19/2007 09:02 PM 9,033 pos2BE.tmp
12/19/2007 09:02 PM 13,033 pos2BF.tmp
12/19/2007 09:01 PM 12,033 pos2C.tmp
12/19/2007 09:02 PM 12,033 pos2C0.tmp
12/19/2007 09:02 PM 13,033 pos2C1.tmp
12/19/2007 09:02 PM 11,033 pos2C2.tmp
12/19/2007 09:02 PM 7,033 pos2C3.tmp
12/19/2007 09:02 PM 8,033 pos2C4.tmp
12/19/2007 09:02 PM 12,033 pos2C5.tmp
12/19/2007 09:02 PM 9,033 pos2C6.tmp
12/19/2007 09:02 PM 10,033 pos2C7.tmp
12/19/2007 09:02 PM 9,033 pos2C8.tmp
12/19/2007 09:02 PM 13,033 pos2C9.tmp
12/19/2007 09:02 PM 13,033 pos2CA.tmp
12/19/2007 09:02 PM 14,033 pos2CB.tmp
12/19/2007 09:02 PM 7,033 pos2CC.tmp
12/19/2007 09:02 PM 13,033 pos2CD.tmp
12/19/2007 09:02 PM 12,033 pos2CE.tmp
12/19/2007 09:02 PM 12,033 pos2CF.tmp
12/19/2007 08:12 PM 9,033 pos2D.tmp
12/19/2007 09:02 PM 11,033 pos2D0.tmp
12/19/2007 09:02 PM 5,033 pos2D1.tmp
12/19/2007 09:02 PM 13,033 pos2D2.tmp
12/19/2007 09:02 PM 8,033 pos2D3.tmp
12/19/2007 09:02 PM 13,033 pos2D4.tmp
12/19/2007 09:02 PM 6,033 pos2D5.tmp
12/19/2007 09:02 PM 9,033 pos2D6.tmp
12/19/2007 09:02 PM 12,033 pos2D7.tmp
12/19/2007 09:02 PM 10,033 pos2D8.tmp
12/19/2007 09:02 PM 13,033 pos2D9.tmp
12/19/2007 09:02 PM 12,033 pos2DA.tmp
12/19/2007 09:02 PM 11,033 pos2DB.tmp
12/19/2007 09:02 PM 6,033 pos2DC.tmp
12/19/2007 09:02 PM 7,033 pos2DD.tmp
12/19/2007 09:02 PM 11,033 pos2DE.tmp
12/19/2007 09:02 PM 7,033 pos2DF.tmp
12/19/2007 08:12 PM 6,033 pos2E.tmp
12/19/2007 09:02 PM 5,033 pos2E0.tmp
12/19/2007 09:02 PM 7,033 pos2E1.tmp
12/19/2007 09:02 PM 7,033 pos2E2.tmp
12/19/2007 09:02 PM 7,033 pos2E3.tmp
12/19/2007 09:02 PM 11,033 pos2E4.tmp
12/19/2007 09:02 PM 10,033 pos2E5.tmp
12/19/2007 09:02 PM 6,033 pos2E6.tmp
12/19/2007 09:02 PM 9,033 pos2E7.tmp
12/19/2007 09:02 PM 6,033 pos2E8.tmp
12/19/2007 09:02 PM 11,033 pos2E9.tmp
12/19/2007 09:02 PM 7,033 pos2EA.tmp
12/19/2007 09:02 PM 8,033 pos2EB.tmp
12/19/2007 09:02 PM 13,033 pos2EC.tmp
12/19/2007 09:02 PM 14,033 pos2ED.tmp
12/19/2007 09:02 PM 10,033 pos2EE.tmp
12/19/2007 09:02 PM 5,033 pos2EF.tmp
12/19/2007 08:12 PM 12,033 pos2F.tmp
12/19/2007 09:02 PM 6,033 pos2F0.tmp
12/19/2007 09:02 PM 6,033 pos2F1.tmp
12/19/2007 09:02 PM 8,033 pos2F2.tmp
12/19/2007 09:02 PM 8,033 pos2F3.tmp
12/19/2007 09:02 PM 7,033 pos2F4.tmp
12/19/2007 09:02 PM 8,033 pos2F5.tmp
12/19/2007 09:02 PM 14,033 pos2F6.tmp
12/19/2007 09:02 PM 12,033 pos2F7.tmp
12/19/2007 09:02 PM 6,033 pos2F8.tmp
12/19/2007 09:02 PM 13,033 pos2F9.tmp
12/19/2007 09:02 PM 12,033 pos2FA.tmp
12/19/2007 09:02 PM 14,033 pos2FB.tmp
12/19/2007 09:02 PM 14,033 pos2FC.tmp
12/19/2007 09:02 PM 6,033 pos2FD.tmp
12/19/2007 09:02 PM 5,033 pos2FE.tmp
12/19/2007 09:02 PM 13,033 pos2FF.tmp
12/19/2007 09:01 PM 7,033 pos3.tmp
12/19/2007 08:12 PM 6,033 pos30.tmp
12/19/2007 09:02 PM 11,033 pos300.tmp
12/19/2007 09:02 PM 5,033 pos301.tmp
12/19/2007 09:02 PM 13,033 pos302.tmp
12/19/2007 09:02 PM 6,033 pos303.tmp
12/19/2007 09:02 PM 13,033 pos304.tmp
12/19/2007 09:02 PM 5,033 pos305.tmp
12/19/2007 09:02 PM 6,033 pos306.tmp
12/19/2007 09:02 PM 11,033 pos307.tmp
12/19/2007 09:02 PM 14,033 pos308.tmp
12/19/2007 09:02 PM 13,033 pos309.tmp
12/19/2007 09:02 PM 7,033 pos30A.tmp
12/19/2007 09:02 PM 6,033 pos30B.tmp
12/19/2007 09:02 PM 10,033 pos30C.tmp
12/19/2007 09:02 PM 9,033 pos30D.tmp
12/19/2007 09:02 PM 12,033 pos30E.tmp
12/19/2007 09:02 PM 13,033 pos30F.tmp
12/19/2007 08:12 PM 6,033 pos31.tmp
12/19/2007 09:02 PM 11,033 pos310.tmp
12/19/2007 09:02 PM 12,033 pos311.tmp
12/19/2007 09:02 PM 7,033 pos312.tmp
12/19/2007 09:02 PM 8,033 pos313.tmp
12/19/2007 09:02 PM 8,033 pos314.tmp
12/19/2007 09:02 PM 8,033 pos315.tmp
12/20/2007 11:21 AM 11,033 pos316.tmp
12/20/2007 11:21 AM 6,033 pos317.tmp
12/20/2007 11:21 AM 6,033 pos318.tmp
12/20/2007 11:21 AM 8,033 pos319.tmp
12/20/2007 11:21 AM 7,033 pos31A.tmp
12/20/2007 11:21 AM 7,033 pos31B.tmp
12/20/2007 11:21 AM 5,033 pos31C.tmp
12/20/2007 11:21 AM 8,033 pos31D.tmp
12/20/2007 11:21 AM 11,033 pos31E.tmp
12/20/2007 11:21 AM 12,033 pos31F.tmp
12/19/2007 08:12 PM 8,033 pos32.tmp
12/19/2007 09:02 PM 5,033 pos320.tmp
12/19/2007 09:02 PM 7,033 pos321.tmp
12/19/2007 09:02 PM 5,033 pos322.tmp
12/19/2007 09:02 PM 9,033 pos323.tmp
12/19/2007 09:02 PM 9,033 pos324.tmp
12/19/2007 09:02 PM 12,033 pos325.tmp
12/19/2007 09:02 PM 9,033 pos326.tmp
12/19/2007 09:02 PM 5,033 pos327.tmp
12/19/2007 09:02 PM 6,033 pos328.tmp
12/19/2007 09:02 PM 7,033 pos329.tmp
12/19/2007 09:02 PM 12,033 pos32A.tmp
12/19/2007 09:02 PM 10,033 pos32B.tmp
12/19/2007 09:02 PM 14,033 pos32C.tmp
12/19/2007 09:02 PM 5,033 pos32D.tmp
12/19/2007 09:02 PM 12,033 pos32E.tmp
12/19/2007 09:02 PM 12,033 pos32F.tmp
12/19/2007 08:12 PM 13,033 pos33.tmp
12/19/2007 09:02 PM 8,033 pos330.tmp
12/19/2007 09:02 PM 11,033 pos331.tmp
12/19/2007 09:02 PM 10,033 pos332.tmp
12/19/2007 09:02 PM 8,033 pos333.tmp
12/19/2007 09:02 PM 9,033 pos334.tmp
12/19/2007 09:02 PM 12,033 pos335.tmp
12/19/2007 09:02 PM 10,033 pos336.tmp
12/19/2007 09:02 PM 7,033 pos337.tmp
12/19/2007 09:02 PM 12,033 pos338.tmp
12/19/2007 09:02 PM 12,033 pos339.tmp
12/19/2007 09:02 PM 9,033 pos33A.tmp
12/19/2007 09:02 PM 7,033 pos33B.tmp
12/19/2007 09:02 PM 9,033 pos33C.tmp
12/19/2007 09:02 PM 7,033 pos33D.tmp
12/19/2007 09:02 PM 6,033 pos33E.tmp
12/19/2007 09:02 PM 10,033 pos33F.tmp
12/19/2007 08:12 PM 6,033 pos34.tmp
12/19/2007 09:02 PM 6,033 pos340.tmp
12/19/2007 09:02 PM 5,033 pos341.tmp
12/19/2007 09:02 PM 11,033 pos342.tmp
12/19/2007 09:02 PM 13,033 pos343.tmp
12/19/2007 09:02 PM 13,033 pos344.tmp
12/19/2007 09:02 PM 6,033 pos345.tmp
12/19/2007 09:02 PM 7,033 pos346.tmp
12/19/2007 09:02 PM 11,033 pos347.tmp
12/19/2007 09:02 PM 6,033 pos348.tmp
12/19/2007 09:02 PM 11,033 pos349.tmp
12/19/2007 09:02 PM 10,033 pos34A.tmp
12/19/2007 09:02 PM 5,033 pos34B.tmp
12/19/2007 09:02 PM 6,033 pos34C.tmp
12/19/2007 09:02 PM 14,033 pos34D.tmp
12/19/2007 09:02 PM 14,033 pos34E.tmp
12/19/2007 09:02 PM 7,033 pos34F.tmp
12/19/2007 08:12 PM 13,033 pos35.tmp
12/19/2007 09:02 PM 6,033 pos350.tmp
12/19/2007 09:02 PM 14,033 pos351.tmp
12/19/2007 09:02 PM 14,033 pos352.tmp
12/19/2007 09:02 PM 13,033 pos353.tmp
12/19/2007 09:02 PM 9,033 pos354.tmp
12/19/2007 09:02 PM 12,033 pos355.tmp
12/19/2007 09:02 PM 11,033 pos356.tmp
12/19/2007 09:02 PM 11,033 pos357.tmp
12/19/2007 09:02 PM 10,033 pos358.tmp
12/19/2007 09:02 PM 8,033 pos359.tmp
12/19/2007 09:02 PM 12,033 pos35A.tmp
12/19/2007 09:02 PM 14,033 pos35B.tmp
12/19/2007 09:02 PM 8,033 pos35C.tmp
12/19/2007 09:02 PM 13,033 pos35D.tmp
12/19/2007 09:02 PM 6,033 pos35E.tmp
12/19/2007 09:02 PM 7,033 pos35F.tmp
12/19/2007 08:12 PM 6,033 pos36.tmp
12/19/2007 09:02 PM 13,033 pos360.tmp
12/19/2007 09:02 PM 8,033 pos361.tmp
12/19/2007 09:02 PM 11,033 pos362.tmp
12/19/2007 09:02 PM 13,033 pos363.tmp
12/19/2007 09:02 PM 11,033 pos364.tmp
12/19/2007 09:02 PM 9,033 pos365.tmp
12/19/2007 09:02 PM 8,033 pos366.tmp
12/19/2007 09:02 PM 13,033 pos367.tmp
12/19/2007 09:02 PM 7,033 pos368.tmp
12/19/2007 09:02 PM 13,033 pos369.tmp
12/19/2007 09:02 PM 13,033 pos36A.tmp
12/19/2007 09:02 PM 6,033 pos36B.tmp
12/19/2007 09:02 PM 10,033 pos36C.tmp
12/19/2007 09:02 PM 8,033 pos36D.tmp
12/19/2007 09:02 PM 10,033 pos36E.tmp
12/19/2007 09:02 PM 9,033 pos36F.tmp
12/19/2007 08:12 PM 13,033 pos37.tmp
12/19/2007 09:02 PM 12,033 pos370.tmp
12/19/2007 09:02 PM 10,033 pos371.tmp
12/19/2007 09:02 PM 9,033 pos372.tmp
12/19/2007 09:02 PM 5,033 pos373.tmp
12/19/2007 09:02 PM 10,033 pos374.tmp
12/19/2007 09:02 PM 13,033 pos375.tmp
12/19/2007 09:02 PM 10,033 pos376.tmp
12/19/2007 09:02 PM 6,033 pos377.tmp
12/19/2007 09:02 PM 8,033 pos378.tmp
12/19/2007 09:02 PM 9,033 pos379.tmp
12/19/2007 09:02 PM 6,033 pos37A.tmp
12/19/2007 09:02 PM 12,033 pos37B.tmp
12/19/2007 09:02 PM 6,033 pos37C.tmp
12/19/2007 09:02 PM 11,033 pos37D.tmp
12/19/2007 09:02 PM 10,033 pos37E.tmp
12/19/2007 09:02 PM 7,033 pos37F.tmp
12/19/2007 08:12 PM 14,033 pos38.tmp
12/19/2007 09:02 PM 14,033 pos380.tmp
12/19/2007 09:02 PM 11,033 pos381.tmp
12/19/2007 09:02 PM 5,033 pos382.tmp
12/19/2007 09:02 PM 8,033 pos383.tmp
12/19/2007 09:02 PM 10,033 pos384.tmp
12/19/2007 09:02 PM 13,033 pos385.tmp
12/19/2007 09:02 PM 10,033 pos386.tmp
12/19/2007 09:02 PM 6,033 pos387.tmp
12/19/2007 09:02 PM 13,033 pos388.tmp
12/19/2007 09:02 PM 11,033 pos389.tmp
12/19/2007 09:02 PM 11,033 pos38A.tmp
12/19/2007 09:02 PM 13,033 pos38B.tmp
12/19/2007 09:02 PM 7,033 pos38C.tmp
12/19/2007 09:02 PM 7,033 pos38D.tmp
12/19/2007 09:02 PM 10,033 pos38E.tmp
12/19/2007 09:02 PM 14,033 pos38F.tmp
12/19/2007 08:13 PM 9,033 pos39.tmp
12/19/2007 09:02 PM 13,033 pos390.tmp
12/19/2007 09:02 PM 5,033 pos391.tmp
12/19/2007 09:02 PM 6,033 pos392.tmp
12/19/2007 09:02 PM 12,033 pos393.tmp
12/19/2007 09:02 PM 9,033 pos394.tmp
12/19/2007 09:02 PM 13,033 pos395.tmp
12/19/2007 09:02 PM 11,033 pos396.tmp
12/19/2007 09:02 PM 13,033 pos397.tmp
12/19/2007 09:02 PM 13,033 pos398.tmp
12/19/2007 09:02 PM 13,033 pos399.tmp
12/19/2007 09:02 PM 7,033 pos39A.tmp
12/19/2007 09:02 PM 8,033 pos39B.tmp
12/19/2007 09:02 PM 14,033 pos39C.tmp
12/19/2007 09:02 PM 6,033 pos39D.tmp
12/19/2007 09:02 PM 6,033 pos39E.tmp
12/19/2007 09:02 PM 9,033 pos39F.tmp
12/19/2007 08:13 PM 5,033 pos3A.tmp
12/19/2007 09:02 PM 6,033 pos3A0.tmp
12/19/2007 09:02 PM 9,033 pos3A1.tmp
12/19/2007 09:02 PM 6,033 pos3A2.tmp
12/19/2007 09:02 PM 13,033 pos3A3.tmp
12/19/2007 09:02 PM 9,033 pos3A4.tmp
12/19/2007 09:02 PM 8,033 pos3A5.tmp
12/19/2007 09:02 PM 5,033 pos3A6.tmp
12/19/2007 09:02 PM 14,033 pos3A7.tmp
12/19/2007 09:02 PM 12,033 pos3A8.tmp
12/19/2007 09:02 PM 11,033 pos3A9.tmp
12/19/2007 09:02 PM 12,033 pos3AA.tmp
12/19/2007 09:02 PM 8,033 pos3AB.tmp
12/19/2007 09:02 PM 13,033 pos3AC.tmp
12/19/2007 09:02 PM 5,033 pos3AD.tmp
12/19/2007 09:02 PM 12,033 pos3AE.tmp
12/19/2007 09:02 PM 12,033 pos3AF.tmp
12/19/2007 08:13 PM 14,033 pos3B.tmp
12/19/2007 09:02 PM 10,033 pos3B0.tmp
12/19/2007 09:02 PM 10,033 pos3B1.tmp
12/19/2007 09:02 PM 8,033 pos3B2.tmp
12/19/2007 09:02 PM 13,033 pos3B3.tmp
12/19/2007 09:02 PM 6,033 pos3B4.tmp
12/19/2007 09:02 PM 8,033 pos3B5.tmp
12/19/2007 09:02 PM 8,033 pos3B6.tmp
12/19/2007 09:02 PM 10,033 pos3B7.tmp
12/19/2007 09:02 PM 7,033 pos3B8.tmp
12/19/2007 09:02 PM 11,033 pos3B9.tmp
12/19/2007 09:02 PM 6,033 pos3BA.tmp
12/19/2007 09:02 PM 9,033 pos3BB.tmp
12/19/2007 09:02 PM 6,033 pos3BC.tmp
12/19/2007 09:02 PM 5,033 pos3BD.tmp
12/19/2007 09:02 PM 11,033 pos3BE.tmp
12/19/2007 09:02 PM 12,033 pos3BF.tmp
12/19/2007 08:13 PM 12,033 pos3C.tmp
12/19/2007 09:02 PM 5,033 pos3C0.tmp
12/19/2007 09:02 PM 14,033 pos3C1.tmp
12/19/2007 09:02 PM 6,033 pos3C2.tmp
12/19/2007 09:02 PM 8,033 pos3C3.tmp
12/19/2007 09:02 PM 8,033 pos3C4.tmp
12/19/2007 09:02 PM 6,033 pos3C5.tmp
12/19/2007 09:02 PM 11,033 pos3C6.tmp
12/19/2007 09:02 PM 11,033 pos3C7.tmp
12/19/2007 09:02 PM 13,033 pos3C8.tmp
12/19/2007 09:02 PM 11,033 pos3C9.tmp
12/19/2007 09:02 PM 9,033 pos3CA.tmp
12/19/2007 09:02 PM 9,033 pos3CB.tmp
12/19/2007 09:02 PM 9,033 pos3CC.tmp
12/19/2007 09:02 PM 8,033 pos3CD.tmp
12/19/2007 09:02 PM 14,033 pos3CE.tmp
12/19/2007 09:02 PM 9,033 pos3CF.tmp
12/19/2007 08:13 PM 10,033 pos3D.tmp
12/19/2007 09:02 PM 5,033 pos3D0.tmp
12/19/2007 09:02 PM 11,033 pos3D1.tmp
12/19/2007 09:02 PM 11,033 pos3D2.tmp
12/19/2007 09:02 PM 10,033 pos3D3.tmp
12/19/2007 09:02 PM 6,033 pos3D4.tmp
12/19/2007 09:02 PM 6,033 pos3D5.tmp
12/19/2007 09:02 PM 8,033 pos3D6.tmp
12/19/2007 09:02 PM 9,033 pos3D7.tmp
12/19/2007 09:02 PM 8,033 pos3D8.tmp
12/19/2007 09:02 PM 14,033 pos3D9.tmp
12/19/2007 09:02 PM 10,033 pos3DA.tmp
12/19/2007 09:02 PM 13,033 pos3DB.tmp
12/19/2007 09:02 PM 10,033 pos3DC.tmp
12/19/2007 09:02 PM 6,033 pos3DD.tmp
12/19/2007 09:02 PM 11,033 pos3DE.tmp
12/19/2007 08:13 PM 7,033 pos3E.tmp
12/19/2007 09:02 PM 11,033 pos3E0.tmp
12/19/2007 09:02 PM 13,033 pos3E1.tmp
12/19/2007 09:02 PM 5,033 pos3E2.tmp
12/19/2007 09:02 PM 7,033 pos3E3.tmp
12/19/2007 09:02 PM 7,033 pos3E4.tmp
12/19/2007 09:02 PM 13,033 pos3E5.tmp
12/19/2007 09:02 PM 9,033 pos3E6.tmp
12/19/2007 09:02 PM 12,033 pos3E7.tmp
12/19/2007 09:02 PM 9,033 pos3E8.tmp
12/21/2007 01:53 PM 10,033 pos3E9.tmp
12/21/2007 01:53 PM 5,033 pos3EA.tmp
12/21/2007 01:53 PM 8,033 pos3EB.tmp
12/21/2007 01:53 PM 14,033 pos3EC.tmp
12/21/2007 01:53 PM 10,033 pos3ED.tmp
12/21/2007 01:53 PM 13,033 pos3EE.tmp
12/21/2007 01:53 PM 10,033 pos3EF.tmp
12/19/2007 08:13 PM 11,033 pos3F.tmp
12/21/2007 01:53 PM 6,033 pos3F0.tmp
12/21/2007 01:53 PM 12,033 pos3F1.tmp
12/21/2007 01:53 PM 8,033 pos3F2.tmp
12/21/2007 01:53 PM 14,033 pos3F3.tmp
12/21/2007 01:53 PM 7,033 pos3F4.tmp
12/21/2007 01:53 PM 12,033 pos3F5.tmp
12/21/2007 01:53 PM 8,033 pos3F6.tmp
12/21/2007 01:53 PM 12,033 pos3F7.tmp
12/21/2007 01:53 PM 13,033 pos3F8.tmp
12/21/2007 01:53 PM 9,033 pos3F9.tmp
12/21/2007 01:53 PM 5,033 pos3FA.tmp
12/21/2007 01:53 PM 14,033 pos3FB.tmp
12/21/2007 01:53 PM 13,033 pos3FC.tmp
12/21/2007 01:53 PM 6,033 pos3FD.tmp
12/21/2007 01:53 PM 7,033 pos3FE.tmp
12/21/2007 01:53 PM 14,033 pos3FF.tmp
12/19/2007 09:01 PM 7,033 pos4.tmp
12/19/2007 08:13 PM 13,033 pos40.tmp
12/21/2007 01:53 PM 13,033 pos400.tmp
12/21/2007 01:53 PM 10,033 pos401.tmp
12/21/2007 01:53 PM 5,033 pos402.tmp
12/21/2007 01:53 PM 10,033 pos403.tmp
12/21/2007 01:53 PM 8,033 pos404.tmp
12/21/2007 01:53 PM 14,033 pos405.tmp
12/21/2007 01:53 PM 10,033 pos406.tmp
12/21/2007 01:53 PM 10,033 pos407.tmp
12/21/2007 01:53 PM 13,033 pos408.tmp
12/21/2007 01:53 PM 7,033 pos409.tmp
12/21/2007 01:53 PM 13,033 pos40A.tmp
12/21/2007 01:53 PM 14,033 pos40B.tmp
12/21/2007 01:53 PM 9,033 pos40C.tmp
12/21/2007 01:53 PM 9,033 pos40D.tmp
12/21/2007 01:53 PM 10,033 pos40E.tmp
12/21/2007 01:53 PM 6,033 pos40F.tmp

Wizit
2007-12-28, 02:25
12/19/2007 08:13 PM 7,033 pos41.tmp
12/21/2007 01:53 PM 7,033 pos410.tmp
12/21/2007 01:53 PM 11,033 pos411.tmp
12/21/2007 01:53 PM 11,033 pos412.tmp
12/21/2007 01:53 PM 5,033 pos413.tmp
12/21/2007 01:53 PM 11,033 pos414.tmp
12/21/2007 01:53 PM 6,033 pos415.tmp
12/21/2007 01:53 PM 12,033 pos416.tmp
12/21/2007 01:53 PM 14,033 pos417.tmp
12/21/2007 01:53 PM 10,033 pos418.tmp
12/21/2007 01:53 PM 12,033 pos419.tmp
12/21/2007 01:53 PM 9,033 pos41A.tmp
12/21/2007 01:53 PM 11,033 pos41B.tmp
12/21/2007 01:53 PM 10,033 pos41C.tmp
12/21/2007 01:53 PM 9,033 pos41D.tmp
12/21/2007 01:53 PM 12,033 pos41E.tmp
12/21/2007 01:53 PM 9,033 pos41F.tmp
12/19/2007 08:13 PM 12,033 pos42.tmp
12/21/2007 01:53 PM 13,033 pos420.tmp
12/21/2007 01:53 PM 14,033 pos421.tmp
12/21/2007 01:53 PM 12,033 pos422.tmp
12/21/2007 01:53 PM 13,033 pos423.tmp
12/21/2007 01:53 PM 8,033 pos424.tmp
12/21/2007 01:53 PM 7,033 pos425.tmp
12/21/2007 01:53 PM 10,033 pos426.tmp
12/21/2007 01:53 PM 8,033 pos427.tmp
12/21/2007 01:53 PM 8,033 pos428.tmp
12/21/2007 01:53 PM 7,033 pos429.tmp
12/21/2007 01:53 PM 8,033 pos42A.tmp
12/21/2007 01:53 PM 9,033 pos42B.tmp
12/21/2007 01:53 PM 12,033 pos42C.tmp
12/21/2007 01:53 PM 14,033 pos42D.tmp
12/21/2007 01:53 PM 6,033 pos42E.tmp
12/21/2007 01:53 PM 8,033 pos42F.tmp
12/21/2007 01:53 PM 9,033 pos430.tmp
12/21/2007 01:53 PM 10,033 pos431.tmp
12/21/2007 01:53 PM 7,033 pos432.tmp
12/21/2007 01:53 PM 8,033 pos433.tmp
12/21/2007 01:53 PM 5,033 pos434.tmp
12/21/2007 01:53 PM 11,033 pos435.tmp
12/21/2007 01:53 PM 12,033 pos436.tmp
12/21/2007 01:53 PM 5,033 pos437.tmp
12/21/2007 01:53 PM 7,033 pos438.tmp
12/21/2007 01:53 PM 9,033 pos439.tmp
12/21/2007 01:53 PM 7,033 pos43A.tmp
12/21/2007 01:53 PM 13,033 pos43B.tmp
12/21/2007 01:53 PM 12,033 pos43C.tmp
12/21/2007 01:53 PM 6,033 pos43D.tmp
12/21/2007 01:53 PM 5,033 pos43E.tmp
12/21/2007 01:53 PM 9,033 pos43F.tmp
12/19/2007 08:13 PM 11,033 pos44.tmp
12/21/2007 01:53 PM 9,033 pos440.tmp
12/21/2007 01:53 PM 9,033 pos441.tmp
12/21/2007 01:53 PM 12,033 pos442.tmp
12/21/2007 01:53 PM 11,033 pos443.tmp
12/21/2007 01:53 PM 14,033 pos444.tmp
12/21/2007 01:53 PM 6,033 pos445.tmp
12/21/2007 01:53 PM 7,033 pos446.tmp
12/21/2007 01:53 PM 14,033 pos447.tmp
12/21/2007 01:53 PM 5,033 pos448.tmp
12/21/2007 01:53 PM 13,033 pos449.tmp
12/21/2007 01:53 PM 13,033 pos44A.tmp
12/21/2007 01:53 PM 6,033 pos44B.tmp
12/21/2007 01:53 PM 5,033 pos44C.tmp
12/21/2007 01:53 PM 8,033 pos44D.tmp
12/21/2007 01:53 PM 13,033 pos44E.tmp
12/21/2007 01:53 PM 11,033 pos44F.tmp
12/19/2007 08:13 PM 8,033 pos45.tmp
12/21/2007 01:53 PM 12,033 pos450.tmp
12/21/2007 01:53 PM 11,033 pos451.tmp
12/21/2007 01:53 PM 13,033 pos452.tmp
12/21/2007 01:53 PM 14,033 pos453.tmp
12/21/2007 01:53 PM 5,033 pos454.tmp
12/21/2007 01:53 PM 7,033 pos455.tmp
12/21/2007 01:53 PM 5,033 pos456.tmp
12/21/2007 01:53 PM 9,033 pos457.tmp
12/21/2007 01:53 PM 12,033 pos458.tmp
12/21/2007 01:53 PM 13,033 pos459.tmp
12/21/2007 01:53 PM 7,033 pos45A.tmp
12/21/2007 01:53 PM 11,033 pos45B.tmp
12/21/2007 01:53 PM 14,033 pos45C.tmp
12/21/2007 01:53 PM 5,033 pos45D.tmp
12/21/2007 01:53 PM 5,033 pos45E.tmp
12/21/2007 01:53 PM 7,033 pos45F.tmp
12/19/2007 08:13 PM 6,033 pos46.tmp
12/21/2007 01:53 PM 10,033 pos460.tmp
12/21/2007 01:53 PM 12,033 pos461.tmp
12/21/2007 01:53 PM 10,033 pos462.tmp
12/21/2007 01:53 PM 6,033 pos463.tmp
12/21/2007 01:53 PM 8,033 pos464.tmp
12/21/2007 01:53 PM 12,033 pos465.tmp
12/21/2007 01:53 PM 8,033 pos466.tmp
12/21/2007 01:53 PM 8,033 pos467.tmp
12/21/2007 01:53 PM 13,033 pos468.tmp
12/21/2007 01:53 PM 11,033 pos469.tmp
12/21/2007 01:53 PM 7,033 pos46A.tmp
12/21/2007 01:53 PM 12,033 pos46B.tmp
12/21/2007 01:53 PM 9,033 pos46C.tmp
12/21/2007 01:53 PM 13,033 pos46D.tmp
12/21/2007 01:53 PM 8,033 pos46E.tmp
12/21/2007 01:53 PM 10,033 pos46F.tmp
12/19/2007 08:13 PM 10,033 pos47.tmp
12/21/2007 01:53 PM 7,033 pos470.tmp
12/21/2007 01:53 PM 12,033 pos471.tmp
12/21/2007 01:53 PM 9,033 pos472.tmp
12/21/2007 01:53 PM 5,033 pos473.tmp
12/21/2007 01:53 PM 9,033 pos474.tmp
12/21/2007 01:53 PM 14,033 pos475.tmp
12/21/2007 01:53 PM 8,033 pos476.tmp
12/21/2007 01:53 PM 12,033 pos477.tmp
12/21/2007 01:53 PM 7,033 pos478.tmp
12/21/2007 01:53 PM 6,033 pos479.tmp
12/21/2007 01:53 PM 8,033 pos47A.tmp
12/21/2007 01:53 PM 13,033 pos47B.tmp
12/21/2007 01:53 PM 12,033 pos47C.tmp
12/21/2007 01:53 PM 7,033 pos47D.tmp
12/21/2007 01:53 PM 11,033 pos47E.tmp
12/21/2007 01:53 PM 11,033 pos47F.tmp
12/19/2007 08:13 PM 12,033 pos48.tmp
12/21/2007 01:53 PM 12,033 pos480.tmp
12/21/2007 01:53 PM 12,033 pos481.tmp
12/21/2007 01:53 PM 5,033 pos482.tmp
12/21/2007 01:53 PM 13,033 pos483.tmp
12/21/2007 01:53 PM 14,033 pos484.tmp
12/21/2007 01:53 PM 8,033 pos485.tmp
12/21/2007 01:53 PM 10,033 pos486.tmp
12/21/2007 01:53 PM 8,033 pos487.tmp
12/21/2007 01:53 PM 8,033 pos488.tmp
12/21/2007 01:53 PM 7,033 pos489.tmp
12/21/2007 01:53 PM 5,033 pos48A.tmp
12/21/2007 01:53 PM 13,033 pos48B.tmp
12/21/2007 01:53 PM 6,033 pos48C.tmp
12/21/2007 01:53 PM 9,033 pos48D.tmp
12/21/2007 01:53 PM 6,033 pos48E.tmp
12/21/2007 01:53 PM 5,033 pos48F.tmp
12/19/2007 08:13 PM 12,033 pos49.tmp
12/21/2007 01:53 PM 8,033 pos490.tmp
12/21/2007 01:53 PM 13,033 pos491.tmp
12/21/2007 01:53 PM 6,033 pos492.tmp
12/21/2007 01:53 PM 5,033 pos493.tmp
12/21/2007 01:53 PM 6,033 pos494.tmp
12/21/2007 01:53 PM 11,033 pos495.tmp
12/21/2007 01:53 PM 13,033 pos496.tmp
12/21/2007 01:53 PM 10,033 pos497.tmp
12/21/2007 01:53 PM 9,033 pos498.tmp
12/21/2007 01:53 PM 7,033 pos499.tmp
12/21/2007 01:53 PM 11,033 pos49A.tmp
12/21/2007 01:53 PM 7,033 pos49B.tmp
12/21/2007 01:53 PM 14,033 pos49C.tmp
12/21/2007 01:53 PM 11,033 pos49D.tmp
12/21/2007 01:53 PM 8,033 pos49E.tmp
12/21/2007 01:53 PM 7,033 pos49F.tmp
12/19/2007 08:13 PM 11,033 pos4A.tmp
12/21/2007 01:53 PM 10,033 pos4A0.tmp
12/21/2007 01:53 PM 5,033 pos4A1.tmp
12/21/2007 01:53 PM 14,033 pos4A2.tmp
12/21/2007 01:53 PM 5,033 pos4A3.tmp
12/21/2007 01:53 PM 6,033 pos4A4.tmp
12/21/2007 01:53 PM 6,033 pos4A5.tmp
12/21/2007 01:53 PM 10,033 pos4A6.tmp
12/21/2007 01:53 PM 5,033 pos4A7.tmp
12/21/2007 01:53 PM 11,033 pos4A8.tmp
12/21/2007 01:53 PM 8,033 pos4A9.tmp
12/21/2007 01:53 PM 10,033 pos4AA.tmp
12/21/2007 01:53 PM 10,033 pos4AB.tmp
12/21/2007 01:53 PM 9,033 pos4AC.tmp
12/21/2007 01:53 PM 13,033 pos4AD.tmp
12/21/2007 01:53 PM 12,033 pos4AE.tmp
12/21/2007 01:53 PM 11,033 pos4AF.tmp
12/19/2007 08:13 PM 12,033 pos4B.tmp
12/21/2007 01:53 PM 14,033 pos4B0.tmp
12/21/2007 01:53 PM 9,033 pos4B1.tmp
12/21/2007 01:53 PM 8,033 pos4B2.tmp
12/21/2007 01:53 PM 13,033 pos4B3.tmp
12/21/2007 01:53 PM 14,033 pos4B4.tmp
12/21/2007 01:53 PM 8,033 pos4B5.tmp
12/21/2007 01:53 PM 5,033 pos4B6.tmp
12/21/2007 01:53 PM 5,033 pos4B7.tmp
12/21/2007 01:53 PM 12,033 pos4B8.tmp
12/21/2007 01:53 PM 8,033 pos4B9.tmp
12/21/2007 01:53 PM 7,033 pos4BA.tmp
12/21/2007 01:53 PM 9,033 pos4BB.tmp
12/21/2007 01:53 PM 10,033 pos4BC.tmp
12/21/2007 01:53 PM 7,033 pos4BD.tmp
12/21/2007 01:53 PM 6,033 pos4BE.tmp
12/21/2007 01:53 PM 10,033 pos4BF.tmp
12/19/2007 08:13 PM 5,033 pos4C.tmp
12/21/2007 01:53 PM 6,033 pos4C0.tmp
12/21/2007 01:53 PM 9,033 pos4C1.tmp
12/21/2007 01:53 PM 10,033 pos4C2.tmp
12/21/2007 01:53 PM 7,033 pos4C3.tmp
12/21/2007 01:53 PM 13,033 pos4C4.tmp
12/21/2007 01:53 PM 10,033 pos4C5.tmp
12/21/2007 01:53 PM 5,033 pos4C6.tmp
12/21/2007 01:53 PM 8,033 pos4C7.tmp
12/21/2007 01:53 PM 6,033 pos4C8.tmp
12/21/2007 01:53 PM 10,033 pos4C9.tmp
12/21/2007 01:53 PM 5,033 pos4CA.tmp
12/21/2007 01:53 PM 10,033 pos4CB.tmp
12/21/2007 01:53 PM 13,033 pos4CC.tmp
12/21/2007 01:53 PM 7,033 pos4CD.tmp
12/21/2007 01:53 PM 7,033 pos4CE.tmp
12/21/2007 01:53 PM 5,033 pos4CF.tmp
12/19/2007 08:13 PM 14,033 pos4D.tmp
12/21/2007 01:53 PM 8,033 pos4D0.tmp
12/21/2007 01:53 PM 9,033 pos4D1.tmp
12/21/2007 01:53 PM 12,033 pos4D2.tmp
12/21/2007 01:53 PM 10,033 pos4D3.tmp
12/21/2007 01:53 PM 10,033 pos4D4.tmp
12/21/2007 01:53 PM 9,033 pos4D5.tmp
12/21/2007 01:53 PM 6,033 pos4D6.tmp
12/21/2007 01:53 PM 13,033 pos4D7.tmp
12/21/2007 01:53 PM 8,033 pos4D8.tmp
12/21/2007 01:53 PM 13,033 pos4D9.tmp
12/21/2007 01:53 PM 9,033 pos4DA.tmp
12/21/2007 01:53 PM 9,033 pos4DB.tmp
12/21/2007 01:53 PM 12,033 pos4DC.tmp
12/21/2007 01:53 PM 9,033 pos4DD.tmp
12/21/2007 01:53 PM 14,033 pos4DE.tmp
12/21/2007 01:53 PM 5,033 pos4DF.tmp
12/19/2007 08:13 PM 12,033 pos4E.tmp
12/21/2007 01:53 PM 13,033 pos4E0.tmp
12/21/2007 01:53 PM 12,033 pos4E1.tmp
12/21/2007 01:53 PM 10,033 pos4E2.tmp
12/21/2007 01:53 PM 5,033 pos4E3.tmp
12/21/2007 01:53 PM 7,033 pos4E4.tmp
12/21/2007 01:53 PM 13,033 pos4E5.tmp
12/21/2007 01:53 PM 8,033 pos4E6.tmp
12/21/2007 01:53 PM 12,033 pos4E7.tmp
12/21/2007 01:53 PM 12,033 pos4E8.tmp
12/21/2007 01:53 PM 8,033 pos4E9.tmp
12/21/2007 01:53 PM 8,033 pos4EA.tmp
12/21/2007 01:53 PM 5,033 pos4EB.tmp
12/21/2007 01:53 PM 6,033 pos4EC.tmp
12/21/2007 01:53 PM 11,033 pos4ED.tmp
12/21/2007 01:53 PM 14,033 pos4EE.tmp
12/21/2007 01:53 PM 11,033 pos4EF.tmp
12/19/2007 08:13 PM 14,033 pos4F.tmp
12/21/2007 01:53 PM 10,033 pos4F0.tmp
12/21/2007 01:53 PM 12,033 pos4F1.tmp
12/21/2007 01:53 PM 12,033 pos4F2.tmp
12/21/2007 01:53 PM 8,033 pos4F3.tmp
12/21/2007 01:53 PM 11,033 pos4F4.tmp
12/21/2007 01:53 PM 11,033 pos4F5.tmp
12/21/2007 01:53 PM 10,033 pos4F6.tmp
12/21/2007 01:53 PM 8,033 pos4F7.tmp
12/21/2007 01:53 PM 5,033 pos4F8.tmp
12/21/2007 01:53 PM 9,033 pos4F9.tmp
12/21/2007 01:53 PM 13,033 pos4FB.tmp
12/21/2007 01:53 PM 10,033 pos4FC.tmp
12/21/2007 01:53 PM 7,033 pos4FD.tmp
12/21/2007 01:53 PM 10,033 pos4FE.tmp
12/21/2007 01:54 PM 7,033 pos4FF.tmp
12/19/2007 09:01 PM 9,033 pos5.tmp
12/19/2007 08:13 PM 9,033 pos50.tmp
12/21/2007 01:54 PM 5,033 pos500.tmp
12/21/2007 01:54 PM 11,033 pos501.tmp
12/21/2007 01:54 PM 8,033 pos502.tmp
12/21/2007 01:54 PM 7,033 pos503.tmp
12/21/2007 01:54 PM 12,033 pos504.tmp
12/21/2007 01:54 PM 9,033 pos505.tmp
12/21/2007 01:54 PM 12,033 pos506.tmp
12/21/2007 01:54 PM 7,033 pos507.tmp
12/21/2007 01:54 PM 10,033 pos508.tmp
12/21/2007 01:54 PM 14,033 pos509.tmp
12/21/2007 01:54 PM 10,033 pos50A.tmp
12/21/2007 01:54 PM 8,033 pos50B.tmp
12/21/2007 01:54 PM 7,033 pos50C.tmp
12/21/2007 01:54 PM 5,033 pos50D.tmp
12/21/2007 01:54 PM 14,033 pos50E.tmp
12/21/2007 01:54 PM 6,033 pos50F.tmp
12/19/2007 08:13 PM 11,033 pos51.tmp
12/21/2007 01:54 PM 6,033 pos510.tmp
12/21/2007 01:54 PM 14,033 pos511.tmp
12/21/2007 01:54 PM 9,033 pos512.tmp
12/21/2007 01:54 PM 8,033 pos513.tmp
12/21/2007 01:54 PM 9,033 pos514.tmp
12/21/2007 01:54 PM 9,033 pos515.tmp
12/21/2007 01:54 PM 14,033 pos516.tmp
12/21/2007 01:54 PM 12,033 pos517.tmp
12/21/2007 01:54 PM 7,033 pos518.tmp
12/21/2007 01:54 PM 14,033 pos519.tmp
12/21/2007 01:54 PM 5,033 pos51A.tmp
12/21/2007 01:54 PM 13,033 pos51B.tmp
12/21/2007 01:54 PM 13,033 pos51C.tmp
12/21/2007 01:54 PM 10,033 pos51D.tmp
12/21/2007 01:54 PM 6,033 pos51E.tmp
12/21/2007 01:54 PM 9,033 pos51F.tmp
12/19/2007 08:13 PM 14,033 pos52.tmp
12/21/2007 01:54 PM 12,033 pos520.tmp
12/21/2007 01:54 PM 8,033 pos521.tmp
12/21/2007 01:54 PM 5,033 pos522.tmp
12/21/2007 01:54 PM 13,033 pos523.tmp
12/21/2007 01:54 PM 6,033 pos524.tmp
12/21/2007 01:54 PM 14,033 pos525.tmp
12/21/2007 01:54 PM 5,033 pos526.tmp
12/21/2007 01:54 PM 8,033 pos527.tmp
12/21/2007 01:54 PM 7,033 pos528.tmp
12/21/2007 01:54 PM 12,033 pos529.tmp
12/21/2007 01:54 PM 8,033 pos52A.tmp
12/21/2007 01:54 PM 10,033 pos52B.tmp
12/21/2007 01:54 PM 14,033 pos52C.tmp
12/21/2007 01:54 PM 6,033 pos52D.tmp
12/21/2007 01:54 PM 10,033 pos52E.tmp
12/21/2007 01:54 PM 9,033 pos52F.tmp
12/19/2007 08:13 PM 7,033 pos53.tmp
12/21/2007 01:54 PM 12,033 pos530.tmp
12/21/2007 01:54 PM 6,033 pos531.tmp
12/21/2007 01:54 PM 6,033 pos532.tmp
12/21/2007 01:54 PM 13,033 pos533.tmp
12/21/2007 01:54 PM 14,033 pos534.tmp
12/21/2007 01:54 PM 11,033 pos535.tmp
12/21/2007 01:54 PM 13,033 pos536.tmp
12/21/2007 01:54 PM 6,033 pos537.tmp
12/21/2007 01:54 PM 14,033 pos538.tmp
12/21/2007 01:54 PM 7,033 pos539.tmp
12/21/2007 01:54 PM 8,033 pos53A.tmp
12/21/2007 01:54 PM 9,033 pos53B.tmp
12/21/2007 01:54 PM 11,033 pos53C.tmp
12/21/2007 01:54 PM 12,033 pos53D.tmp
12/21/2007 01:54 PM 5,033 pos53E.tmp
12/21/2007 01:54 PM 9,033 pos53F.tmp
12/19/2007 08:13 PM 5,033 pos54.tmp

Wizit
2007-12-28, 02:26
12/21/2007 01:54 PM 10,033 pos540.tmp
12/21/2007 01:54 PM 11,033 pos541.tmp
12/21/2007 01:54 PM 13,033 pos542.tmp
12/21/2007 01:54 PM 10,033 pos543.tmp
12/21/2007 01:54 PM 5,033 pos544.tmp
12/21/2007 01:54 PM 7,033 pos545.tmp
12/21/2007 01:54 PM 12,033 pos546.tmp
12/21/2007 01:54 PM 12,033 pos547.tmp
12/21/2007 01:54 PM 14,033 pos548.tmp
12/21/2007 01:54 PM 11,033 pos549.tmp
12/21/2007 01:54 PM 13,033 pos54A.tmp
12/21/2007 01:54 PM 7,033 pos54B.tmp
12/21/2007 01:54 PM 10,033 pos54C.tmp
12/21/2007 01:54 PM 5,033 pos54D.tmp
12/21/2007 01:54 PM 6,033 pos54E.tmp
12/21/2007 01:54 PM 10,033 pos54F.tmp
12/19/2007 08:13 PM 9,033 pos55.tmp
12/21/2007 01:54 PM 12,033 pos550.tmp
12/21/2007 01:54 PM 6,033 pos551.tmp
12/21/2007 01:54 PM 9,033 pos552.tmp
12/21/2007 01:54 PM 9,033 pos553.tmp
12/21/2007 01:54 PM 8,033 pos554.tmp
12/21/2007 01:54 PM 13,033 pos555.tmp
12/21/2007 01:54 PM 11,033 pos556.tmp
12/21/2007 01:54 PM 5,033 pos557.tmp
12/21/2007 01:54 PM 6,033 pos558.tmp
12/21/2007 01:54 PM 12,033 pos559.tmp
12/21/2007 01:54 PM 12,033 pos55A.tmp
12/21/2007 01:54 PM 5,033 pos55B.tmp
12/21/2007 01:54 PM 13,033 pos55C.tmp
12/21/2007 01:54 PM 5,033 pos55D.tmp
12/21/2007 01:54 PM 8,033 pos55E.tmp
12/21/2007 01:54 PM 9,033 pos55F.tmp
12/19/2007 08:13 PM 7,033 pos56.tmp
12/21/2007 01:54 PM 6,033 pos560.tmp
12/21/2007 01:54 PM 7,033 pos561.tmp
12/21/2007 01:54 PM 14,033 pos562.tmp
12/21/2007 01:54 PM 13,033 pos563.tmp
12/21/2007 01:54 PM 7,033 pos564.tmp
12/21/2007 01:54 PM 10,033 pos565.tmp
12/21/2007 01:54 PM 10,033 pos566.tmp
12/21/2007 01:54 PM 5,033 pos567.tmp
12/21/2007 01:54 PM 7,033 pos568.tmp
12/21/2007 01:54 PM 7,033 pos569.tmp
12/21/2007 01:54 PM 8,033 pos56A.tmp
12/21/2007 01:54 PM 6,033 pos56B.tmp
12/21/2007 01:54 PM 7,033 pos56C.tmp
12/21/2007 01:54 PM 12,033 pos56D.tmp
12/21/2007 01:54 PM 5,033 pos56E.tmp
12/21/2007 01:54 PM 7,033 pos56F.tmp
12/19/2007 08:13 PM 12,033 pos57.tmp
12/21/2007 01:54 PM 7,033 pos570.tmp
12/21/2007 01:54 PM 14,033 pos571.tmp
12/21/2007 01:54 PM 11,033 pos572.tmp
12/21/2007 01:54 PM 11,033 pos573.tmp
12/21/2007 01:54 PM 11,033 pos574.tmp
12/21/2007 01:54 PM 13,033 pos575.tmp
12/21/2007 01:54 PM 9,033 pos576.tmp
12/21/2007 01:54 PM 10,033 pos577.tmp
12/21/2007 01:54 PM 13,033 pos578.tmp
12/21/2007 01:54 PM 13,033 pos579.tmp
12/21/2007 01:54 PM 11,033 pos57A.tmp
12/21/2007 01:54 PM 12,033 pos57B.tmp
12/21/2007 01:54 PM 10,033 pos57C.tmp
12/21/2007 01:54 PM 10,033 pos57D.tmp
12/21/2007 01:54 PM 7,033 pos57E.tmp
12/21/2007 01:54 PM 6,033 pos57F.tmp
12/19/2007 08:13 PM 9,033 pos58.tmp
12/21/2007 01:54 PM 12,033 pos580.tmp
12/21/2007 01:54 PM 5,033 pos581.tmp
12/21/2007 01:54 PM 5,033 pos582.tmp
12/21/2007 01:54 PM 9,033 pos583.tmp
12/21/2007 01:54 PM 14,033 pos584.tmp
12/21/2007 01:54 PM 10,033 pos585.tmp
12/21/2007 01:54 PM 6,033 pos586.tmp
12/21/2007 01:54 PM 14,033 pos587.tmp
12/21/2007 01:54 PM 9,033 pos588.tmp
12/21/2007 01:54 PM 12,033 pos589.tmp
12/21/2007 01:54 PM 12,033 pos58A.tmp
12/21/2007 01:54 PM 8,033 pos58B.tmp
12/21/2007 01:54 PM 11,033 pos58C.tmp
12/21/2007 01:54 PM 5,033 pos58D.tmp
12/21/2007 01:54 PM 9,033 pos58E.tmp
12/21/2007 01:54 PM 5,033 pos58F.tmp
12/19/2007 08:13 PM 6,033 pos59.tmp
12/21/2007 01:54 PM 6,033 pos590.tmp
12/21/2007 01:54 PM 11,033 pos591.tmp
12/21/2007 01:54 PM 6,033 pos592.tmp
12/21/2007 01:54 PM 14,033 pos593.tmp
12/21/2007 01:54 PM 14,033 pos594.tmp
12/21/2007 01:54 PM 9,033 pos595.tmp
12/21/2007 01:54 PM 13,033 pos596.tmp
12/21/2007 01:54 PM 7,033 pos597.tmp
12/21/2007 01:54 PM 10,033 pos598.tmp
12/21/2007 01:54 PM 11,033 pos599.tmp
12/21/2007 01:54 PM 13,033 pos59A.tmp
12/21/2007 01:54 PM 9,033 pos59B.tmp
12/21/2007 01:54 PM 12,033 pos59C.tmp
12/21/2007 01:54 PM 12,033 pos59D.tmp
12/21/2007 01:54 PM 6,033 pos59E.tmp
12/21/2007 01:54 PM 9,033 pos59F.tmp
12/19/2007 09:01 PM 7,033 pos5A.tmp
12/21/2007 01:54 PM 9,033 pos5A0.tmp
12/21/2007 01:54 PM 11,033 pos5A1.tmp
12/21/2007 01:54 PM 11,033 pos5A2.tmp
12/21/2007 01:54 PM 5,033 pos5A3.tmp
12/21/2007 01:54 PM 11,033 pos5A4.tmp
12/21/2007 01:54 PM 9,033 pos5A5.tmp
12/21/2007 01:54 PM 11,033 pos5A6.tmp
12/21/2007 01:54 PM 9,033 pos5A7.tmp
12/21/2007 01:54 PM 6,033 pos5A8.tmp
12/21/2007 01:54 PM 13,033 pos5A9.tmp
12/21/2007 01:54 PM 10,033 pos5AA.tmp
12/21/2007 01:54 PM 7,033 pos5AB.tmp
12/21/2007 01:54 PM 8,033 pos5AC.tmp
12/21/2007 01:54 PM 8,033 pos5AD.tmp
12/21/2007 01:54 PM 12,033 pos5AE.tmp
12/21/2007 01:54 PM 9,033 pos5AF.tmp
12/19/2007 08:13 PM 7,033 pos5B.tmp
12/21/2007 01:54 PM 13,033 pos5B0.tmp
12/21/2007 01:54 PM 5,033 pos5B1.tmp
12/21/2007 01:54 PM 9,033 pos5B2.tmp
12/21/2007 01:54 PM 12,033 pos5B3.tmp
12/21/2007 01:54 PM 6,033 pos5B4.tmp
12/21/2007 01:54 PM 8,033 pos5B5.tmp
12/21/2007 01:54 PM 11,033 pos5B6.tmp
12/21/2007 01:54 PM 5,033 pos5B7.tmp
12/21/2007 01:54 PM 11,033 pos5B8.tmp
12/21/2007 01:54 PM 14,033 pos5B9.tmp
12/21/2007 01:54 PM 11,033 pos5BA.tmp
12/21/2007 01:54 PM 5,033 pos5BB.tmp
12/21/2007 01:54 PM 11,033 pos5BC.tmp
12/21/2007 01:54 PM 11,033 pos5BD.tmp
12/21/2007 01:54 PM 10,033 pos5BE.tmp
12/21/2007 01:54 PM 6,033 pos5BF.tmp
12/19/2007 08:13 PM 10,033 pos5C.tmp
12/21/2007 01:54 PM 8,033 pos5C0.tmp
12/21/2007 01:54 PM 9,033 pos5C1.tmp
12/21/2007 01:54 PM 14,033 pos5C2.tmp
12/21/2007 01:54 PM 5,033 pos5C3.tmp
12/21/2007 01:54 PM 14,033 pos5C4.tmp
12/21/2007 01:54 PM 7,033 pos5C5.tmp
12/21/2007 01:54 PM 9,033 pos5C6.tmp
12/21/2007 01:54 PM 11,033 pos5C7.tmp
12/21/2007 01:54 PM 7,033 pos5C8.tmp
12/21/2007 01:54 PM 7,033 pos5C9.tmp
12/21/2007 01:54 PM 14,033 pos5CA.tmp
12/21/2007 01:54 PM 7,033 pos5CB.tmp
12/21/2007 01:54 PM 14,033 pos5CC.tmp
12/21/2007 01:54 PM 8,033 pos5CD.tmp
12/21/2007 01:54 PM 13,033 pos5CE.tmp
12/21/2007 01:54 PM 6,033 pos5CF.tmp
12/19/2007 08:13 PM 6,033 pos5D.tmp
12/21/2007 01:54 PM 9,033 pos5D0.tmp
12/21/2007 01:54 PM 8,033 pos5D1.tmp
12/21/2007 01:54 PM 12,033 pos5D2.tmp
12/21/2007 01:54 PM 6,033 pos5D3.tmp
12/21/2007 01:54 PM 7,033 pos5D4.tmp
12/21/2007 01:54 PM 9,033 pos5D5.tmp
12/21/2007 01:54 PM 6,033 pos5D6.tmp
12/21/2007 01:54 PM 14,033 pos5D7.tmp
12/21/2007 01:54 PM 12,033 pos5D8.tmp
12/21/2007 01:54 PM 14,033 pos5D9.tmp
12/21/2007 01:54 PM 10,033 pos5DA.tmp
12/21/2007 01:54 PM 7,033 pos5DC.tmp
12/21/2007 04:00 PM 7,033 pos5DD.tmp
12/21/2007 04:00 PM 14,033 pos5DE.tmp
12/21/2007 04:00 PM 5,033 pos5DF.tmp
12/19/2007 08:13 PM 12,033 pos5E.tmp
12/21/2007 04:00 PM 12,033 pos5E0.tmp
12/21/2007 04:00 PM 9,033 pos5E1.tmp
12/21/2007 04:00 PM 8,033 pos5E2.tmp
12/21/2007 04:00 PM 7,033 pos5E3.tmp
12/21/2007 04:00 PM 12,033 pos5E4.tmp
12/21/2007 04:00 PM 12,033 pos5E5.tmp
12/21/2007 04:00 PM 13,033 pos5E6.tmp
12/21/2007 04:00 PM 13,033 pos5E7.tmp
12/21/2007 04:00 PM 7,033 pos5E8.tmp
12/21/2007 04:00 PM 11,033 pos5E9.tmp
12/21/2007 04:00 PM 5,033 pos5EA.tmp
12/21/2007 04:00 PM 14,033 pos5EB.tmp
12/21/2007 04:00 PM 8,033 pos5EC.tmp
12/21/2007 04:00 PM 11,033 pos5ED.tmp
12/21/2007 04:00 PM 8,033 pos5EE.tmp
12/21/2007 04:00 PM 13,033 pos5EF.tmp
12/19/2007 08:13 PM 7,033 pos5F.tmp
12/21/2007 04:00 PM 7,033 pos5F0.tmp
12/21/2007 04:00 PM 11,033 pos5F1.tmp
12/21/2007 04:00 PM 8,033 pos5F2.tmp
12/21/2007 04:00 PM 7,033 pos5F3.tmp
12/21/2007 04:00 PM 8,033 pos5F4.tmp
12/21/2007 04:00 PM 13,033 pos5F5.tmp
12/21/2007 04:00 PM 8,033 pos5F6.tmp
12/21/2007 04:00 PM 14,033 pos5F7.tmp
12/21/2007 04:00 PM 12,033 pos5F8.tmp
12/21/2007 04:00 PM 5,033 pos5F9.tmp
12/21/2007 04:00 PM 6,033 pos5FA.tmp
12/21/2007 04:00 PM 10,033 pos5FB.tmp
12/21/2007 04:00 PM 7,033 pos5FC.tmp
12/21/2007 04:00 PM 5,033 pos5FD.tmp
12/21/2007 04:00 PM 10,033 pos5FE.tmp
12/21/2007 04:00 PM 12,033 pos5FF.tmp
12/19/2007 09:01 PM 12,033 pos6.tmp
12/19/2007 08:13 PM 11,033 pos60.tmp
12/21/2007 04:00 PM 11,033 pos600.tmp
12/21/2007 04:00 PM 12,033 pos601.tmp
12/21/2007 04:00 PM 6,033 pos602.tmp
12/21/2007 04:00 PM 12,033 pos603.tmp
12/21/2007 04:00 PM 12,033 pos604.tmp
12/21/2007 04:00 PM 14,033 pos605.tmp
12/21/2007 04:00 PM 7,033 pos606.tmp
12/21/2007 04:00 PM 10,033 pos607.tmp
12/21/2007 04:00 PM 13,033 pos608.tmp
12/21/2007 04:00 PM 6,033 pos609.tmp
12/21/2007 04:00 PM 13,033 pos60A.tmp
12/21/2007 04:00 PM 6,033 pos60B.tmp
12/21/2007 04:00 PM 8,033 pos60C.tmp
12/21/2007 04:00 PM 14,033 pos60D.tmp
12/21/2007 04:00 PM 13,033 pos60E.tmp
12/21/2007 04:00 PM 8,033 pos60F.tmp
12/19/2007 08:13 PM 7,033 pos61.tmp
12/21/2007 04:00 PM 10,033 pos610.tmp
12/21/2007 04:00 PM 8,033 pos611.tmp
12/21/2007 04:00 PM 11,033 pos612.tmp
12/21/2007 04:00 PM 8,033 pos613.tmp
12/20/2007 03:56 PM 13,033 pos614.tmp
12/20/2007 03:56 PM 5,033 pos615.tmp
12/20/2007 03:56 PM 12,033 pos616.tmp
12/20/2007 03:56 PM 5,033 pos617.tmp
12/20/2007 03:56 PM 14,033 pos618.tmp
12/20/2007 03:56 PM 14,033 pos619.tmp
12/20/2007 03:56 PM 14,033 pos61A.tmp
12/20/2007 03:56 PM 13,033 pos61B.tmp
12/20/2007 03:56 PM 7,033 pos61C.tmp
12/20/2007 03:56 PM 9,033 pos61D.tmp
12/20/2007 03:56 PM 14,033 pos61E.tmp
12/20/2007 03:56 PM 9,033 pos61F.tmp
12/19/2007 08:13 PM 10,033 pos62.tmp
12/20/2007 03:56 PM 9,033 pos620.tmp
12/20/2007 03:56 PM 5,033 pos621.tmp
12/20/2007 03:56 PM 8,033 pos622.tmp
12/20/2007 03:56 PM 7,033 pos623.tmp
12/20/2007 03:56 PM 5,033 pos624.tmp
12/20/2007 03:56 PM 10,033 pos625.tmp
12/20/2007 03:56 PM 5,033 pos626.tmp
12/20/2007 03:56 PM 14,033 pos627.tmp
12/20/2007 03:56 PM 6,033 pos628.tmp
12/20/2007 03:56 PM 6,033 pos629.tmp
12/20/2007 03:56 PM 11,033 pos62A.tmp
12/20/2007 03:56 PM 12,033 pos62B.tmp
12/20/2007 03:56 PM 6,033 pos62C.tmp
12/20/2007 03:56 PM 8,033 pos62D.tmp
12/20/2007 03:56 PM 6,033 pos62E.tmp
12/20/2007 03:56 PM 10,033 pos62F.tmp
12/19/2007 08:13 PM 9,033 pos63.tmp
12/20/2007 03:56 PM 11,033 pos630.tmp
12/20/2007 03:56 PM 5,033 pos631.tmp
12/20/2007 03:56 PM 12,033 pos632.tmp
12/21/2007 01:23 PM 12,033 pos633.tmp
12/21/2007 01:23 PM 9,033 pos634.tmp
12/21/2007 01:23 PM 5,033 pos635.tmp
12/21/2007 01:23 PM 11,033 pos636.tmp
12/21/2007 01:23 PM 8,033 pos637.tmp
12/21/2007 01:23 PM 8,033 pos638.tmp
12/21/2007 01:23 PM 13,033 pos639.tmp
12/21/2007 01:23 PM 9,033 pos63A.tmp
12/21/2007 01:23 PM 8,033 pos63B.tmp
12/21/2007 01:23 PM 12,033 pos63C.tmp
12/21/2007 01:23 PM 8,033 pos63D.tmp
12/21/2007 01:23 PM 12,033 pos63E.tmp
12/21/2007 01:23 PM 11,033 pos63F.tmp
12/19/2007 08:13 PM 8,033 pos64.tmp
12/21/2007 01:23 PM 5,033 pos640.tmp
12/21/2007 01:23 PM 12,033 pos641.tmp
12/21/2007 04:00 PM 13,033 pos642.tmp
12/20/2007 03:56 PM 8,033 pos643.tmp
12/21/2007 04:00 PM 6,033 pos644.tmp
12/20/2007 03:56 PM 13,033 pos645.tmp
12/20/2007 03:56 PM 14,033 pos646.tmp
12/20/2007 03:56 PM 9,033 pos647.tmp
12/20/2007 03:56 PM 5,033 pos648.tmp
12/20/2007 03:56 PM 14,033 pos649.tmp
12/20/2007 03:56 PM 5,033 pos64A.tmp
12/20/2007 03:56 PM 8,033 pos64B.tmp
12/20/2007 03:56 PM 9,033 pos64C.tmp
12/20/2007 03:56 PM 5,033 pos64D.tmp
12/20/2007 03:56 PM 6,033 pos64E.tmp
12/20/2007 03:56 PM 14,033 pos64F.tmp
12/19/2007 08:13 PM 9,033 pos65.tmp
12/20/2007 03:56 PM 14,033 pos650.tmp
12/21/2007 01:23 PM 14,033 pos651.tmp
12/21/2007 01:23 PM 9,033 pos652.tmp
12/21/2007 01:23 PM 12,033 pos653.tmp
12/21/2007 01:23 PM 8,033 pos654.tmp
12/21/2007 01:23 PM 9,033 pos655.tmp
12/21/2007 01:23 PM 8,033 pos656.tmp
12/21/2007 01:23 PM 13,033 pos657.tmp
12/21/2007 01:23 PM 7,033 pos658.tmp
12/21/2007 04:00 PM 11,033 pos659.tmp
12/20/2007 03:56 PM 14,033 pos65A.tmp
12/21/2007 04:00 PM 12,033 pos65B.tmp
12/20/2007 03:56 PM 11,033 pos65C.tmp
12/20/2007 03:56 PM 8,033 pos65D.tmp
12/20/2007 03:56 PM 8,033 pos65E.tmp
12/20/2007 03:56 PM 12,033 pos65F.tmp
12/19/2007 08:13 PM 7,033 pos66.tmp
12/20/2007 03:56 PM 9,033 pos660.tmp
12/21/2007 01:23 PM 7,033 pos661.tmp
12/21/2007 01:23 PM 12,033 pos662.tmp
12/21/2007 01:23 PM 14,033 pos663.tmp
12/21/2007 01:23 PM 13,033 pos664.tmp
12/21/2007 01:23 PM 14,033 pos665.tmp
12/21/2007 01:23 PM 9,033 pos666.tmp
12/21/2007 01:23 PM 7,033 pos667.tmp
12/21/2007 01:23 PM 10,033 pos668.tmp
12/21/2007 01:23 PM 9,033 pos669.tmp
12/21/2007 01:23 PM 10,033 pos66A.tmp
12/21/2007 01:23 PM 8,033 pos66B.tmp
12/21/2007 01:23 PM 13,033 pos66C.tmp
12/21/2007 01:23 PM 6,033 pos66D.tmp
12/21/2007 04:00 PM 6,033 pos66E.tmp
12/20/2007 03:56 PM 10,033 pos66F.tmp
12/19/2007 08:13 PM 7,033 pos67.tmp
12/20/2007 03:56 PM 14,033 pos670.tmp
12/20/2007 03:56 PM 11,033 pos671.tmp
12/21/2007 04:00 PM 11,033 pos672.tmp
12/20/2007 03:56 PM 12,033 pos673.tmp
12/20/2007 03:56 PM 12,033 pos674.tmp
12/20/2007 03:56 PM 8,033 pos675.tmp
12/20/2007 03:56 PM 8,033 pos676.tmp
12/20/2007 03:56 PM 11,033 pos677.tmp
12/20/2007 03:56 PM 7,033 pos678.tmp
12/21/2007 01:23 PM 8,033 pos679.tmp
12/21/2007 01:23 PM 11,033 pos67A.tmp
12/21/2007 01:23 PM 8,033 pos67B.tmp
12/21/2007 01:23 PM 6,033 pos67C.tmp
12/21/2007 01:23 PM 10,033 pos67D.tmp
12/21/2007 01:23 PM 14,033 pos67E.tmp
12/21/2007 01:23 PM 14,033 pos67F.tmp
12/19/2007 08:13 PM 9,033 pos68.tmp
12/21/2007 01:23 PM 14,033 pos680.tmp
12/21/2007 01:23 PM 5,033 pos681.tmp
12/21/2007 01:23 PM 12,033 pos682.tmp
12/21/2007 01:23 PM 8,033 pos683.tmp
12/21/2007 04:00 PM 9,033 pos684.tmp
12/20/2007 03:56 PM 9,033 pos685.tmp
12/20/2007 03:56 PM 9,033 pos686.tmp
12/20/2007 03:56 PM 9,033 pos687.tmp
12/20/2007 03:56 PM 14,033 pos688.tmp
12/20/2007 03:56 PM 6,033 pos689.tmp
12/20/2007 03:56 PM 14,033 pos68A.tmp
12/20/2007 03:56 PM 11,033 pos68C.tmp
12/20/2007 03:56 PM 12,033 pos68D.tmp
12/20/2007 03:56 PM 12,033 pos68E.tmp
12/20/2007 03:56 PM 6,033 pos68F.tmp
12/19/2007 08:13 PM 7,033 pos69.tmp
12/20/2007 03:56 PM 12,033 pos690.tmp
12/20/2007 03:56 PM 11,033 pos691.tmp
12/20/2007 03:56 PM 7,033 pos692.tmp
12/20/2007 03:56 PM 6,033 pos693.tmp
12/20/2007 03:56 PM 12,033 pos694.tmp
12/20/2007 03:56 PM 9,033 pos695.tmp
12/20/2007 03:56 PM 9,033 pos696.tmp
12/20/2007 03:57 PM 9,033 pos697.tmp
12/20/2007 03:57 PM 5,033 pos698.tmp
12/20/2007 03:57 PM 9,033 pos699.tmp
12/21/2007 04:00 PM 6,033 pos69A.tmp
12/20/2007 03:57 PM 8,033 pos69B.tmp
12/20/2007 03:57 PM 8,033 pos69C.tmp
12/20/2007 03:57 PM 8,033 pos69D.tmp
12/20/2007 03:57 PM 5,033 pos69E.tmp
12/20/2007 03:57 PM 10,033 pos69F.tmp
12/19/2007 08:13 PM 6,033 pos6A.tmp

Wizit
2007-12-28, 02:27
12/20/2007 03:57 PM 10,033 pos6A0.tmp
12/20/2007 03:57 PM 11,033 pos6A1.tmp
12/20/2007 03:57 PM 9,033 pos6A2.tmp
12/20/2007 03:57 PM 7,033 pos6A3.tmp
12/20/2007 03:57 PM 9,033 pos6A4.tmp
12/20/2007 03:57 PM 11,033 pos6A5.tmp
12/20/2007 03:57 PM 5,033 pos6A6.tmp
12/20/2007 03:57 PM 13,033 pos6A7.tmp
12/20/2007 03:57 PM 13,033 pos6A8.tmp
12/21/2007 01:23 PM 12,033 pos6A9.tmp
12/21/2007 01:23 PM 11,033 pos6AA.tmp
12/21/2007 01:23 PM 5,033 pos6AB.tmp
12/21/2007 01:23 PM 8,033 pos6AC.tmp
12/21/2007 01:23 PM 12,033 pos6AD.tmp
12/21/2007 01:23 PM 7,033 pos6AE.tmp
12/21/2007 01:23 PM 8,033 pos6AF.tmp
12/19/2007 08:13 PM 11,033 pos6B.tmp
12/21/2007 01:23 PM 13,033 pos6B0.tmp
12/21/2007 01:23 PM 11,033 pos6B1.tmp
12/21/2007 01:23 PM 14,033 pos6B2.tmp
12/21/2007 01:23 PM 5,033 pos6B3.tmp
12/21/2007 04:00 PM 12,033 pos6B4.tmp
12/20/2007 03:57 PM 9,033 pos6B5.tmp
12/20/2007 03:57 PM 8,033 pos6B6.tmp
12/20/2007 03:57 PM 7,033 pos6B7.tmp
12/20/2007 03:57 PM 8,033 pos6B8.tmp
12/20/2007 03:57 PM 14,033 pos6B9.tmp
12/20/2007 03:57 PM 5,033 pos6BA.tmp
12/20/2007 03:57 PM 9,033 pos6BB.tmp
12/20/2007 03:57 PM 9,033 pos6BC.tmp
12/20/2007 03:57 PM 14,033 pos6BD.tmp
12/20/2007 03:57 PM 7,033 pos6BE.tmp
12/20/2007 03:57 PM 9,033 pos6BF.tmp
12/19/2007 08:13 PM 9,033 pos6C.tmp
12/20/2007 03:57 PM 8,033 pos6C0.tmp
12/20/2007 03:57 PM 6,033 pos6C1.tmp
12/20/2007 03:57 PM 9,033 pos6C2.tmp
12/20/2007 03:57 PM 7,033 pos6C3.tmp
12/20/2007 03:57 PM 7,033 pos6C4.tmp
12/20/2007 03:57 PM 14,033 pos6C5.tmp
12/21/2007 04:00 PM 10,033 pos6C6.tmp
12/20/2007 03:57 PM 8,033 pos6C7.tmp
12/20/2007 03:57 PM 5,033 pos6C8.tmp
12/20/2007 03:57 PM 10,033 pos6C9.tmp
12/20/2007 03:57 PM 5,033 pos6CA.tmp
12/20/2007 03:57 PM 14,033 pos6CB.tmp
12/20/2007 03:57 PM 13,033 pos6CC.tmp
12/20/2007 03:57 PM 6,033 pos6CD.tmp
12/20/2007 03:57 PM 13,033 pos6CE.tmp
12/20/2007 03:57 PM 12,033 pos6CF.tmp
12/19/2007 08:13 PM 5,033 pos6D.tmp
12/20/2007 03:57 PM 9,033 pos6D0.tmp
12/21/2007 01:23 PM 14,033 pos6D1.tmp
12/21/2007 01:23 PM 9,033 pos6D2.tmp
12/20/2007 03:57 PM 8,033 pos6D3.tmp
12/20/2007 03:57 PM 10,033 pos6D4.tmp
12/20/2007 03:57 PM 10,033 pos6D5.tmp
12/20/2007 03:57 PM 7,033 pos6D6.tmp
12/20/2007 03:57 PM 13,033 pos6D7.tmp
12/20/2007 03:57 PM 11,033 pos6D8.tmp
12/20/2007 03:57 PM 8,033 pos6D9.tmp
12/20/2007 03:57 PM 6,033 pos6DA.tmp
12/20/2007 03:57 PM 8,033 pos6DB.tmp
12/20/2007 03:57 PM 9,033 pos6DC.tmp
12/20/2007 03:57 PM 7,033 pos6DD.tmp
12/20/2007 03:57 PM 14,033 pos6DE.tmp
12/20/2007 03:57 PM 8,033 pos6DF.tmp
12/19/2007 08:13 PM 8,033 pos6E.tmp
12/20/2007 03:57 PM 14,033 pos6E0.tmp
12/20/2007 03:57 PM 7,033 pos6E1.tmp
12/20/2007 03:57 PM 11,033 pos6E2.tmp
12/20/2007 03:57 PM 6,033 pos6E3.tmp
12/20/2007 03:57 PM 13,033 pos6E4.tmp
12/20/2007 03:57 PM 7,033 pos6E5.tmp
12/20/2007 03:57 PM 7,033 pos6E6.tmp
12/20/2007 03:57 PM 11,033 pos6E7.tmp
12/20/2007 03:57 PM 9,033 pos6E8.tmp
12/20/2007 03:57 PM 10,033 pos6E9.tmp
12/20/2007 03:57 PM 7,033 pos6EA.tmp
12/20/2007 03:57 PM 5,033 pos6EB.tmp
12/20/2007 03:57 PM 8,033 pos6EC.tmp
12/20/2007 03:57 PM 9,033 pos6ED.tmp
12/20/2007 03:57 PM 5,033 pos6EE.tmp
12/20/2007 03:57 PM 9,033 pos6EF.tmp
12/19/2007 08:13 PM 13,033 pos6F.tmp
12/20/2007 03:57 PM 10,033 pos6F0.tmp
12/20/2007 03:57 PM 5,033 pos6F1.tmp
12/20/2007 03:57 PM 9,033 pos6F2.tmp
12/20/2007 03:57 PM 10,033 pos6F3.tmp
12/20/2007 03:57 PM 13,033 pos6F4.tmp
12/20/2007 03:57 PM 6,033 pos6F5.tmp
12/20/2007 03:57 PM 6,033 pos6F6.tmp
12/20/2007 03:57 PM 8,033 pos6F7.tmp
12/20/2007 03:57 PM 13,033 pos6F8.tmp
12/20/2007 03:57 PM 12,033 pos6F9.tmp
12/20/2007 03:57 PM 5,033 pos6FA.tmp
12/20/2007 03:57 PM 9,033 pos6FB.tmp
12/20/2007 03:57 PM 7,033 pos6FC.tmp
12/20/2007 03:57 PM 6,033 pos6FD.tmp
12/20/2007 03:57 PM 7,033 pos6FE.tmp
12/20/2007 03:57 PM 10,033 pos6FF.tmp
12/19/2007 09:01 PM 8,033 pos7.tmp
12/19/2007 08:13 PM 6,033 pos70.tmp
12/20/2007 03:57 PM 12,033 pos700.tmp
12/20/2007 03:57 PM 7,033 pos701.tmp
12/20/2007 03:57 PM 5,033 pos702.tmp
12/20/2007 03:57 PM 14,033 pos703.tmp
12/20/2007 03:57 PM 13,033 pos704.tmp
12/20/2007 03:57 PM 5,033 pos705.tmp
12/20/2007 03:57 PM 11,033 pos706.tmp
12/20/2007 03:57 PM 5,033 pos707.tmp
12/20/2007 03:57 PM 12,033 pos708.tmp
12/20/2007 03:57 PM 11,033 pos709.tmp
12/20/2007 03:57 PM 14,033 pos70A.tmp
12/20/2007 03:57 PM 10,033 pos70B.tmp
12/20/2007 03:57 PM 6,033 pos70C.tmp
12/20/2007 03:57 PM 11,033 pos70D.tmp
12/20/2007 03:57 PM 5,033 pos70E.tmp
12/20/2007 03:57 PM 10,033 pos70F.tmp
12/19/2007 08:13 PM 8,033 pos71.tmp
12/20/2007 03:57 PM 12,033 pos710.tmp
12/20/2007 03:57 PM 7,033 pos711.tmp
12/20/2007 03:57 PM 10,033 pos712.tmp
12/20/2007 03:57 PM 8,033 pos713.tmp
12/20/2007 03:57 PM 5,033 pos714.tmp
12/20/2007 03:57 PM 13,033 pos715.tmp
12/20/2007 03:57 PM 8,033 pos716.tmp
12/20/2007 03:57 PM 12,033 pos717.tmp
12/20/2007 03:57 PM 9,033 pos718.tmp
12/20/2007 03:57 PM 14,033 pos719.tmp
12/20/2007 03:57 PM 10,033 pos71A.tmp
12/20/2007 03:57 PM 6,033 pos71B.tmp
12/20/2007 03:57 PM 11,033 pos71C.tmp
12/20/2007 03:57 PM 10,033 pos71D.tmp
12/20/2007 03:57 PM 14,033 pos71E.tmp
12/20/2007 03:57 PM 14,033 pos71F.tmp
12/19/2007 08:13 PM 9,033 pos72.tmp
12/20/2007 03:57 PM 10,033 pos720.tmp
12/20/2007 03:57 PM 6,033 pos721.tmp
12/20/2007 03:57 PM 11,033 pos722.tmp
12/20/2007 03:57 PM 7,033 pos723.tmp
12/20/2007 03:57 PM 5,033 pos724.tmp
12/20/2007 03:57 PM 14,033 pos725.tmp
12/20/2007 03:57 PM 10,033 pos726.tmp
12/20/2007 03:57 PM 5,033 pos727.tmp
12/20/2007 03:57 PM 12,033 pos728.tmp
12/20/2007 03:57 PM 6,033 pos729.tmp
12/20/2007 03:57 PM 8,033 pos72A.tmp
12/20/2007 03:57 PM 7,033 pos72B.tmp
12/20/2007 03:57 PM 9,033 pos72C.tmp
12/20/2007 03:57 PM 6,033 pos72D.tmp
12/20/2007 03:57 PM 7,033 pos72E.tmp
12/20/2007 03:57 PM 12,033 pos72F.tmp
12/19/2007 08:13 PM 13,033 pos73.tmp
12/20/2007 03:57 PM 5,033 pos730.tmp
12/20/2007 03:57 PM 6,033 pos731.tmp
12/20/2007 03:57 PM 5,033 pos732.tmp
12/20/2007 03:57 PM 14,033 pos733.tmp
12/20/2007 03:57 PM 6,033 pos734.tmp
12/20/2007 03:57 PM 12,033 pos735.tmp
12/20/2007 03:57 PM 5,033 pos736.tmp
12/20/2007 03:57 PM 11,033 pos737.tmp
12/20/2007 03:57 PM 9,033 pos738.tmp
12/20/2007 03:57 PM 6,033 pos739.tmp
12/20/2007 03:57 PM 8,033 pos73A.tmp
12/20/2007 03:57 PM 13,033 pos73B.tmp
12/20/2007 03:57 PM 11,033 pos73C.tmp
12/20/2007 03:57 PM 12,033 pos73D.tmp
12/20/2007 03:57 PM 9,033 pos73E.tmp
12/20/2007 03:57 PM 13,033 pos73F.tmp
12/19/2007 08:13 PM 8,033 pos74.tmp
12/20/2007 03:57 PM 12,033 pos740.tmp
12/20/2007 03:57 PM 5,033 pos741.tmp
12/20/2007 03:57 PM 6,033 pos742.tmp
12/20/2007 03:57 PM 6,033 pos743.tmp
12/20/2007 03:57 PM 7,033 pos744.tmp
12/20/2007 03:57 PM 14,033 pos745.tmp
12/20/2007 03:57 PM 11,033 pos746.tmp
12/20/2007 03:57 PM 6,033 pos747.tmp
12/20/2007 03:57 PM 8,033 pos748.tmp
12/20/2007 03:57 PM 8,033 pos749.tmp
12/20/2007 03:57 PM 8,033 pos74A.tmp
12/20/2007 03:57 PM 14,033 pos74B.tmp
12/20/2007 03:57 PM 9,033 pos74C.tmp
12/20/2007 03:57 PM 8,033 pos74D.tmp
12/20/2007 03:57 PM 12,033 pos74E.tmp
12/20/2007 03:57 PM 14,033 pos74F.tmp
12/19/2007 08:13 PM 7,033 pos75.tmp
12/20/2007 03:57 PM 14,033 pos750.tmp
12/20/2007 03:57 PM 9,033 pos751.tmp
12/20/2007 03:57 PM 13,033 pos752.tmp
12/20/2007 03:57 PM 10,033 pos753.tmp
12/20/2007 03:57 PM 12,033 pos754.tmp
12/20/2007 03:57 PM 14,033 pos755.tmp
12/20/2007 03:57 PM 13,033 pos756.tmp
12/20/2007 03:57 PM 10,033 pos757.tmp
12/20/2007 03:57 PM 9,033 pos758.tmp
12/20/2007 03:57 PM 8,033 pos759.tmp
12/20/2007 03:57 PM 11,033 pos75A.tmp
12/20/2007 03:57 PM 13,033 pos75B.tmp
12/20/2007 03:57 PM 13,033 pos75C.tmp
12/20/2007 03:57 PM 11,033 pos75D.tmp
12/20/2007 03:57 PM 7,033 pos75E.tmp
12/20/2007 03:57 PM 13,033 pos75F.tmp
12/19/2007 08:13 PM 14,033 pos76.tmp
12/20/2007 03:57 PM 7,033 pos760.tmp
12/20/2007 03:57 PM 10,033 pos761.tmp
12/20/2007 03:57 PM 5,033 pos762.tmp
12/20/2007 03:57 PM 8,033 pos763.tmp
12/20/2007 03:57 PM 7,033 pos764.tmp
12/20/2007 03:57 PM 6,033 pos765.tmp
12/20/2007 03:57 PM 5,033 pos766.tmp
12/20/2007 03:57 PM 14,033 pos767.tmp
12/20/2007 03:57 PM 11,033 pos768.tmp
12/20/2007 03:57 PM 7,033 pos769.tmp
12/20/2007 03:57 PM 12,033 pos76A.tmp
12/20/2007 03:57 PM 12,033 pos76B.tmp
12/20/2007 03:57 PM 10,033 pos76C.tmp
12/20/2007 03:57 PM 10,033 pos76D.tmp
12/20/2007 03:57 PM 11,033 pos76E.tmp
12/20/2007 03:57 PM 6,033 pos76F.tmp
12/19/2007 08:13 PM 5,033 pos77.tmp
12/20/2007 03:57 PM 9,033 pos770.tmp
12/20/2007 03:57 PM 11,033 pos771.tmp
12/20/2007 03:57 PM 12,033 pos772.tmp
12/20/2007 03:57 PM 11,033 pos773.tmp
12/20/2007 03:57 PM 13,033 pos774.tmp
12/20/2007 03:57 PM 11,033 pos775.tmp
12/20/2007 03:57 PM 13,033 pos776.tmp
12/20/2007 03:57 PM 9,033 pos777.tmp
12/20/2007 03:57 PM 13,033 pos778.tmp
12/20/2007 03:57 PM 7,033 pos779.tmp
12/20/2007 03:57 PM 8,033 pos77A.tmp
12/20/2007 03:57 PM 5,033 pos77B.tmp
12/20/2007 03:57 PM 7,033 pos77C.tmp
12/20/2007 03:57 PM 9,033 pos77D.tmp
12/20/2007 03:57 PM 14,033 pos77E.tmp
12/20/2007 03:57 PM 10,033 pos77F.tmp
12/19/2007 08:13 PM 8,033 pos78.tmp
12/20/2007 03:57 PM 5,033 pos780.tmp
12/20/2007 03:57 PM 14,033 pos781.tmp
12/20/2007 03:57 PM 13,033 pos782.tmp
12/20/2007 03:57 PM 8,033 pos783.tmp
12/20/2007 03:57 PM 10,033 pos784.tmp
12/20/2007 03:57 PM 6,033 pos785.tmp
12/20/2007 03:57 PM 8,033 pos786.tmp
12/20/2007 03:57 PM 13,033 pos787.tmp
12/20/2007 03:57 PM 11,033 pos788.tmp
12/20/2007 03:57 PM 7,033 pos789.tmp
12/20/2007 03:57 PM 14,033 pos78A.tmp
12/20/2007 03:57 PM 10,033 pos78B.tmp
12/20/2007 03:57 PM 8,033 pos78C.tmp
12/20/2007 03:57 PM 14,033 pos78D.tmp
12/20/2007 03:57 PM 9,033 pos78E.tmp
12/20/2007 03:57 PM 8,033 pos78F.tmp
12/19/2007 08:13 PM 7,033 pos79.tmp
12/20/2007 03:57 PM 10,033 pos790.tmp
12/20/2007 03:57 PM 12,033 pos791.tmp
12/20/2007 03:57 PM 9,033 pos792.tmp
12/20/2007 03:57 PM 12,033 pos793.tmp
12/20/2007 03:57 PM 12,033 pos794.tmp
12/20/2007 03:57 PM 5,033 pos795.tmp
12/20/2007 03:57 PM 12,033 pos796.tmp
12/20/2007 03:57 PM 11,033 pos797.tmp
12/20/2007 03:57 PM 9,033 pos798.tmp
12/20/2007 03:57 PM 12,033 pos799.tmp
12/20/2007 03:57 PM 11,033 pos79A.tmp
12/20/2007 03:57 PM 7,033 pos79B.tmp
12/20/2007 03:57 PM 12,033 pos79C.tmp
12/20/2007 03:57 PM 6,033 pos79D.tmp
12/20/2007 03:57 PM 5,033 pos79E.tmp
12/20/2007 03:57 PM 13,033 pos79F.tmp
12/19/2007 08:13 PM 14,033 pos7A.tmp
12/20/2007 03:57 PM 11,033 pos7A0.tmp
12/20/2007 03:57 PM 5,033 pos7A1.tmp
12/20/2007 03:57 PM 9,033 pos7A2.tmp
12/20/2007 03:57 PM 12,033 pos7A3.tmp
12/20/2007 03:57 PM 10,033 pos7A5.tmp
12/20/2007 03:57 PM 12,033 pos7A6.tmp
12/20/2007 03:57 PM 6,033 pos7A7.tmp
12/20/2007 03:57 PM 9,033 pos7A8.tmp
12/20/2007 03:57 PM 7,033 pos7A9.tmp
12/20/2007 03:57 PM 5,033 pos7AA.tmp
12/20/2007 03:57 PM 5,033 pos7AB.tmp
12/20/2007 03:57 PM 10,033 pos7AC.tmp
12/20/2007 03:57 PM 12,033 pos7AD.tmp
12/20/2007 03:57 PM 13,033 pos7AE.tmp
12/20/2007 03:57 PM 8,033 pos7AF.tmp
12/19/2007 08:13 PM 8,033 pos7B.tmp

Wizit
2007-12-28, 02:29
12/20/2007 03:57 PM 11,033 pos7B0.tmp
12/20/2007 03:57 PM 8,033 pos7B1.tmp
12/20/2007 03:57 PM 5,033 pos7B2.tmp
12/20/2007 03:57 PM 5,033 pos7B3.tmp
12/20/2007 03:57 PM 9,033 pos7B4.tmp
12/20/2007 03:57 PM 10,033 pos7B5.tmp
12/20/2007 03:57 PM 9,033 pos7B6.tmp
12/20/2007 03:57 PM 11,033 pos7B7.tmp
12/20/2007 03:57 PM 5,033 pos7B8.tmp
12/20/2007 03:57 PM 9,033 pos7B9.tmp
12/20/2007 03:57 PM 11,033 pos7BA.tmp
12/20/2007 03:57 PM 8,033 pos7BB.tmp
12/20/2007 03:57 PM 5,033 pos7BC.tmp
12/20/2007 03:57 PM 11,033 pos7BD.tmp
12/20/2007 03:57 PM 12,033 pos7BE.tmp
12/20/2007 03:57 PM 9,033 pos7BF.tmp
12/19/2007 08:13 PM 5,033 pos7C.tmp
12/20/2007 03:57 PM 11,033 pos7C0.tmp
12/20/2007 03:57 PM 5,033 pos7C1.tmp
12/20/2007 03:57 PM 8,033 pos7C2.tmp
12/20/2007 03:57 PM 11,033 pos7C3.tmp
12/20/2007 03:57 PM 12,033 pos7C4.tmp
12/20/2007 03:58 PM 5,033 pos7C5.tmp
12/20/2007 03:58 PM 9,033 pos7C6.tmp
12/20/2007 03:58 PM 10,033 pos7C7.tmp
12/20/2007 03:58 PM 13,033 pos7C8.tmp
12/20/2007 03:58 PM 13,033 pos7C9.tmp
12/20/2007 03:58 PM 6,033 pos7CA.tmp
12/20/2007 03:58 PM 12,033 pos7CB.tmp
12/20/2007 03:58 PM 6,033 pos7CC.tmp
12/20/2007 03:58 PM 9,033 pos7CD.tmp
12/20/2007 03:58 PM 11,033 pos7CE.tmp
12/20/2007 03:58 PM 13,033 pos7CF.tmp
12/19/2007 08:13 PM 11,033 pos7D.tmp
12/20/2007 03:58 PM 12,033 pos7D0.tmp
12/20/2007 03:58 PM 10,033 pos7D1.tmp
12/20/2007 03:58 PM 5,033 pos7D2.tmp
12/20/2007 03:58 PM 13,033 pos7D3.tmp
12/20/2007 03:58 PM 7,033 pos7D4.tmp
12/20/2007 03:58 PM 5,033 pos7D5.tmp
12/20/2007 03:58 PM 6,033 pos7D6.tmp
12/20/2007 03:58 PM 7,033 pos7D7.tmp
12/20/2007 03:58 PM 6,033 pos7D8.tmp
12/20/2007 03:58 PM 12,033 pos7D9.tmp
12/20/2007 03:58 PM 6,033 pos7DA.tmp
12/20/2007 03:58 PM 9,033 pos7DB.tmp
12/20/2007 03:58 PM 12,033 pos7DC.tmp
12/20/2007 03:58 PM 10,033 pos7DD.tmp
12/20/2007 03:58 PM 6,033 pos7DE.tmp
12/20/2007 03:58 PM 10,033 pos7DF.tmp
12/19/2007 08:13 PM 9,033 pos7E.tmp
12/20/2007 03:58 PM 5,033 pos7E0.tmp
12/20/2007 03:58 PM 11,033 pos7E1.tmp
12/20/2007 03:58 PM 12,033 pos7E2.tmp
12/20/2007 03:58 PM 13,033 pos7E3.tmp
12/20/2007 03:58 PM 8,033 pos7E4.tmp
12/20/2007 03:58 PM 9,033 pos7E5.tmp
12/20/2007 03:58 PM 5,033 pos7E6.tmp
12/20/2007 03:58 PM 14,033 pos7E7.tmp
12/20/2007 03:58 PM 7,033 pos7E8.tmp
12/20/2007 03:58 PM 7,033 pos7E9.tmp
12/20/2007 03:58 PM 9,033 pos7EA.tmp
12/20/2007 03:58 PM 11,033 pos7EB.tmp
12/20/2007 03:58 PM 5,033 pos7EC.tmp
12/20/2007 03:58 PM 5,033 pos7ED.tmp
12/20/2007 03:58 PM 6,033 pos7EE.tmp
12/20/2007 03:58 PM 9,033 pos7EF.tmp
12/19/2007 08:13 PM 12,033 pos7F.tmp
12/20/2007 03:58 PM 11,033 pos7F0.tmp
12/20/2007 03:58 PM 10,033 pos7F1.tmp
12/20/2007 03:58 PM 14,033 pos7F2.tmp
12/20/2007 03:58 PM 11,033 pos7F3.tmp
12/20/2007 03:58 PM 7,033 pos7F4.tmp
12/20/2007 03:58 PM 7,033 pos7F5.tmp
12/20/2007 03:58 PM 14,033 pos7F6.tmp
12/20/2007 03:58 PM 8,033 pos7F7.tmp
12/20/2007 03:58 PM 6,033 pos7F8.tmp
12/20/2007 03:58 PM 5,033 pos7F9.tmp
12/20/2007 03:58 PM 13,033 pos7FA.tmp
12/20/2007 03:58 PM 12,033 pos7FB.tmp
12/20/2007 03:58 PM 6,033 pos7FC.tmp
12/20/2007 03:58 PM 11,033 pos7FD.tmp
12/20/2007 03:58 PM 10,033 pos7FE.tmp
12/20/2007 03:58 PM 7,033 pos7FF.tmp
12/19/2007 09:01 PM 11,033 pos8.tmp
12/19/2007 08:13 PM 12,033 pos80.tmp
12/20/2007 03:58 PM 5,033 pos800.tmp
12/20/2007 03:58 PM 7,033 pos801.tmp
12/20/2007 03:58 PM 8,033 pos802.tmp
12/20/2007 03:58 PM 7,033 pos803.tmp
12/20/2007 03:58 PM 5,033 pos804.tmp
12/20/2007 03:58 PM 12,033 pos805.tmp
12/20/2007 03:58 PM 7,033 pos806.tmp
12/20/2007 03:58 PM 8,033 pos807.tmp
12/20/2007 03:58 PM 10,033 pos808.tmp
12/20/2007 03:58 PM 5,033 pos809.tmp
12/20/2007 03:58 PM 12,033 pos80A.tmp
12/20/2007 03:58 PM 6,033 pos80B.tmp
12/20/2007 03:58 PM 10,033 pos80C.tmp
12/20/2007 03:58 PM 13,033 pos80D.tmp
12/20/2007 03:58 PM 10,033 pos80E.tmp
12/20/2007 03:58 PM 14,033 pos80F.tmp
12/19/2007 08:13 PM 13,033 pos81.tmp
12/20/2007 03:58 PM 6,033 pos810.tmp
12/21/2007 04:00 PM 13,033 pos812.tmp
12/21/2007 07:38 PM 6,033 pos813.tmp
12/21/2007 04:00 PM 14,033 pos814.tmp
12/21/2007 04:00 PM 7,033 pos815.tmp
12/21/2007 04:00 PM 14,033 pos816.tmp
12/21/2007 04:00 PM 8,033 pos817.tmp
12/21/2007 04:00 PM 4,033 pos818.tmp
12/21/2007 04:00 PM 4,033 pos819.tmp
12/21/2007 04:00 PM 8,033 pos81A.tmp
12/21/2007 04:00 PM 8,033 pos81B.tmp
12/21/2007 04:00 PM 14,033 pos81C.tmp
12/21/2007 04:00 PM 14,033 pos81D.tmp
12/21/2007 04:00 PM 4,033 pos81E.tmp
12/21/2007 04:00 PM 13,033 pos81F.tmp
12/19/2007 08:13 PM 9,033 pos82.tmp
12/21/2007 04:00 PM 12,033 pos820.tmp
12/21/2007 04:00 PM 4,033 pos821.tmp
12/21/2007 04:00 PM 8,033 pos822.tmp
12/21/2007 04:00 PM 4,033 pos823.tmp
12/21/2007 04:00 PM 7,033 pos824.tmp
12/21/2007 04:00 PM 14,033 pos825.tmp
12/21/2007 04:00 PM 11,033 pos826.tmp
12/21/2007 04:00 PM 10,033 pos827.tmp
12/21/2007 04:00 PM 14,033 pos828.tmp
12/21/2007 04:00 PM 10,033 pos829.tmp
12/21/2007 04:00 PM 8,033 pos82A.tmp
12/21/2007 04:00 PM 10,033 pos82B.tmp
12/21/2007 04:00 PM 11,033 pos82C.tmp
12/21/2007 04:00 PM 5,033 pos82D.tmp
12/21/2007 04:00 PM 6,033 pos82E.tmp
12/21/2007 04:00 PM 4,033 pos82F.tmp
12/19/2007 08:13 PM 6,033 pos83.tmp
12/21/2007 04:00 PM 4,033 pos830.tmp
12/21/2007 04:00 PM 9,033 pos831.tmp
12/21/2007 04:00 PM 8,033 pos832.tmp
12/21/2007 04:00 PM 13,033 pos833.tmp
12/21/2007 04:00 PM 9,033 pos834.tmp
12/21/2007 04:00 PM 6,033 pos835.tmp
12/21/2007 04:00 PM 14,033 pos836.tmp
12/21/2007 04:00 PM 7,033 pos837.tmp
12/21/2007 04:00 PM 7,033 pos838.tmp
12/21/2007 04:00 PM 12,033 pos839.tmp
12/21/2007 04:00 PM 9,033 pos83A.tmp
12/21/2007 04:00 PM 9,033 pos83B.tmp
12/21/2007 04:00 PM 13,033 pos83C.tmp
12/21/2007 04:00 PM 5,033 pos83D.tmp
12/21/2007 04:00 PM 14,033 pos83E.tmp
12/21/2007 04:00 PM 8,033 pos83F.tmp
12/19/2007 08:13 PM 13,033 pos84.tmp
12/21/2007 04:00 PM 10,033 pos840.tmp
12/21/2007 04:00 PM 12,033 pos841.tmp
12/21/2007 04:00 PM 13,033 pos842.tmp
12/21/2007 04:00 PM 7,033 pos843.tmp
12/21/2007 04:00 PM 12,033 pos845.tmp
12/21/2007 04:00 PM 5,033 pos846.tmp
12/21/2007 04:00 PM 13,033 pos847.tmp
12/21/2007 04:01 PM 6,033 pos848.tmp
12/21/2007 04:01 PM 9,033 pos849.tmp
12/21/2007 04:01 PM 5,033 pos84A.tmp
12/21/2007 04:01 PM 13,033 pos84B.tmp
12/21/2007 04:01 PM 10,033 pos84C.tmp
12/21/2007 04:01 PM 13,033 pos84D.tmp
12/21/2007 04:01 PM 12,033 pos84E.tmp
12/21/2007 04:01 PM 9,033 pos84F.tmp
12/19/2007 08:13 PM 13,033 pos85.tmp
12/21/2007 04:01 PM 14,033 pos850.tmp
12/21/2007 04:01 PM 12,033 pos851.tmp
12/21/2007 04:01 PM 14,033 pos852.tmp
12/21/2007 04:01 PM 10,033 pos853.tmp
12/21/2007 04:01 PM 7,033 pos854.tmp
12/21/2007 04:01 PM 14,033 pos855.tmp
12/21/2007 04:01 PM 5,033 pos856.tmp
12/21/2007 04:01 PM 8,033 pos857.tmp
12/21/2007 04:01 PM 12,033 pos858.tmp
12/21/2007 04:01 PM 5,033 pos859.tmp
12/21/2007 04:01 PM 5,033 pos85A.tmp
12/21/2007 04:01 PM 7,033 pos85B.tmp
12/21/2007 04:01 PM 13,033 pos85C.tmp
12/21/2007 04:01 PM 13,033 pos85D.tmp
12/21/2007 04:01 PM 9,033 pos85E.tmp
12/21/2007 04:01 PM 7,033 pos85F.tmp
12/19/2007 08:13 PM 9,033 pos86.tmp
12/21/2007 04:01 PM 8,033 pos860.tmp
12/21/2007 04:01 PM 13,033 pos861.tmp
12/21/2007 04:01 PM 7,033 pos862.tmp
12/21/2007 04:01 PM 13,033 pos863.tmp
12/21/2007 04:01 PM 7,033 pos864.tmp
12/21/2007 04:01 PM 11,033 pos865.tmp
12/21/2007 04:01 PM 5,033 pos866.tmp
12/21/2007 04:01 PM 13,033 pos867.tmp
12/21/2007 04:01 PM 8,033 pos868.tmp
12/21/2007 04:01 PM 8,033 pos869.tmp
12/21/2007 04:01 PM 10,033 pos86A.tmp
12/21/2007 04:01 PM 9,033 pos86B.tmp
12/21/2007 04:01 PM 8,033 pos86C.tmp
12/21/2007 04:01 PM 7,033 pos86D.tmp
12/21/2007 04:01 PM 9,033 pos86E.tmp
12/21/2007 04:01 PM 11,033 pos86F.tmp
12/19/2007 08:13 PM 12,033 pos87.tmp
12/21/2007 04:01 PM 6,033 pos870.tmp
12/21/2007 04:01 PM 8,033 pos871.tmp
12/21/2007 04:01 PM 5,033 pos872.tmp
12/21/2007 04:01 PM 8,033 pos873.tmp
12/21/2007 04:01 PM 14,033 pos874.tmp
12/21/2007 04:01 PM 14,033 pos875.tmp
12/21/2007 04:01 PM 6,033 pos876.tmp
12/21/2007 04:01 PM 9,033 pos877.tmp
12/21/2007 04:01 PM 7,033 pos878.tmp
12/21/2007 04:01 PM 12,033 pos879.tmp
12/21/2007 04:01 PM 5,033 pos87A.tmp
12/21/2007 04:01 PM 10,033 pos87B.tmp
12/21/2007 04:01 PM 6,033 pos87C.tmp
12/21/2007 04:01 PM 14,033 pos87D.tmp
12/21/2007 04:01 PM 13,033 pos87E.tmp
12/21/2007 04:01 PM 9,033 pos87F.tmp
12/19/2007 08:13 PM 6,033 pos88.tmp
12/21/2007 04:01 PM 6,033 pos880.tmp
12/21/2007 04:01 PM 13,033 pos881.tmp
12/21/2007 04:01 PM 10,033 pos882.tmp
12/21/2007 04:01 PM 9,033 pos883.tmp
12/21/2007 04:01 PM 11,033 pos884.tmp
12/21/2007 04:01 PM 7,033 pos885.tmp
12/21/2007 04:01 PM 7,033 pos886.tmp
12/21/2007 04:01 PM 8,033 pos887.tmp
12/21/2007 04:01 PM 13,033 pos888.tmp
12/21/2007 04:01 PM 11,033 pos889.tmp
12/21/2007 04:01 PM 10,033 pos88A.tmp
12/21/2007 04:01 PM 5,033 pos88B.tmp
12/21/2007 04:01 PM 6,033 pos88C.tmp
12/21/2007 04:01 PM 13,033 pos88D.tmp
12/21/2007 04:01 PM 14,033 pos88E.tmp
12/21/2007 04:01 PM 5,033 pos88F.tmp
12/19/2007 08:13 PM 6,033 pos89.tmp
12/21/2007 04:01 PM 12,033 pos890.tmp
12/21/2007 04:01 PM 13,033 pos891.tmp
12/21/2007 04:01 PM 12,033 pos892.tmp
12/21/2007 04:01 PM 14,033 pos893.tmp
12/21/2007 04:01 PM 12,033 pos894.tmp
12/21/2007 04:01 PM 14,033 pos895.tmp
12/21/2007 04:01 PM 8,033 pos896.tmp
12/21/2007 04:01 PM 13,033 pos897.tmp
12/21/2007 04:01 PM 12,033 pos898.tmp
12/21/2007 04:01 PM 10,033 pos899.tmp
12/21/2007 04:01 PM 6,033 pos89A.tmp
12/21/2007 04:01 PM 11,033 pos89B.tmp
12/21/2007 04:01 PM 10,033 pos89C.tmp
12/21/2007 04:01 PM 6,033 pos89D.tmp
12/21/2007 04:01 PM 14,033 pos89E.tmp
12/21/2007 04:01 PM 14,033 pos89F.tmp

Wizit
2007-12-28, 02:30
12/19/2007 08:13 PM 14,033 pos8A.tmp
12/21/2007 04:01 PM 10,033 pos8A0.tmp
12/21/2007 04:01 PM 8,033 pos8A1.tmp
12/21/2007 04:01 PM 8,033 pos8A2.tmp
12/21/2007 04:01 PM 9,033 pos8A3.tmp
12/21/2007 04:01 PM 7,033 pos8A4.tmp
12/21/2007 04:01 PM 14,033 pos8A5.tmp
12/21/2007 04:01 PM 6,033 pos8A6.tmp
12/21/2007 04:01 PM 5,033 pos8A7.tmp
12/21/2007 04:01 PM 11,033 pos8A8.tmp
12/21/2007 04:01 PM 11,033 pos8A9.tmp
12/21/2007 04:01 PM 5,033 pos8AA.tmp
12/21/2007 04:01 PM 11,033 pos8AB.tmp
12/21/2007 04:01 PM 14,033 pos8AC.tmp
12/21/2007 04:01 PM 11,033 pos8AD.tmp
12/21/2007 04:01 PM 6,033 pos8AE.tmp
12/21/2007 04:01 PM 5,033 pos8AF.tmp
12/19/2007 08:13 PM 11,033 pos8B.tmp
12/21/2007 04:01 PM 8,033 pos8B0.tmp
12/21/2007 04:01 PM 9,033 pos8B1.tmp
12/21/2007 04:01 PM 10,033 pos8B2.tmp
12/21/2007 04:01 PM 11,033 pos8B3.tmp
12/21/2007 04:01 PM 13,033 pos8B4.tmp
12/21/2007 04:01 PM 10,033 pos8B5.tmp
12/21/2007 04:01 PM 6,033 pos8B6.tmp
12/21/2007 04:01 PM 12,033 pos8B7.tmp
12/21/2007 04:01 PM 9,033 pos8B8.tmp
12/21/2007 04:01 PM 5,033 pos8B9.tmp
12/21/2007 04:01 PM 14,033 pos8BA.tmp
12/21/2007 04:01 PM 6,033 pos8BB.tmp
12/21/2007 04:01 PM 11,033 pos8BC.tmp
12/21/2007 04:01 PM 5,033 pos8BD.tmp
12/21/2007 04:01 PM 11,033 pos8BE.tmp
12/21/2007 04:01 PM 10,033 pos8BF.tmp
12/19/2007 08:13 PM 5,033 pos8C.tmp
12/21/2007 04:01 PM 4,033 pos8C0.tmp
12/21/2007 04:01 PM 8,033 pos8C1.tmp
12/21/2007 04:01 PM 8,033 pos8C2.tmp
12/21/2007 04:01 PM 8,033 pos8C3.tmp
12/21/2007 04:01 PM 4,033 pos8C4.tmp
12/21/2007 04:01 PM 8,033 pos8C5.tmp
12/21/2007 04:01 PM 8,033 pos8C6.tmp
12/21/2007 04:01 PM 5,033 pos8C7.tmp
12/21/2007 04:01 PM 7,033 pos8C8.tmp
12/21/2007 04:01 PM 14,033 pos8C9.tmp
12/21/2007 04:01 PM 6,033 pos8CA.tmp
12/21/2007 04:01 PM 11,033 pos8CB.tmp
12/21/2007 04:01 PM 13,033 pos8CC.tmp
12/21/2007 04:01 PM 6,033 pos8CD.tmp
12/21/2007 04:01 PM 8,033 pos8CE.tmp
12/21/2007 04:01 PM 8,033 pos8CF.tmp
12/19/2007 08:13 PM 9,033 pos8D.tmp
12/21/2007 04:01 PM 6,033 pos8D0.tmp
12/21/2007 04:01 PM 9,033 pos8D1.tmp
12/21/2007 04:01 PM 6,033 pos8D2.tmp
12/21/2007 04:01 PM 14,033 pos8D3.tmp
12/21/2007 04:01 PM 10,033 pos8D4.tmp
12/21/2007 04:01 PM 7,033 pos8D5.tmp
12/21/2007 04:01 PM 14,033 pos8D6.tmp
12/21/2007 04:01 PM 7,033 pos8D7.tmp
12/21/2007 04:01 PM 12,033 pos8D8.tmp
12/21/2007 04:01 PM 9,033 pos8D9.tmp
12/21/2007 04:01 PM 14,033 pos8DA.tmp
12/21/2007 04:01 PM 14,033 pos8DB.tmp
12/21/2007 04:01 PM 10,033 pos8DC.tmp
12/21/2007 04:01 PM 10,033 pos8DD.tmp
12/21/2007 04:01 PM 6,033 pos8DE.tmp
12/21/2007 04:01 PM 14,033 pos8DF.tmp
12/19/2007 08:13 PM 11,033 pos8E.tmp
12/21/2007 04:01 PM 11,033 pos8E0.tmp
12/21/2007 04:01 PM 6,033 pos8E1.tmp
12/21/2007 04:01 PM 8,033 pos8E2.tmp
12/21/2007 04:01 PM 7,033 pos8E3.tmp
12/21/2007 04:01 PM 6,033 pos8E4.tmp
12/21/2007 04:01 PM 12,033 pos8E5.tmp
12/21/2007 04:01 PM 9,033 pos8E6.tmp
12/21/2007 04:01 PM 14,033 pos8E7.tmp
12/21/2007 04:01 PM 13,033 pos8E8.tmp
12/21/2007 04:01 PM 8,033 pos8E9.tmp
12/21/2007 04:01 PM 7,033 pos8EA.tmp
12/21/2007 04:01 PM 6,033 pos8EB.tmp
12/21/2007 04:01 PM 13,033 pos8EC.tmp
12/21/2007 04:01 PM 6,033 pos8ED.tmp
12/21/2007 04:01 PM 9,033 pos8EE.tmp
12/21/2007 04:01 PM 13,033 pos8EF.tmp
12/19/2007 08:13 PM 7,033 pos8F.tmp
12/21/2007 04:01 PM 7,033 pos8F0.tmp
12/21/2007 04:01 PM 13,033 pos8F1.tmp
12/21/2007 04:01 PM 7,033 pos8F2.tmp
12/21/2007 04:01 PM 13,033 pos8F3.tmp
12/21/2007 04:01 PM 11,033 pos8F4.tmp
12/21/2007 04:01 PM 13,033 pos8F5.tmp
12/21/2007 04:01 PM 11,033 pos8F6.tmp
12/21/2007 04:01 PM 9,033 pos8F7.tmp
12/21/2007 04:01 PM 7,033 pos8F8.tmp
12/21/2007 04:01 PM 7,033 pos8F9.tmp
12/21/2007 04:01 PM 13,033 pos8FA.tmp
12/21/2007 04:01 PM 12,033 pos8FB.tmp
12/21/2007 04:01 PM 5,033 pos8FC.tmp
12/21/2007 04:01 PM 6,033 pos8FD.tmp
12/21/2007 04:01 PM 8,033 pos8FE.tmp
12/21/2007 04:01 PM 5,033 pos8FF.tmp
12/19/2007 09:01 PM 9,033 pos9.tmp
12/19/2007 08:13 PM 7,033 pos90.tmp
12/21/2007 04:01 PM 13,033 pos900.tmp
12/21/2007 04:01 PM 12,033 pos901.tmp
12/21/2007 04:01 PM 9,033 pos902.tmp
12/21/2007 04:01 PM 10,033 pos903.tmp
12/21/2007 04:01 PM 14,033 pos904.tmp
12/21/2007 04:01 PM 5,033 pos905.tmp
12/21/2007 04:01 PM 7,033 pos906.tmp
12/21/2007 04:01 PM 7,033 pos907.tmp
12/21/2007 04:01 PM 8,033 pos908.tmp
12/21/2007 04:01 PM 13,033 pos909.tmp
12/21/2007 04:01 PM 5,033 pos90A.tmp
12/21/2007 04:01 PM 13,033 pos90B.tmp
12/21/2007 04:01 PM 12,033 pos90C.tmp
12/21/2007 04:01 PM 11,033 pos90D.tmp
12/21/2007 04:01 PM 13,033 pos90E.tmp
12/21/2007 04:01 PM 10,033 pos90F.tmp
12/19/2007 08:13 PM 7,033 pos91.tmp
12/21/2007 04:01 PM 13,033 pos910.tmp
12/21/2007 04:01 PM 8,033 pos911.tmp
12/21/2007 04:01 PM 6,033 pos912.tmp
12/21/2007 04:01 PM 14,033 pos913.tmp
12/21/2007 04:01 PM 12,033 pos914.tmp
12/21/2007 04:01 PM 11,033 pos915.tmp
12/21/2007 04:01 PM 7,033 pos916.tmp
12/21/2007 04:01 PM 14,033 pos917.tmp
12/21/2007 04:01 PM 8,033 pos918.tmp
12/21/2007 04:01 PM 11,033 pos919.tmp
12/21/2007 04:01 PM 11,033 pos91A.tmp
12/21/2007 04:01 PM 6,033 pos91B.tmp
12/21/2007 04:01 PM 14,033 pos91C.tmp
12/21/2007 04:01 PM 5,033 pos91D.tmp
12/21/2007 04:01 PM 8,033 pos91E.tmp
12/21/2007 04:01 PM 12,033 pos91F.tmp
12/19/2007 08:13 PM 12,033 pos92.tmp
12/21/2007 04:01 PM 14,033 pos920.tmp
12/21/2007 04:01 PM 5,033 pos921.tmp
12/21/2007 04:01 PM 9,033 pos922.tmp
12/21/2007 04:01 PM 10,033 pos923.tmp
12/21/2007 04:01 PM 7,033 pos924.tmp
12/21/2007 04:01 PM 5,033 pos925.tmp
12/21/2007 04:01 PM 8,033 pos926.tmp
12/21/2007 04:01 PM 13,033 pos927.tmp
12/21/2007 04:01 PM 6,033 pos928.tmp
12/21/2007 04:01 PM 13,033 pos929.tmp
12/21/2007 04:01 PM 12,033 pos92A.tmp
12/21/2007 04:01 PM 5,033 pos92B.tmp
12/21/2007 04:01 PM 14,033 pos92C.tmp
12/21/2007 04:01 PM 6,033 pos92D.tmp
12/21/2007 04:01 PM 12,033 pos92E.tmp
12/21/2007 04:01 PM 8,033 pos92F.tmp
12/19/2007 08:13 PM 8,033 pos93.tmp
12/21/2007 04:01 PM 5,033 pos930.tmp
12/21/2007 04:01 PM 8,033 pos931.tmp
12/21/2007 04:01 PM 11,033 pos932.tmp
12/21/2007 04:01 PM 10,033 pos933.tmp
12/21/2007 04:01 PM 11,033 pos934.tmp
12/21/2007 04:01 PM 13,033 pos935.tmp
12/21/2007 04:01 PM 5,033 pos936.tmp
12/21/2007 04:01 PM 7,033 pos937.tmp
12/21/2007 04:01 PM 9,033 pos938.tmp
12/21/2007 04:01 PM 12,033 pos939.tmp
12/21/2007 04:01 PM 12,033 pos93A.tmp
12/21/2007 04:01 PM 5,033 pos93B.tmp
12/21/2007 04:01 PM 13,033 pos93C.tmp
12/21/2007 04:01 PM 5,033 pos93D.tmp
12/21/2007 04:01 PM 13,033 pos93E.tmp
12/21/2007 04:01 PM 13,033 pos93F.tmp
12/19/2007 08:13 PM 6,033 pos94.tmp
12/21/2007 04:01 PM 12,033 pos940.tmp
12/21/2007 04:01 PM 9,033 pos941.tmp
12/21/2007 04:01 PM 5,033 pos942.tmp
12/21/2007 04:01 PM 12,033 pos943.tmp
12/21/2007 04:01 PM 9,033 pos944.tmp
12/21/2007 04:01 PM 14,033 pos945.tmp
12/21/2007 04:01 PM 9,033 pos946.tmp
12/21/2007 04:01 PM 10,033 pos947.tmp
12/21/2007 04:01 PM 8,033 pos948.tmp
12/21/2007 04:01 PM 9,033 pos949.tmp
12/21/2007 04:01 PM 13,033 pos94A.tmp
12/21/2007 04:01 PM 5,033 pos94C.tmp
12/21/2007 04:01 PM 12,033 pos94D.tmp
12/21/2007 04:01 PM 9,033 pos94E.tmp
12/21/2007 04:01 PM 11,033 pos94F.tmp
12/19/2007 08:13 PM 6,033 pos95.tmp
12/21/2007 04:01 PM 6,033 pos950.tmp
12/21/2007 04:01 PM 5,033 pos951.tmp
12/21/2007 04:01 PM 9,033 pos952.tmp
12/21/2007 04:01 PM 12,033 pos953.tmp
12/21/2007 04:01 PM 6,033 pos954.tmp
12/21/2007 04:01 PM 5,033 pos955.tmp
12/21/2007 04:01 PM 11,033 pos956.tmp
12/21/2007 04:01 PM 5,033 pos957.tmp
12/21/2007 04:01 PM 5,033 pos958.tmp
12/21/2007 04:01 PM 10,033 pos959.tmp
12/21/2007 04:01 PM 11,033 pos95A.tmp
12/21/2007 04:01 PM 13,033 pos95B.tmp
12/21/2007 04:01 PM 6,033 pos95C.tmp
12/21/2007 04:01 PM 12,033 pos95D.tmp
12/21/2007 04:01 PM 10,033 pos95E.tmp
12/21/2007 04:01 PM 6,033 pos95F.tmp
12/19/2007 08:13 PM 10,033 pos96.tmp
12/21/2007 04:01 PM 9,033 pos960.tmp
12/21/2007 04:01 PM 5,033 pos961.tmp
12/21/2007 04:01 PM 10,033 pos962.tmp
12/21/2007 04:02 PM 12,033 pos963.tmp
12/21/2007 04:02 PM 10,033 pos964.tmp
12/21/2007 04:02 PM 11,033 pos965.tmp
12/21/2007 04:02 PM 10,033 pos966.tmp
12/21/2007 04:02 PM 5,033 pos967.tmp
12/21/2007 04:02 PM 14,033 pos968.tmp
12/21/2007 04:02 PM 10,033 pos969.tmp
12/21/2007 04:02 PM 9,033 pos96A.tmp
12/21/2007 04:02 PM 13,033 pos96B.tmp
12/21/2007 04:02 PM 5,033 pos96C.tmp
12/21/2007 04:02 PM 7,033 pos96D.tmp
12/21/2007 04:02 PM 8,033 pos96E.tmp
12/21/2007 04:02 PM 14,033 pos96F.tmp
12/19/2007 08:13 PM 6,033 pos97.tmp
12/21/2007 04:02 PM 7,033 pos970.tmp
12/21/2007 04:02 PM 12,033 pos971.tmp
12/21/2007 04:02 PM 6,033 pos972.tmp
12/21/2007 04:02 PM 8,033 pos973.tmp
12/21/2007 04:02 PM 13,033 pos974.tmp
12/21/2007 04:02 PM 14,033 pos975.tmp
12/21/2007 04:02 PM 6,033 pos976.tmp
12/21/2007 04:02 PM 14,033 pos977.tmp
12/21/2007 04:02 PM 10,033 pos978.tmp
12/21/2007 04:02 PM 5,033 pos979.tmp
12/21/2007 04:02 PM 6,033 pos97A.tmp
12/21/2007 04:02 PM 5,033 pos97B.tmp
12/21/2007 04:02 PM 14,033 pos97C.tmp
12/21/2007 04:02 PM 8,033 pos97D.tmp
12/21/2007 04:02 PM 5,033 pos97E.tmp
12/21/2007 04:02 PM 9,033 pos97F.tmp
12/19/2007 08:13 PM 11,033 pos98.tmp
12/21/2007 04:02 PM 11,033 pos980.tmp
12/21/2007 04:02 PM 5,033 pos981.tmp
12/21/2007 04:02 PM 10,033 pos982.tmp
12/21/2007 04:02 PM 12,033 pos983.tmp
12/21/2007 04:02 PM 6,033 pos984.tmp
12/21/2007 04:02 PM 6,033 pos985.tmp
12/21/2007 04:02 PM 8,033 pos986.tmp
12/21/2007 04:02 PM 11,033 pos987.tmp
12/21/2007 04:02 PM 11,033 pos988.tmp
12/21/2007 04:02 PM 9,033 pos989.tmp
12/21/2007 04:02 PM 13,033 pos98A.tmp
12/21/2007 04:02 PM 9,033 pos98B.tmp
12/21/2007 04:02 PM 14,033 pos98C.tmp
12/21/2007 04:02 PM 13,033 pos98D.tmp
12/21/2007 04:02 PM 8,033 pos98E.tmp
12/21/2007 04:02 PM 6,033 pos98F.tmp
12/19/2007 08:13 PM 7,033 pos99.tmp
12/21/2007 04:02 PM 11,033 pos990.tmp
12/21/2007 04:02 PM 9,033 pos991.tmp
12/21/2007 04:02 PM 12,033 pos992.tmp
12/21/2007 04:02 PM 5,033 pos993.tmp
12/21/2007 04:02 PM 10,033 pos994.tmp
12/21/2007 04:02 PM 10,033 pos995.tmp
12/21/2007 04:02 PM 13,033 pos996.tmp
12/21/2007 04:02 PM 14,033 pos997.tmp
12/21/2007 04:02 PM 5,033 pos998.tmp
12/21/2007 04:02 PM 12,033 pos999.tmp
12/21/2007 04:02 PM 14,033 pos99A.tmp
12/21/2007 04:02 PM 8,033 pos99B.tmp
12/21/2007 04:02 PM 6,033 pos99C.tmp
12/21/2007 04:02 PM 12,033 pos99D.tmp
12/21/2007 04:02 PM 5,033 pos99E.tmp
12/21/2007 04:02 PM 14,033 pos99F.tmp
12/19/2007 08:13 PM 11,033 pos9A.tmp
12/21/2007 04:02 PM 10,033 pos9A0.tmp
12/21/2007 04:02 PM 9,033 pos9A1.tmp
12/21/2007 04:02 PM 6,033 pos9A2.tmp
12/21/2007 04:02 PM 5,033 pos9A3.tmp
12/21/2007 04:02 PM 6,033 pos9A4.tmp
12/21/2007 04:02 PM 7,033 pos9A5.tmp
12/21/2007 04:02 PM 10,033 pos9A6.tmp
12/21/2007 04:02 PM 12,033 pos9A7.tmp
12/21/2007 04:02 PM 5,033 pos9A8.tmp
12/21/2007 04:02 PM 10,033 pos9A9.tmp
12/21/2007 04:02 PM 12,033 pos9AA.tmp
12/21/2007 04:02 PM 10,033 pos9AB.tmp
12/21/2007 04:02 PM 5,033 pos9AC.tmp
12/21/2007 04:02 PM 6,033 pos9AD.tmp
12/21/2007 04:02 PM 10,033 pos9AE.tmp
12/21/2007 04:02 PM 7,033 pos9AF.tmp
12/19/2007 08:13 PM 8,033 pos9B.tmp
12/21/2007 04:02 PM 6,033 pos9B0.tmp
12/21/2007 04:02 PM 5,033 pos9B1.tmp
12/21/2007 04:02 PM 6,033 pos9B2.tmp
12/21/2007 04:02 PM 8,033 pos9B3.tmp
12/21/2007 04:02 PM 8,033 pos9B4.tmp
12/21/2007 04:02 PM 9,033 pos9B5.tmp
12/21/2007 04:02 PM 10,033 pos9B6.tmp
12/21/2007 04:02 PM 14,033 pos9B7.tmp
12/21/2007 04:02 PM 9,033 pos9B8.tmp
12/21/2007 04:02 PM 9,033 pos9B9.tmp
12/21/2007 04:02 PM 12,033 pos9BA.tmp
12/21/2007 04:02 PM 14,033 pos9BB.tmp
12/21/2007 04:02 PM 6,033 pos9BC.tmp
12/21/2007 04:02 PM 13,033 pos9BD.tmp
12/21/2007 04:02 PM 12,033 pos9BE.tmp
12/21/2007 04:02 PM 5,033 pos9BF.tmp
12/19/2007 08:13 PM 10,033 pos9C.tmp
12/21/2007 04:02 PM 13,033 pos9C0.tmp
12/21/2007 04:02 PM 14,033 pos9C1.tmp
12/21/2007 04:02 PM 12,033 pos9C2.tmp
12/21/2007 04:02 PM 7,033 pos9C3.tmp
12/21/2007 04:02 PM 7,033 pos9C5.tmp
12/21/2007 07:38 PM 7,033 pos9C6.tmp
12/21/2007 07:38 PM 6,033 pos9C7.tmp
12/21/2007 09:06 PM 7,033 pos9C8.tmp
12/21/2007 07:38 PM 9,033 pos9C9.tmp
12/21/2007 07:38 PM 9,033 pos9CA.tmp
12/21/2007 07:38 PM 10,033 pos9CB.tmp
12/21/2007 07:38 PM 6,033 pos9CC.tmp
12/21/2007 07:38 PM 10,033 pos9CD.tmp
12/21/2007 07:38 PM 10,033 pos9CE.tmp
12/21/2007 07:38 PM 8,033 pos9CF.tmp
12/19/2007 08:13 PM 7,033 pos9D.tmp
12/21/2007 07:38 PM 10,033 pos9D0.tmp
12/21/2007 07:38 PM 6,033 pos9D1.tmp
12/21/2007 07:38 PM 12,033 pos9D2.tmp
12/21/2007 07:38 PM 10,033 pos9D3.tmp
12/21/2007 07:38 PM 12,033 pos9D4.tmp
12/21/2007 07:38 PM 10,033 pos9D5.tmp
12/21/2007 07:38 PM 14,033 pos9D6.tmp
12/21/2007 07:38 PM 13,033 pos9D7.tmp
12/21/2007 07:38 PM 5,033 pos9D8.tmp
12/21/2007 07:38 PM 13,033 pos9D9.tmp
12/21/2007 09:06 PM 9,033 pos9DA.tmp
12/21/2007 07:38 PM 12,033 pos9DB.tmp
12/21/2007 09:06 PM 6,033 pos9DC.tmp
12/21/2007 07:38 PM 7,033 pos9DD.tmp
12/21/2007 07:38 PM 8,033 pos9DE.tmp
12/21/2007 07:38 PM 12,033 pos9DF.tmp
12/19/2007 08:13 PM 8,033 pos9E.tmp
12/21/2007 07:38 PM 11,033 pos9E0.tmp
12/21/2007 07:38 PM 5,033 pos9E1.tmp
12/21/2007 07:38 PM 10,033 pos9E2.tmp
12/21/2007 07:38 PM 6,033 pos9E3.tmp
12/21/2007 07:38 PM 9,033 pos9E4.tmp
12/21/2007 07:38 PM 8,033 pos9E5.tmp
12/21/2007 07:38 PM 14,033 pos9E6.tmp
12/21/2007 07:38 PM 9,033 pos9E7.tmp
12/21/2007 07:38 PM 10,033 pos9E8.tmp
12/21/2007 07:38 PM 5,033 pos9E9.tmp
12/21/2007 07:38 PM 14,033 pos9EA.tmp
12/21/2007 07:38 PM 10,033 pos9EB.tmp
12/21/2007 07:38 PM 12,033 pos9EC.tmp

Wizit
2007-12-28, 02:30
12/21/2007 07:38 PM 8,033 pos9ED.tmp
12/21/2007 07:38 PM 13,033 pos9EE.tmp
12/21/2007 07:38 PM 9,033 pos9EF.tmp
12/19/2007 08:13 PM 12,033 pos9F.tmp
12/21/2007 07:38 PM 5,033 pos9F0.tmp
12/21/2007 07:38 PM 6,033 pos9F1.tmp
12/21/2007 07:38 PM 11,033 pos9F2.tmp
12/21/2007 07:38 PM 5,033 pos9F3.tmp
12/21/2007 07:38 PM 7,033 pos9F4.tmp
12/21/2007 07:38 PM 5,033 pos9F5.tmp
12/21/2007 07:38 PM 11,033 pos9F6.tmp
12/21/2007 07:38 PM 12,033 pos9F7.tmp
12/21/2007 07:38 PM 12,033 pos9F8.tmp
12/21/2007 07:38 PM 13,033 pos9F9.tmp
12/21/2007 07:38 PM 9,033 pos9FA.tmp
12/21/2007 07:38 PM 5,033 pos9FB.tmp
12/21/2007 07:38 PM 11,033 pos9FC.tmp
12/21/2007 07:38 PM 11,033 pos9FD.tmp
12/21/2007 07:38 PM 5,033 pos9FE.tmp
12/21/2007 07:38 PM 5,033 pos9FF.tmp
12/19/2007 08:13 PM 5,033 posA0.tmp
12/21/2007 07:38 PM 13,033 posA00.tmp
12/21/2007 07:38 PM 8,033 posA01.tmp
12/21/2007 07:38 PM 8,033 posA02.tmp
12/21/2007 07:38 PM 10,033 posA03.tmp
12/21/2007 07:38 PM 7,033 posA04.tmp
12/21/2007 07:38 PM 13,033 posA05.tmp
12/21/2007 07:38 PM 7,033 posA06.tmp
12/21/2007 07:38 PM 6,033 posA07.tmp
12/21/2007 07:38 PM 9,033 posA08.tmp
12/21/2007 07:38 PM 13,033 posA09.tmp
12/21/2007 07:38 PM 14,033 posA0A.tmp
12/21/2007 07:38 PM 10,033 posA0B.tmp
12/21/2007 07:38 PM 14,033 posA0C.tmp
12/21/2007 07:38 PM 12,033 posA0D.tmp
12/21/2007 07:38 PM 10,033 posA0E.tmp
12/21/2007 07:38 PM 13,033 posA0F.tmp
12/19/2007 08:13 PM 6,033 posA1.tmp
12/21/2007 07:38 PM 7,033 posA10.tmp
12/21/2007 07:38 PM 5,033 posA11.tmp
12/21/2007 07:38 PM 6,033 posA12.tmp
12/21/2007 07:38 PM 6,033 posA13.tmp
12/21/2007 07:38 PM 12,033 posA14.tmp
12/21/2007 07:38 PM 10,033 posA15.tmp
12/21/2007 07:38 PM 10,033 posA16.tmp
12/21/2007 07:38 PM 12,033 posA17.tmp
12/21/2007 07:38 PM 11,033 posA18.tmp
12/21/2007 07:38 PM 10,033 posA19.tmp
12/21/2007 07:38 PM 8,033 posA1A.tmp
12/21/2007 07:38 PM 5,033 posA1B.tmp
12/21/2007 07:38 PM 14,033 posA1C.tmp
12/21/2007 07:38 PM 11,033 posA1D.tmp
12/21/2007 07:38 PM 9,033 posA1E.tmp
12/21/2007 07:38 PM 10,033 posA1F.tmp
12/19/2007 08:13 PM 8,033 posA2.tmp
12/21/2007 07:38 PM 11,033 posA20.tmp
12/21/2007 07:38 PM 7,033 posA21.tmp
12/21/2007 07:38 PM 6,033 posA22.tmp
12/21/2007 07:38 PM 6,033 posA23.tmp
12/21/2007 07:38 PM 6,033 posA2A.tmp
12/21/2007 07:38 PM 12,033 posA2B.tmp
12/21/2007 07:38 PM 7,033 posA2C.tmp
12/21/2007 07:38 PM 10,033 posA2D.tmp
12/21/2007 07:38 PM 8,033 posA2E.tmp
12/21/2007 07:38 PM 6,033 posA2F.tmp
12/19/2007 08:13 PM 14,033 posA3.tmp
12/21/2007 07:38 PM 12,033 posA3A.tmp
12/21/2007 07:38 PM 7,033 posA3B.tmp
12/21/2007 07:38 PM 14,033 posA3C.tmp
12/21/2007 07:38 PM 10,033 posA3D.tmp
12/21/2007 07:38 PM 6,033 posA3E.tmp
12/21/2007 07:38 PM 9,033 posA3F.tmp
12/19/2007 08:13 PM 6,033 posA4.tmp
12/21/2007 07:38 PM 14,033 posA4A.tmp
12/21/2007 07:38 PM 11,033 posA4B.tmp
12/21/2007 07:38 PM 12,033 posA4C.tmp
12/21/2007 07:38 PM 8,033 posA4D.tmp
12/21/2007 07:38 PM 8,033 posA4E.tmp
12/21/2007 07:38 PM 14,033 posA4F.tmp
12/19/2007 08:13 PM 11,033 posA5.tmp
12/21/2007 07:38 PM 13,033 posA5A.tmp
12/21/2007 07:38 PM 12,033 posA5B.tmp
12/21/2007 07:38 PM 8,033 posA5C.tmp
12/21/2007 07:38 PM 10,033 posA5D.tmp
12/21/2007 07:38 PM 9,033 posA5E.tmp
12/21/2007 07:38 PM 13,033 posA5F.tmp
12/19/2007 08:13 PM 10,033 posA6.tmp
12/21/2007 07:38 PM 5,033 posA6A.tmp
12/21/2007 07:38 PM 14,033 posA6B.tmp
12/21/2007 07:38 PM 6,033 posA6C.tmp
12/21/2007 07:38 PM 11,033 posA6D.tmp
12/21/2007 07:38 PM 6,033 posA6E.tmp
12/21/2007 07:38 PM 13,033 posA6F.tmp
12/19/2007 08:13 PM 12,033 posA7.tmp
12/21/2007 07:38 PM 12,033 posA7A.tmp
12/21/2007 07:38 PM 10,033 posA7B.tmp
12/21/2007 07:38 PM 12,033 posA7C.tmp
12/21/2007 07:38 PM 8,033 posA7D.tmp
12/21/2007 07:38 PM 6,033 posA7E.tmp
12/21/2007 07:38 PM 8,033 posA7F.tmp
12/19/2007 08:13 PM 10,033 posA8.tmp
12/21/2007 07:38 PM 11,033 posA8A.tmp
12/21/2007 09:06 PM 5,033 posA8B.tmp
12/21/2007 07:38 PM 6,033 posA8C.tmp
12/21/2007 07:38 PM 12,033 posA8D.tmp
12/21/2007 07:38 PM 11,033 posA8E.tmp
12/21/2007 07:38 PM 12,033 posA8F.tmp
12/19/2007 08:13 PM 9,033 posA9.tmp
12/21/2007 07:38 PM 5,033 posA9A.tmp
12/21/2007 07:38 PM 9,033 posA9B.tmp
12/21/2007 07:38 PM 6,033 posA9C.tmp
12/21/2007 07:38 PM 14,033 posA9D.tmp
12/21/2007 07:38 PM 7,033 posA9E.tmp
12/21/2007 07:38 PM 10,033 posA9F.tmp
2541 File(s) 24,090,853 bytes
0 Dir(s) 7,454,736,384 bytes free
Volume in drive C has no label.
Volume Serial Number is 48F2-F4C7

Directory of C:\

12/19/2007 09:01 PM 9,033 pos1.tmp
12/19/2007 09:01 PM 10,033 pos10.tmp
12/19/2007 09:01 PM 11,033 pos11.tmp
12/19/2007 09:01 PM 8,033 pos12.tmp
12/19/2007 09:01 PM 13,033 pos13.tmp
12/19/2007 09:01 PM 7,033 pos14.tmp
12/19/2007 09:01 PM 10,033 pos15.tmp
12/19/2007 09:01 PM 8,033 pos16.tmp
12/19/2007 09:01 PM 13,033 pos17.tmp
12/19/2007 09:01 PM 8,033 pos18.tmp
12/19/2007 09:01 PM 11,033 pos19.tmp
12/19/2007 09:01 PM 10,033 pos1A.tmp
12/19/2007 09:01 PM 13,033 pos1B.tmp
12/19/2007 09:01 PM 11,033 pos1C.tmp
12/19/2007 09:01 PM 7,033 pos1D.tmp
12/19/2007 09:01 PM 12,033 pos1E.tmp
12/19/2007 09:01 PM 5,033 pos1F.tmp
12/19/2007 09:01 PM 11,033 pos2.tmp
12/19/2007 09:01 PM 9,033 pos20.tmp
12/19/2007 09:01 PM 5,033 pos21.tmp
12/19/2007 09:01 PM 8,033 pos22.tmp
12/19/2007 09:01 PM 5,033 pos23.tmp
12/19/2007 09:01 PM 11,033 pos24.tmp
12/19/2007 09:01 PM 10,033 pos25.tmp
12/19/2007 09:01 PM 12,033 pos26.tmp
12/19/2007 09:01 PM 8,033 pos27.tmp
12/19/2007 09:01 PM 14,033 pos28.tmp
12/19/2007 09:01 PM 8,033 pos29.tmp
12/19/2007 08:12 PM 5,033 pos2A.tmp
12/19/2007 08:12 PM 13,033 pos2B.tmp
12/19/2007 09:01 PM 12,033 pos2C.tmp
12/19/2007 08:12 PM 9,033 pos2D.tmp
12/19/2007 08:12 PM 6,033 pos2E.tmp
12/19/2007 08:12 PM 12,033 pos2F.tmp
12/19/2007 09:01 PM 7,033 pos3.tmp
12/19/2007 08:12 PM 6,033 pos30.tmp
12/19/2007 08:12 PM 6,033 pos31.tmp
12/19/2007 08:12 PM 8,033 pos32.tmp
12/19/2007 08:12 PM 13,033 pos33.tmp
12/19/2007 08:12 PM 6,033 pos34.tmp
12/19/2007 08:12 PM 13,033 pos35.tmp
12/19/2007 08:12 PM 6,033 pos36.tmp
12/19/2007 08:12 PM 13,033 pos37.tmp
12/19/2007 08:12 PM 14,033 pos38.tmp
12/19/2007 08:13 PM 9,033 pos39.tmp
12/19/2007 08:13 PM 5,033 pos3A.tmp
12/19/2007 08:13 PM 14,033 pos3B.tmp
12/19/2007 08:13 PM 12,033 pos3C.tmp
12/19/2007 08:13 PM 10,033 pos3D.tmp
12/19/2007 08:13 PM 7,033 pos3E.tmp
12/19/2007 08:13 PM 11,033 pos3F.tmp
12/19/2007 09:01 PM 7,033 pos4.tmp
12/19/2007 08:13 PM 13,033 pos40.tmp
12/19/2007 08:13 PM 7,033 pos41.tmp
12/19/2007 08:13 PM 12,033 pos42.tmp
12/19/2007 08:13 PM 11,033 pos44.tmp
12/19/2007 08:13 PM 8,033 pos45.tmp
12/19/2007 08:13 PM 6,033 pos46.tmp
12/19/2007 08:13 PM 10,033 pos47.tmp
12/19/2007 08:13 PM 12,033 pos48.tmp
12/19/2007 08:13 PM 12,033 pos49.tmp
12/19/2007 08:13 PM 11,033 pos4A.tmp
12/19/2007 08:13 PM 12,033 pos4B.tmp
12/19/2007 08:13 PM 5,033 pos4C.tmp
12/19/2007 08:13 PM 14,033 pos4D.tmp
12/19/2007 08:13 PM 12,033 pos4E.tmp
12/19/2007 08:13 PM 14,033 pos4F.tmp
12/19/2007 09:01 PM 9,033 pos5.tmp
12/19/2007 08:13 PM 9,033 pos50.tmp
12/19/2007 08:13 PM 11,033 pos51.tmp
12/19/2007 08:13 PM 14,033 pos52.tmp
12/19/2007 08:13 PM 7,033 pos53.tmp
12/19/2007 08:13 PM 5,033 pos54.tmp
12/19/2007 08:13 PM 9,033 pos55.tmp
12/19/2007 08:13 PM 7,033 pos56.tmp
12/19/2007 08:13 PM 12,033 pos57.tmp
12/19/2007 08:13 PM 9,033 pos58.tmp
12/19/2007 08:13 PM 6,033 pos59.tmp
12/19/2007 09:01 PM 7,033 pos5A.tmp
12/19/2007 08:13 PM 7,033 pos5B.tmp
12/19/2007 08:13 PM 10,033 pos5C.tmp
12/19/2007 08:13 PM 6,033 pos5D.tmp
12/19/2007 08:13 PM 12,033 pos5E.tmp
12/19/2007 08:13 PM 7,033 pos5F.tmp
12/19/2007 09:01 PM 12,033 pos6.tmp
12/19/2007 08:13 PM 11,033 pos60.tmp
12/19/2007 08:13 PM 7,033 pos61.tmp
12/19/2007 08:13 PM 10,033 pos62.tmp
12/19/2007 08:13 PM 9,033 pos63.tmp
12/19/2007 08:13 PM 8,033 pos64.tmp
12/19/2007 08:13 PM 9,033 pos65.tmp
12/19/2007 08:13 PM 7,033 pos66.tmp
12/19/2007 08:13 PM 7,033 pos67.tmp
12/19/2007 08:13 PM 9,033 pos68.tmp
12/19/2007 08:13 PM 7,033 pos69.tmp
12/19/2007 08:13 PM 6,033 pos6A.tmp
12/19/2007 08:13 PM 11,033 pos6B.tmp
12/19/2007 08:13 PM 9,033 pos6C.tmp
12/19/2007 08:13 PM 5,033 pos6D.tmp
12/19/2007 08:13 PM 8,033 pos6E.tmp
12/19/2007 08:13 PM 13,033 pos6F.tmp
12/19/2007 09:01 PM 8,033 pos7.tmp
12/19/2007 08:13 PM 6,033 pos70.tmp
12/19/2007 08:13 PM 8,033 pos71.tmp
12/19/2007 08:13 PM 9,033 pos72.tmp
12/19/2007 08:13 PM 13,033 pos73.tmp
12/19/2007 08:13 PM 8,033 pos74.tmp
12/19/2007 08:13 PM 7,033 pos75.tmp
12/19/2007 08:13 PM 14,033 pos76.tmp
12/19/2007 08:13 PM 5,033 pos77.tmp
12/19/2007 08:13 PM 8,033 pos78.tmp
12/19/2007 08:13 PM 7,033 pos79.tmp
12/19/2007 08:13 PM 14,033 pos7A.tmp
12/19/2007 08:13 PM 8,033 pos7B.tmp
12/19/2007 08:13 PM 5,033 pos7C.tmp
12/19/2007 08:13 PM 11,033 pos7D.tmp
12/19/2007 08:13 PM 9,033 pos7E.tmp
12/19/2007 08:13 PM 12,033 pos7F.tmp
12/19/2007 09:01 PM 11,033 pos8.tmp
12/19/2007 08:13 PM 12,033 pos80.tmp
12/19/2007 08:13 PM 13,033 pos81.tmp
12/19/2007 08:13 PM 9,033 pos82.tmp
12/19/2007 08:13 PM 6,033 pos83.tmp
12/19/2007 08:13 PM 13,033 pos84.tmp
12/19/2007 08:13 PM 13,033 pos85.tmp
12/19/2007 08:13 PM 9,033 pos86.tmp
12/19/2007 08:13 PM 12,033 pos87.tmp
12/19/2007 08:13 PM 6,033 pos88.tmp
12/19/2007 08:13 PM 6,033 pos89.tmp
12/19/2007 08:13 PM 14,033 pos8A.tmp
12/19/2007 08:13 PM 11,033 pos8B.tmp
12/19/2007 08:13 PM 5,033 pos8C.tmp
12/19/2007 08:13 PM 9,033 pos8D.tmp
12/19/2007 08:13 PM 11,033 pos8E.tmp
12/19/2007 08:13 PM 7,033 pos8F.tmp
12/19/2007 09:01 PM 9,033 pos9.tmp
12/19/2007 08:13 PM 7,033 pos90.tmp
12/19/2007 08:13 PM 7,033 pos91.tmp
12/19/2007 08:13 PM 12,033 pos92.tmp
12/19/2007 08:13 PM 8,033 pos93.tmp
12/19/2007 08:13 PM 6,033 pos94.tmp
12/19/2007 08:13 PM 6,033 pos95.tmp
12/19/2007 08:13 PM 10,033 pos96.tmp
12/19/2007 08:13 PM 6,033 pos97.tmp
12/19/2007 08:13 PM 11,033 pos98.tmp
12/19/2007 08:13 PM 7,033 pos99.tmp
12/19/2007 08:13 PM 11,033 pos9A.tmp
12/19/2007 08:13 PM 8,033 pos9B.tmp
12/19/2007 08:13 PM 10,033 pos9C.tmp
12/19/2007 08:13 PM 7,033 pos9D.tmp
12/19/2007 08:13 PM 8,033 pos9E.tmp
12/19/2007 08:13 PM 12,033 pos9F.tmp
12/19/2007 08:13 PM 5,033 posA0.tmp
12/19/2007 08:13 PM 6,033 posA1.tmp
12/19/2007 08:13 PM 8,033 posA2.tmp
12/19/2007 08:13 PM 14,033 posA3.tmp
12/19/2007 08:13 PM 6,033 posA4.tmp
12/19/2007 08:13 PM 11,033 posA5.tmp
12/19/2007 08:13 PM 10,033 posA6.tmp
12/19/2007 08:13 PM 12,033 posA7.tmp
12/19/2007 08:13 PM 10,033 posA8.tmp
12/19/2007 08:13 PM 9,033 posA9.tmp
162 File(s) 1,505,346 bytes
0 Dir(s) 7,454,720,000 bytes free
Volume in drive C has no label.
Volume Serial Number is 48F2-F4C7

Directory of C:\

12/19/2007 09:01 PM 9,033 pos1.tmp
12/19/2007 09:01 PM 11,033 pos2.tmp
12/19/2007 09:01 PM 7,033 pos3.tmp
12/19/2007 09:01 PM 7,033 pos4.tmp
12/19/2007 09:01 PM 9,033 pos5.tmp
12/19/2007 09:01 PM 12,033 pos6.tmp
12/19/2007 09:01 PM 8,033 pos7.tmp
12/19/2007 09:01 PM 11,033 pos8.tmp
12/19/2007 09:01 PM 9,033 pos9.tmp
9 File(s) 83,297 bytes
0 Dir(s) 7,454,724,096 bytes free

katana
2007-12-28, 02:46
I was going to write a script to delete those files, but I don't think it would fit in the post :sick:

Navigate to your C:\ drive, then right click and select "arrange icons" >> " by type"

Find the Pos***.tmp files, and select them all then right click "delete"

That will be the best way of getting rid of them.

empty your recycle bin and then reboot.

Check the C:\ drive and make sure none have reappeared.

Let me know how you get on.

Wizit
2007-12-28, 21:53
all the temp files are gone and everything is running smoothly, the thing still has a red X as an icon. I'm Guessing this isnt a big deal.:scratch:

:crowned:Thanks for all of your help.:crowned:
You Rock:2thumb:

katana
2007-12-28, 22:10
Do you know what this is ?
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package\Autofighter Cheat Package\Hackers\wpeproalpha\wpeproalpha\WPE PRO.exe

Please re-run ComboFix and post the log.

Wizit
2007-12-29, 20:58
yes i do know what that is but i really dont need it.
Ill get to posting you that log right away.

Wizit
2007-12-29, 21:22
ComboFix 07-12-21.4 - jd 2007-12-29 13:01:11.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.224 [GMT -6:00]
Running from: C:\Documents and Settings\jd\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.

2007-12-27 19:01 . 2007-12-27 19:01 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\AVG7
2007-12-27 07:28 . 2007-12-27 07:28 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-25 11:38 . 2007-12-28 13:17 82 --a------ C:\WINDOWS\RCAMPEG4VC.ini
2007-12-25 10:53 . 2007-12-25 10:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-25 10:53 . 2007-12-25 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-24 02:12 . 2007-12-24 02:23 <DIR> d-------- C:\Program Files\Runescape Apocalypse Client
2007-12-24 01:39 . 2007-12-24 01:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-24 01:39 . 2007-12-29 08:00 <DIR> d-------- C:\Documents and Settings\jd\Application Data\AVG7
2007-12-24 01:38 . 2007-12-24 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 01:38 . 2007-12-24 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-22 20:25 . 2007-12-22 20:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Store Purchased
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Shared
2007-12-19 20:29 . 2007-12-28 13:57 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Saved
2007-12-19 20:26 . 2007-12-24 19:23 <DIR> d-------- C:\Program Files\LimeWire
2007-12-17 19:33 . 2007-12-17 19:33 <DIR> d-------- C:\Program Files\RCA
2007-12-17 13:20 . 2007-12-22 12:57 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-17 13:16 . 2007-12-17 13:16 <DIR> dr-h----- C:\Documents and Settings\Kyle\Application Data\yahoo!
2007-12-16 17:47 . 2007-08-03 19:31 <DIR> d-------- C:\Documents and Settings\Kyle\WINDOWS
2007-12-16 17:47 . 2007-12-16 17:47 <DIR> d--hs---- C:\Documents and Settings\Kyle\UserData
2007-12-16 17:47 . 2007-08-03 19:36 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\McAfee.com Personal Firewall
2007-12-16 17:44 . 2007-12-16 17:44 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-16 11:20 . 2007-12-16 19:48 <DIR> d-------- C:\Documents and Settings\jd\Application Data\DivX
2007-12-15 22:16 . 2007-12-16 17:36 <DIR> d-------- C:\Documents and Settings\jd\Application Data\Lavasoft
2007-12-15 19:01 . 2007-12-24 18:49 <DIR> d-------- C:\Temp
2007-12-11 16:35 . 2007-12-11 16:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 16:35 . 2007-12-11 16:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 16:34 . 2007-12-11 16:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 16:34 . 2007-12-11 16:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 16:34 . 2007-12-11 16:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 16:32 . 2007-12-11 16:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-12-11 16:32 . 2007-12-11 16:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 16:32 . 2007-12-11 16:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-10 19:00 . 2007-12-10 19:00 <DIR> d-------- C:\GMouse20
2007-12-01 23:35 . 2006-09-13 14:52 561,152 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-01 23:35 . 2006-09-13 15:01 237,568 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-01 23:35 . 2005-12-30 15:34 2,864 --a------ C:\WINDOWS\system32\xvid.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 13:05 --------- d-----w C:\Documents and Settings\jd\Application Data\LimeWire
2007-12-22 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 05:26 --------- d-----w C:\Program Files\RegistryFix
2007-12-18 01:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 19:34 --------- d-----w C:\Program Files\Java
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-08 19:02 --------- d-----w C:\Program Files\Yahoo!
2007-12-02 05:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-18 03:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-18 03:17 --------- d-----w C:\Program Files\rpg2003
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-03 20:22 --------- d-----w C:\Documents and Settings\jd\Application Data\Yahoo!
2007-11-03 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-01 20:04 --------- d-----w C:\Program Files\FileZilla
2007-11-01 14:03 0 ----a-w C:\Documents and Settings\jd\AutoTalkerPro20.exe
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-09-04 23:56 56 --sh--r C:\WINDOWS\system32\A3D88A52D0.sys
2007-09-04 23:56 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-24_12.41.06.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-24 06:54:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-27 13:56:09 5,476,352 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2007-12-27 13:56:09 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-12-24 06:54:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-27 13:28:21 5,476,352 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2007-12-27 13:28:21 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-27 18:09]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 16:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-24 09:44]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-24 01:38]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\Kyle\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\jd\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

R3 atimtai;atimtai;C:\WINDOWS\system32\DRIVERS\atimtai.sys [2001-08-17 06:48]
R3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\EL556ND5.sys [2001-08-17 06:10]
R3 maestro;ESS Maestro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198xdl.sys [2002-06-20 16:53]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2005-06-22 18:54]
R3 WDHAALBA;WDHAALBAMiniPCI Winmodem;C:\WINDOWS\system32\DRIVERS\WDHAALBA.sys [2001-08-17 07:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0a4aa71-4959-11dc-a30f-0000864da474}]
\Shell\AutoRun\command - D:\setup.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 13:05:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-29 13:07:10
C:\ComboFix2.txt ... 2007-12-27 18:15
C:\ComboFix3.txt ... 2007-12-25 19:07
.
2007-12-12 01:06:33 --- E O F ---

Wizit
2007-12-29, 21:25
heres the log ComboFix 07-12-21.4 - jd 2007-12-29 13:01:11.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.224 [GMT -6:00]
Running from: C:\Documents and Settings\jd\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.

2007-12-27 19:01 . 2007-12-27 19:01 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\AVG7
2007-12-27 07:28 . 2007-12-27 07:28 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-25 11:38 . 2007-12-28 13:17 82 --a------ C:\WINDOWS\RCAMPEG4VC.ini
2007-12-25 10:53 . 2007-12-25 10:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-25 10:53 . 2007-12-25 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-24 02:12 . 2007-12-24 02:23 <DIR> d-------- C:\Program Files\Runescape Apocalypse Client
2007-12-24 01:39 . 2007-12-24 01:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-24 01:39 . 2007-12-29 08:00 <DIR> d-------- C:\Documents and Settings\jd\Application Data\AVG7
2007-12-24 01:38 . 2007-12-24 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 01:38 . 2007-12-24 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-22 20:25 . 2007-12-22 20:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Store Purchased
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Shared
2007-12-19 20:29 . 2007-12-28 13:57 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Saved
2007-12-19 20:26 . 2007-12-24 19:23 <DIR> d-------- C:\Program Files\LimeWire
2007-12-17 19:33 . 2007-12-17 19:33 <DIR> d-------- C:\Program Files\RCA
2007-12-17 13:20 . 2007-12-22 12:57 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-17 13:16 . 2007-12-17 13:16 <DIR> dr-h----- C:\Documents and Settings\Kyle\Application Data\yahoo!
2007-12-16 17:47 . 2007-08-03 19:31 <DIR> d-------- C:\Documents and Settings\Kyle\WINDOWS
2007-12-16 17:47 . 2007-12-16 17:47 <DIR> d--hs---- C:\Documents and Settings\Kyle\UserData
2007-12-16 17:47 . 2007-08-03 19:36 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\McAfee.com Personal Firewall
2007-12-16 17:44 . 2007-12-16 17:44 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-16 11:20 . 2007-12-16 19:48 <DIR> d-------- C:\Documents and Settings\jd\Application Data\DivX
2007-12-15 22:16 . 2007-12-16 17:36 <DIR> d-------- C:\Documents and Settings\jd\Application Data\Lavasoft
2007-12-15 19:01 . 2007-12-24 18:49 <DIR> d-------- C:\Temp
2007-12-11 16:35 . 2007-12-11 16:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 16:35 . 2007-12-11 16:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 16:34 . 2007-12-11 16:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 16:34 . 2007-12-11 16:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 16:34 . 2007-12-11 16:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 16:32 . 2007-12-11 16:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-12-11 16:32 . 2007-12-11 16:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 16:32 . 2007-12-11 16:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-10 19:00 . 2007-12-10 19:00 <DIR> d-------- C:\GMouse20
2007-12-01 23:35 . 2006-09-13 14:52 561,152 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-01 23:35 . 2006-09-13 15:01 237,568 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-01 23:35 . 2005-12-30 15:34 2,864 --a------ C:\WINDOWS\system32\xvid.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 13:05 --------- d-----w C:\Documents and Settings\jd\Application Data\LimeWire
2007-12-22 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 05:26 --------- d-----w C:\Program Files\RegistryFix
2007-12-18 01:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 19:34 --------- d-----w C:\Program Files\Java
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-08 19:02 --------- d-----w C:\Program Files\Yahoo!
2007-12-02 05:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-18 03:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-18 03:17 --------- d-----w C:\Program Files\rpg2003
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-03 20:22 --------- d-----w C:\Documents and Settings\jd\Application Data\Yahoo!
2007-11-03 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-01 20:04 --------- d-----w C:\Program Files\FileZilla
2007-11-01 14:03 0 ----a-w C:\Documents and Settings\jd\AutoTalkerPro20.exe
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-09-04 23:56 56 --sh--r C:\WINDOWS\system32\A3D88A52D0.sys
2007-09-04 23:56 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-24_12.41.06.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-24 06:54:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-27 13:56:09 5,476,352 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2007-12-27 13:56:09 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-12-24 06:54:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-27 13:28:21 5,476,352 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2007-12-27 13:28:21 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-27 18:09]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 16:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-24 09:44]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-24 01:38]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\Kyle\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\jd\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

R3 atimtai;atimtai;C:\WINDOWS\system32\DRIVERS\atimtai.sys [2001-08-17 06:48]
R3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\EL556ND5.sys [2001-08-17 06:10]
R3 maestro;ESS Maestro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198xdl.sys [2002-06-20 16:53]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2005-06-22 18:54]
R3 WDHAALBA;WDHAALBAMiniPCI Winmodem;C:\WINDOWS\system32\DRIVERS\WDHAALBA.sys [2001-08-17 07:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0a4aa71-4959-11dc-a30f-0000864da474}]
\Shell\AutoRun\command - D:\setup.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 13:05:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-29 13:07:10
C:\ComboFix2.txt ... 2007-12-27 18:15
C:\ComboFix3.txt ... 2007-12-25 19:07
.
2007-12-12 01:06:33 --- E O F ---

Wizit
2007-12-29, 21:29
whoops, my pc is messin up,:nono: those 2 logs are the same,:trample: only use the first one. Lol sorry.:laugh:

Wizit
2007-12-29, 21:40
oh wow. I just notaced that the MRU Honors Grad thing was a link.:) Did you really spend like 6 months training to help people:eek: Thats amazing:eek: Dude, you are ownage:bow: I might want to join the MRU when im clean:laugh:

katana
2007-12-29, 21:46
I spent 12 months training to do this :laugh:
You are more than welcome to join :bigthumb:
Do you still have the red X instead of the C drive ?

Try a reboot if you haven't already.

Wizit
2007-12-31, 03:06
The Red X is still there. Any other ideas?

katana
2007-12-31, 03:13
Let's try another scan to see if anything is hiding.

We will tidy up a bit first, so that we aren't detecting the same things.

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

You can also delete any logs we have produced, and empty your Recycle bin.

Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer

Turn ON System Restore

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.



TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan (http://www.nanoscan.com/as/v1/?) << LINK

Under Scan Now click the Full Scan button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.

Wizit
2007-12-31, 08:19
Alright, i scanned and i saved the log. BTW, we got this new raspberry tea and it was pretty good:coffee:, concidering most of them really dont taste good.:sick:

Anyways here is the log:)

;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-12-31 00:14:00
PROTECTIONS: 1
MALWARE: 21
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.516 7.5.516 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.trafficmp.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Cookies\jd@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Kyle\Cookies\kyle@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Kyle\Cookies\kyle@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Cookies\jd@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\jd\Desktop\SDFix.exe[SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Kyle\Cookies\kyle@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Cookies\jd@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Cookies\jd@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Kyle\Cookies\kyle@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Cookies\jd@mediaplex[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Cookies\jd@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.com.com/]
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[landing.domainsponsor.com/]
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[landing.domainsponsor.com/]
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[landing.domainsponsor.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[ad.yieldmanager.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Kyle\Cookies\kyle@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Cookies\jd@advertising[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Cookies\jd@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Kyle\Cookies\kyle@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Cookies\jd@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.questionmarket.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Cookies\jd@bluestreak[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Application Data\Mozilla\Firefox\Profiles\jty4m65g.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Cookies\jd@go[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\jd\Cookies\jd@ads.addynamix[1].txt
00388566 Sniffer/WpePro HackTools No 0 Yes No C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package\Autofighter Cheat Package\Hackers\wpeproalpha\wpeproalpha\WpeSpy.dll
01143714 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\mouserec.exe
01143714 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\GMouse20\Gmouse.exe
01143714 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package\Autofighter Cheat Package\Macros\mouserec.exe
02415516 Sniffer/WpePro HackTools No 0 Yes No C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package\Autofighter Cheat Package\Hackers\wpeproalpha\wpeproalpha\WPE PRO.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

katana
2007-12-31, 14:38
Delete the following as they are infected.

C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\mouserec.exe
C:\GMouse20
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package\Autofighter Cheat Package\Macros\mouserec.exe

In fact I would suggest that you delete this entire folder, as it is these cheats that have caused your problems
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos

These can be deleted as they are no longer needed

C:\Documents and Settings\jd\Desktop\SDFix.exe
C:\SDFix.

Malware writers use Cheat programs, Hacks and Cracks, and Warez to get their infections spread.
I would not recommend the use of any of the above if you wish to stay clean and safe.

Please post a final HJT log in your reply

Wizit
2008-01-01, 06:03
It is sad:sad:. I am so used to getting up every morning and checking this post. Its gona be so hard not doing that lol. Heres my final log......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:07 PM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Atievxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmhp.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186100614029
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

--
End of file - 5546 bytes

katana
2008-01-01, 13:17
Congratulations your logs look clean :D

Let’s see if I can help you keep it that way

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u3
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available.

Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

The following is some info to help you stay safe and clean.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.nanoscan.com
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.kaspersky.com/virusscanner

Firewall
You do not appear to have a firewall.
A third party firewall is much safer than the Windows basic firewall , as it stops malware that does get on your PC from contacting "home"
Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
It is recommended to have only one Firewall active.
Comodo Firewall (http://www.personalfirewall.comodo.com/)
Outpost Firewall (http://www.agnitum.com/products/outpostfree/index.php)
zonealarm Firewall (http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp)

AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
All of the programs in this list have a free version,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
AVG Anti-Spyware 7.5 (http://www.ewido.net/en/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Ad-Aware 2007 Free (http://www.lavasoftusa.com/products/ad_aware_free.php) <<< A good "realtime" or "on demand" scanner

Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 3.5.1 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/content/view/15/33/) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections

Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/content/view/19/2/) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

tashi
2008-01-09, 01:08
Wizit

If you could post back one more time to let me know everything is OK, then I can have this thread archived. ;)

tashi
2008-01-13, 19:00
Hmmmm.

Thank you katana.

katana
2008-01-13, 19:01
No problem Tashi :rolleyes: