First, thank you for your help. I downloaded AVG and did a scan in safe mode and AVG delt with about 40 viruses then I scanned with Spybot and dealt with everything that came up except for Smithfaud. I then removed AVG and downloaded and installed a trial version of Kaspersky which found a lot more viruses but was unable to remove some of them. I am pasting the log from Hijackthis and I also have a log from Kaspersky Online Scanning that I will include in a seperate post. Again, thank you for your help in this matter. Cindy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:45 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lds.org/ldsorg/v/index.jsp?vgnextoid=e419fb40e21cef00VgnVCM1000001f5e340aRCRD
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F4E40-BF09-49F4-8EFC-BFFBAD8E34AD} - C:\WINDOWS\system32\ddaya.dll (file missing)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SpruceBHO - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - C:\Program Files\Spruce\Spruce.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\xxyawvu.dll (file missing)
O2 - BHO: (no name) - {93E819DE-EAA4-47E7-B780-B730C3A72382} - C:\Program Files\Windows NT\nipyradi4444.dll (file missing)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} - C:\WINDOWS\system32\tuvvtsq.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {C65FACD8-6526-4782-AEC1-C32E0468A3A0} - C:\Program Files\Windows NT\nipyradiC:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\\hpzasda213a.dll (file missing)
O2 - BHO: (no name) - {C6CC3FD9-101D-469D-8D91-49FDFCA4ADC2} - C:\Program Files\Windows NT\nipyradi83122.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: {8f2b0dc8-83b6-376b-dcf4-b5e5e5a6964e} - {e4696a5e-5e5b-4fcd-b673-6b388cd0b2f8} - C:\WINDOWS\system32\rpscguqg.dll (file missing)
O2 - BHO: (no name) - {e78dcb95-f7c1-4827-b1bf-f10c2fd2ba7c} - C:\WINDOWS\system32\xweesen.dll
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DioCleaner] C:\Program Files\DioCleaner\DioCleaner.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: cbxxxvv - cbxxxvv.dll (file missing)
O20 - Winlogon Notify: qhxavjta - qhxavjta.dll (file missing)
O20 - Winlogon Notify: tuvvtsq - tuvvtsq.dll (file missing)
O20 - Winlogon Notify: xxyawvu - xxyawvu.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Network DDE NetDDEFastUserSwitchingCompatibility (NetDDEFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\system32\0.6043512f.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Windows Hosts Plugin - Unknown owner - C:\WINDOWS\system32\spoolcv.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11037 bytes

Cindy

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

Let me tell ya, you have a very heavily infected computer :lip:


We are going to have to run a few tools, do these in order please. What I would do is to download them all to your desktop and then disconnect from the internet so more stuff does not install. I need to see all the reports so take as many replies as you need.


Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log




Download VundoFix (http://www.atribune.org/ccount/click.php?id=4 ) to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.




Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall



Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up




The thieves that have written Vundo have written it to evade a HJT scan so we need to rename it

This is important, do this before you post a HJT log
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe<-- Right click on Hijackthis.exe ( looks like a man with a spyglass )and rename it to Cindy.exe



So.... i need to see.

1. SDBot report
2. Vundofix report
3. Combofix report
4. New HJT log renamed please

SDFix: Version 1.125

Run by Fred Thomas on Thu 01/10/2008 at 11:34 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
FCI
Windows Hosts Plugin

Path:
C:\WINDOWS\system32\svchost.exe:ext.exe
"C:\WINDOWS\system32\spoolcv.exe"

FCI - Deleted
Windows Hosts Plugin - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\PROGRA~1\COMMON~1\RYBI - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\s32.exe - Deleted
C:\WINDOWS\hotporn.exe - Deleted
C:\WINDOWS\ie_32.exe - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted



Folder C:\Program Files\Helper - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp\tn3 - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 11:46:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Documents and Settings\\Stephanie Thomas\\Desktop\\VisualBoyAdvance.exe"="C:\\Documents and Settings\\Stephanie Thomas\\Desktop\\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator"
"C:\\Documents and Settings\\Stephanie Thomas\\Desktop\\vbalink180b0\\VisualBoyAdvance.exe"="C:\\Documents and Settings\\Stephanie Thomas\\Desktop\\vbalink180b0\\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator"
"C:\\Documents and Settings\\Stephanie Thomas\\Desktop\\bgb_1.2\\bgb.exe"="C:\\Documents and Settings\\Stephanie Thomas\\Desktop\\bgb_1.2\\bgb.exe:*:Enabled:bgb"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Stephanie Thomas\\Desktop\\vbalan\\vba.exe"="C:\\Documents and Settings\\Stephanie Thomas\\Desktop\\vbalan\\vba.exe:*:Enabled:VisualBoyAdvance emulator"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe:LocalSubNet:Enabled:Ad-Aware SE Personal"
"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"="C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 1 Sep 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed 1 Sep 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed 1 Sep 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Thu 22 Nov 2007 104 ..SHR --- "C:\WINDOWS\system32\96475175BD.sys"
Sat 15 Dec 2007 6,519 A.SH. --- "C:\WINDOWS\system32\ayadd.bak1"
Wed 2 Jan 2008 629,513 A.SH. --- "C:\WINDOWS\system32\ayadd.bak2"
Wed 25 Apr 2007 88 ..SHR --- "C:\WINDOWS\system32\BD75514796.sys"
Fri 23 Nov 2007 8,456 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 2 Jan 2008 21,950 ..SH. --- "C:\WINDOWS\system32\qhxavjta.dllbox"
Sun 1 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 11 Nov 2007 1,409 ...H. --- "C:\Documents and Settings\Stephanie Thomas\Local Settings\Temp\FOR11.tmp"
Sun 11 Nov 2007 1,409 ...H. --- "C:\Documents and Settings\Stephanie Thomas\Local Settings\Temp\FOR13.tmp"
Sun 11 Nov 2007 1,409 ...H. --- "C:\Documents and Settings\Stephanie Thomas\Local Settings\Temp\FORF.tmp"
Sun 11 Nov 2007 11,716 ...H. --- "C:\Documents and Settings\Stephanie Thomas\Local Settings\Temp\ZTR10.tmp"
Sun 11 Nov 2007 8,364 ...H. --- "C:\Documents and Settings\Stephanie Thomas\Local Settings\Temp\ZTR12.tmp"
Sun 11 Nov 2007 12,944 ...H. --- "C:\Documents and Settings\Stephanie Thomas\Local Settings\Temp\ZTRE.tmp"
Wed 26 Sep 2007 8 A..H. --- "C:\Documents and Settings\Fred Thomas\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Wed 26 Sep 2007 8 A..H. --- "C:\Documents and Settings\Fred Thomas\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Wed 26 Sep 2007 8 A..H. --- "C:\Documents and Settings\Fred Thomas\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Wed 26 Sep 2007 8 A..H. --- "C:\Documents and Settings\Fred Thomas\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Wed 19 Sep 2007 8 A..H. --- "C:\Documents and Settings\Laurie Thomas\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Wed 19 Sep 2007 8 A..H. --- "C:\Documents and Settings\Laurie Thomas\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Wed 19 Sep 2007 8 A..H. --- "C:\Documents and Settings\Laurie Thomas\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Wed 19 Sep 2007 8 A..H. --- "C:\Documents and Settings\Laurie Thomas\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Stephanie Thomas\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Stephanie Thomas\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Mon 23 Apr 2007 8 A..H. --- "C:\Documents and Settings\Stephanie Thomas\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Mon 23 Apr 2007 8 A..H. --- "C:\Documents and Settings\Stephanie Thomas\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!

VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 11:50:39 AM 1/10/2008

Listing files found while scanning....

C:\windows\system32\qhxavjta.dllbox
C:\WINDOWS\system32\xxyawvu.dll

Beginning removal...

Attempting to delete C:\windows\system32\qhxavjta.dllbox
C:\windows\system32\qhxavjta.dllbox Has been deleted!

Performing Repairs to the registry.
Done!

ComboFix 08-01-10.2 - Fred Thomas 2008-01-10 12:27:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.169 [GMT -6:00]
Running from: C:\Documents and Settings\Fred Thomas\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Stephanie Thomas\Application Data\SMANTE~1
C:\Documents and Settings\Stephanie Thomas\err.log
C:\pos1.tmp
C:\pos10.tmp
C:\pos100.tmp
C:\pos101.tmp
C:\pos102.tmp
C:\pos103.tmp
C:\pos104.tmp
C:\pos105.tmp
C:\pos106.tmp
C:\pos107.tmp
C:\pos108.tmp
C:\pos109.tmp
C:\pos10A.tmp
C:\pos10B.tmp
C:\pos10C.tmp
C:\pos10D.tmp
C:\pos10E.tmp
C:\pos10F.tmp
C:\pos11.tmp
C:\pos110.tmp
C:\pos111.tmp
C:\pos112.tmp
C:\pos113.tmp
C:\pos114.tmp
C:\pos115.tmp
C:\pos116.tmp
C:\pos117.tmp
C:\pos118.tmp
C:\pos119.tmp
C:\pos11A.tmp
C:\pos11B.tmp
C:\pos11C.tmp
C:\pos11D.tmp
C:\pos11E.tmp
C:\pos11F.tmp
C:\pos12.tmp
C:\pos120.tmp
C:\pos121.tmp
C:\pos122.tmp
C:\pos123.tmp
C:\pos124.tmp
C:\pos125.tmp
C:\pos126.tmp
C:\pos127.tmp
C:\pos128.tmp
C:\pos129.tmp
C:\pos12A.tmp
C:\pos12B.tmp
C:\pos12C.tmp
C:\pos12D.tmp
C:\pos12E.tmp
C:\pos12F.tmp
C:\pos13.tmp
C:\pos130.tmp
C:\pos131.tmp
C:\pos132.tmp
C:\pos133.tmp
C:\pos134.tmp
C:\pos135.tmp
C:\pos136.tmp
C:\pos137.tmp
C:\pos138.tmp
C:\pos139.tmp
C:\pos13A.tmp
C:\pos13B.tmp
C:\pos13C.tmp
C:\pos13D.tmp
C:\pos13E.tmp
C:\pos13F.tmp
C:\pos14.tmp
C:\pos140.tmp
C:\pos141.tmp
C:\pos142.tmp
C:\pos143.tmp
C:\pos144.tmp
C:\pos145.tmp
C:\pos146.tmp
C:\pos147.tmp
C:\pos148.tmp
C:\pos149.tmp
C:\pos14A.tmp
C:\pos14B.tmp
C:\pos14C.tmp
C:\pos14D.tmp
C:\pos14E.tmp
C:\pos14F.tmp
C:\pos15.tmp
C:\pos150.tmp
C:\pos151.tmp
C:\pos152.tmp
C:\pos153.tmp
C:\pos154.tmp
C:\pos155.tmp
C:\pos156.tmp
C:\pos157.tmp
C:\pos158.tmp
C:\pos159.tmp
C:\pos15A.tmp
C:\pos15B.tmp
C:\pos15C.tmp
C:\pos15D.tmp
C:\pos15E.tmp
C:\pos15F.tmp
C:\pos16.tmp
C:\pos160.tmp
C:\pos161.tmp
C:\pos162.tmp
C:\pos163.tmp
C:\pos164.tmp
C:\pos165.tmp
C:\pos166.tmp
C:\pos167.tmp
C:\pos168.tmp
C:\pos169.tmp
C:\pos16A.tmp
C:\pos16B.tmp
C:\pos16C.tmp
C:\pos16D.tmp
C:\pos16E.tmp
C:\pos16F.tmp
C:\pos17.tmp
C:\pos170.tmp
C:\pos171.tmp
C:\pos172.tmp
C:\pos173.tmp
C:\pos174.tmp
C:\pos175.tmp
C:\pos176.tmp
C:\pos177.tmp
C:\pos178.tmp
C:\pos179.tmp
C:\pos17A.tmp
C:\pos17B.tmp
C:\pos17C.tmp
C:\pos17D.tmp
C:\pos17E.tmp
C:\pos17F.tmp
C:\pos18.tmp
C:\pos180.tmp
C:\pos181.tmp
C:\pos182.tmp
C:\pos183.tmp
C:\pos184.tmp
C:\pos185.tmp
C:\pos186.tmp
C:\pos187.tmp
C:\pos188.tmp
C:\pos189.tmp
C:\pos18A.tmp
C:\pos18B.tmp
C:\pos18C.tmp
C:\pos18D.tmp
C:\pos18E.tmp
C:\pos18F.tmp
C:\pos19.tmp
C:\pos190.tmp
C:\pos191.tmp
C:\pos192.tmp
C:\pos193.tmp
C:\pos194.tmp
C:\pos195.tmp
C:\pos196.tmp
C:\pos197.tmp
C:\pos198.tmp
C:\pos199.tmp
C:\pos19A.tmp
C:\pos19B.tmp
C:\pos19C.tmp
C:\pos19D.tmp
C:\pos19E.tmp
C:\pos19F.tmp
C:\pos1A.tmp
C:\pos1A0.tmp
C:\pos1A1.tmp
C:\pos1A2.tmp
C:\pos1A3.tmp
C:\pos1A4.tmp
C:\pos1A5.tmp
C:\pos1A6.tmp
C:\pos1A7.tmp
C:\pos1A8.tmp
C:\pos1A9.tmp
C:\pos1AA.tmp
C:\pos1AB.tmp
C:\pos1AC.tmp
C:\pos1AD.tmp
C:\pos1AE.tmp
C:\pos1AF.tmp
C:\pos1B.tmp
C:\pos1B0.tmp
C:\pos1B1.tmp
C:\pos1B2.tmp
C:\pos1B3.tmp
C:\pos1B4.tmp
C:\pos1B5.tmp
C:\pos1B6.tmp
C:\pos1B7.tmp
C:\pos1B8.tmp
C:\pos1B9.tmp
C:\pos1BA.tmp
C:\pos1BB.tmp
C:\pos1BC.tmp
C:\pos1BD.tmp
C:\pos1BE.tmp
C:\pos1BF.tmp
C:\pos1C.tmp
C:\pos1C0.tmp
C:\pos1C1.tmp
C:\pos1C2.tmp
C:\pos1C3.tmp
C:\pos1C4.tmp
C:\pos1C5.tmp
C:\pos1C6.tmp
C:\pos1C7.tmp
C:\pos1C8.tmp
C:\pos1C9.tmp
C:\pos1CA.tmp
C:\pos1CB.tmp
C:\pos1CC.tmp
C:\pos1CD.tmp
C:\pos1CE.tmp
C:\pos1CF.tmp
C:\pos1D.tmp
C:\pos1D0.tmp
C:\pos1D1.tmp
C:\pos1D2.tmp
C:\pos1D3.tmp
C:\pos1D4.tmp
C:\pos1D5.tmp
C:\pos1D6.tmp
C:\pos1D7.tmp
C:\pos1D8.tmp
C:\pos1D9.tmp
C:\pos1DA.tmp
C:\pos1DB.tmp
C:\pos1DC.tmp
C:\pos1DD.tmp
C:\pos1DE.tmp
C:\pos1DF.tmp
C:\pos1E.tmp
C:\pos1E0.tmp
C:\pos1E1.tmp
C:\pos1E2.tmp
C:\pos1E3.tmp
C:\pos1E4.tmp
C:\pos1E5.tmp
C:\pos1E6.tmp
C:\pos1E7.tmp
C:\pos1E8.tmp
C:\pos1E9.tmp
C:\pos1EA.tmp
C:\pos1EB.tmp
C:\pos1EC.tmp
C:\pos1ED.tmp
C:\pos1EE.tmp
C:\pos1EF.tmp
C:\pos1F.tmp
C:\pos1F0.tmp
C:\pos1F1.tmp
C:\pos1F2.tmp
C:\pos1F3.tmp
C:\pos1F4.tmp
C:\pos1F5.tmp
C:\pos1F6.tmp
C:\pos1F7.tmp
C:\pos1F8.tmp
C:\pos1F9.tmp
C:\pos1FA.tmp
C:\pos1FB.tmp
C:\pos1FC.tmp
C:\pos1FD.tmp
C:\pos1FE.tmp
C:\pos1FF.tmp
C:\pos2.tmp
C:\pos20.tmp
C:\pos200.tmp
C:\pos201.tmp
C:\pos202.tmp
C:\pos203.tmp
C:\pos204.tmp
C:\pos205.tmp
C:\pos206.tmp
C:\pos207.tmp
C:\pos208.tmp
C:\pos209.tmp
C:\pos20A.tmp
C:\pos20B.tmp
C:\pos20C.tmp
C:\pos20D.tmp
C:\pos20E.tmp
C:\pos20F.tmp
C:\pos21.tmp
C:\pos210.tmp
C:\pos211.tmp
C:\pos212.tmp
C:\pos213.tmp
C:\pos214.tmp
C:\pos215.tmp
C:\pos216.tmp
C:\pos217.tmp
C:\pos218.tmp
C:\pos219.tmp
C:\pos21A.tmp
C:\pos21B.tmp
C:\pos21C.tmp
C:\pos21D.tmp
C:\pos21E.tmp
C:\pos21F.tmp
C:\pos22.tmp
C:\pos220.tmp
C:\pos221.tmp
C:\pos222.tmp
C:\pos223.tmp
C:\pos224.tmp
C:\pos225.tmp
C:\pos226.tmp
C:\pos227.tmp
C:\pos228.tmp
C:\pos229.tmp
C:\pos22A.tmp
C:\pos22B.tmp
C:\pos22C.tmp
C:\pos22D.tmp
C:\pos22E.tmp
C:\pos22F.tmp
C:\pos23.tmp
C:\pos230.tmp
C:\pos231.tmp
C:\pos232.tmp
C:\pos233.tmp
C:\pos234.tmp
C:\pos235.tmp
C:\pos236.tmp
C:\pos237.tmp
C:\pos238.tmp
C:\pos239.tmp
C:\pos23A.tmp
C:\pos23B.tmp
C:\pos23C.tmp
C:\pos23D.tmp
C:\pos23E.tmp
C:\pos23F.tmp
C:\pos24.tmp
C:\pos240.tmp
C:\pos241.tmp
C:\pos242.tmp
C:\pos243.tmp
C:\pos244.tmp
C:\pos245.tmp
C:\pos246.tmp
C:\pos247.tmp
C:\pos248.tmp
C:\pos249.tmp
C:\pos24A.tmp
C:\pos24B.tmp
C:\pos24C.tmp
C:\pos24D.tmp
C:\pos24E.tmp
C:\pos24F.tmp
C:\pos25.tmp
C:\pos250.tmp
C:\pos251.tmp
C:\pos252.tmp
C:\pos253.tmp
C:\pos254.tmp
C:\pos255.tmp
C:\pos256.tmp
C:\pos257.tmp
C:\pos258.tmp
C:\pos259.tmp
C:\pos25A.tmp
C:\pos25B.tmp
C:\pos25C.tmp
C:\pos25D.tmp
C:\pos25E.tmp
C:\pos25F.tmp
C:\pos26.tmp
C:\pos260.tmp
C:\pos261.tmp
C:\pos262.tmp
C:\pos263.tmp
C:\pos264.tmp
C:\pos265.tmp
C:\pos266.tmp
C:\pos267.tmp
C:\pos268.tmp
C:\pos269.tmp
C:\pos26A.tmp
C:\pos26B.tmp
C:\pos26C.tmp
C:\pos26D.tmp
C:\pos26E.tmp
C:\pos26F.tmp
C:\pos27.tmp
C:\pos270.tmp
C:\pos271.tmp
C:\pos272.tmp
C:\pos273.tmp
C:\pos274.tmp
C:\pos275.tmp
C:\pos276.tmp
C:\pos277.tmp
C:\pos278.tmp
C:\pos279.tmp
C:\pos27A.tmp
C:\pos27B.tmp
C:\pos27C.tmp
C:\pos27D.tmp
C:\pos27E.tmp
C:\pos27F.tmp
C:\pos28.tmp
C:\pos280.tmp
C:\pos281.tmp
C:\pos282.tmp
C:\pos283.tmp
C:\pos284.tmp
C:\pos285.tmp
C:\pos286.tmp
C:\pos287.tmp
C:\pos288.tmp
C:\pos289.tmp
C:\pos28A.tmp
C:\pos28B.tmp
C:\pos28C.tmp
C:\pos28D.tmp
C:\pos28E.tmp
C:\pos28F.tmp
C:\pos29.tmp
C:\pos290.tmp
C:\pos291.tmp
C:\pos292.tmp
C:\pos293.tmp
C:\pos294.tmp
C:\pos295.tmp
C:\pos296.tmp
C:\pos297.tmp
C:\pos298.tmp
C:\pos299.tmp
C:\pos29A.tmp
C:\pos29B.tmp
C:\pos29C.tmp
C:\pos29D.tmp
C:\pos29E.tmp
C:\pos29F.tmp
C:\pos2A.tmp
C:\pos2A0.tmp
C:\pos2A1.tmp
C:\pos2A2.tmp
C:\pos2A3.tmp
C:\pos2A4.tmp
C:\pos2A5.tmp
C:\pos2A6.tmp
C:\pos2A7.tmp
C:\pos2A8.tmp
C:\pos2A9.tmp
C:\pos2AA.tmp
C:\pos2AB.tmp
C:\pos2AC.tmp
C:\pos2AD.tmp
C:\pos2AE.tmp
C:\pos2AF.tmp
C:\pos2B.tmp
C:\pos2B0.tmp
C:\pos2B1.tmp
C:\pos2B2.tmp
C:\pos2B3.tmp
C:\pos2B4.tmp
C:\pos2B5.tmp
C:\pos2B6.tmp
C:\pos2B7.tmp
C:\pos2B8.tmp
C:\pos2B9.tmp
C:\pos2BA.tmp
C:\pos2BB.tmp
C:\pos2BC.tmp
C:\pos2BD.tmp
C:\pos2BE.tmp
C:\pos2BF.tmp
C:\pos2C.tmp
C:\pos2C0.tmp
C:\pos2C1.tmp
C:\pos2C2.tmp
C:\pos2C3.tmp
C:\pos2C4.tmp
C:\pos2C5.tmp
C:\pos2C6.tmp
C:\pos2C7.tmp
C:\pos2C8.tmp
C:\pos2C9.tmp
C:\pos2CA.tmp
C:\pos2CB.tmp
C:\pos2CC.tmp
C:\pos2CD.tmp
C:\pos2CE.tmp
C:\pos2CF.tmp
C:\pos2D.tmp
C:\pos2D0.tmp
C:\pos2D1.tmp
C:\pos2D2.tmp
C:\pos2D3.tmp
C:\pos2D4.tmp
C:\pos2D5.tmp
C:\pos2D6.tmp
C:\pos2D7.tmp
C:\pos2D8.tmp
C:\pos2D9.tmp
C:\pos2DA.tmp
C:\pos2DB.tmp
C:\pos2DC.tmp
C:\pos2DD.tmp
C:\pos2DE.tmp
C:\pos2DF.tmp
C:\pos2E.tmp
C:\pos2E0.tmp
C:\pos2E1.tmp
C:\pos2E2.tmp
C:\pos2E3.tmp
C:\pos2E4.tmp
C:\pos2E5.tmp
C:\pos2E6.tmp
C:\pos2E7.tmp
C:\pos2E8.tmp
C:\pos2E9.tmp
C:\pos2EA.tmp
C:\pos2EB.tmp
C:\pos2EC.tmp
C:\pos2ED.tmp
C:\pos2EE.tmp
C:\pos2EF.tmp
C:\pos2F.tmp
C:\pos2F0.tmp
C:\pos2F1.tmp
C:\pos2F2.tmp
C:\pos2F3.tmp
C:\pos2F4.tmp
C:\pos2F5.tmp
C:\pos2F6.tmp
C:\pos2F7.tmp
C:\pos2F8.tmp
C:\pos2F9.tmp
C:\pos2FA.tmp
C:\pos2FB.tmp
C:\pos2FC.tmp
C:\pos2FD.tmp
C:\pos2FE.tmp
C:\pos2FF.tmp
C:\pos3.tmp
C:\pos30.tmp
C:\pos300.tmp
C:\pos301.tmp
C:\pos302.tmp
C:\pos303.tmp
C:\pos304.tmp
C:\pos305.tmp
C:\pos306.tmp
C:\pos307.tmp
C:\pos308.tmp
C:\pos309.tmp
C:\pos30A.tmp
C:\pos30B.tmp
C:\pos30C.tmp
C:\pos30D.tmp
C:\pos30E.tmp
C:\pos30F.tmp
C:\pos31.tmp
C:\pos310.tmp
C:\pos311.tmp
C:\pos312.tmp
C:\pos313.tmp
C:\pos314.tmp
C:\pos315.tmp
C:\pos316.tmp
C:\pos317.tmp
C:\pos318.tmp
C:\pos319.tmp
C:\pos31A.tmp
C:\pos31B.tmp
C:\pos31C.tmp
C:\pos31D.tmp
C:\pos31E.tmp
C:\pos31F.tmp
C:\pos32.tmp
C:\pos320.tmp
C:\pos321.tmp
C:\pos322.tmp
C:\pos323.tmp
C:\pos324.tmp
C:\pos325.tmp
C:\pos326.tmp
C:\pos327.tmp
C:\pos328.tmp
C:\pos329.tmp
C:\pos32A.tmp
C:\pos32B.tmp
C:\pos32C.tmp
C:\pos32D.tmp
C:\pos32E.tmp
C:\pos32F.tmp
C:\pos33.tmp
C:\pos330.tmp
C:\pos331.tmp
C:\pos332.tmp
C:\pos333.tmp
C:\pos334.tmp
C:\pos335.tmp
C:\pos336.tmp
C:\pos337.tmp
C:\pos338.tmp
C:\pos339.tmp
C:\pos33A.tmp
C:\pos33B.tmp
C:\pos33C.tmp
C:\pos33D.tmp
C:\pos33E.tmp
C:\pos33F.tmp
C:\pos34.tmp
C:\pos340.tmp
C:\pos341.tmp
C:\pos342.tmp
C:\pos343.tmp
C:\pos344.tmp
C:\pos345.tmp
C:\pos346.tmp
C:\pos347.tmp
C:\pos348.tmp
C:\pos349.tmp
C:\pos34A.tmp
C:\pos34B.tmp
C:\pos34C.tmp
C:\pos34D.tmp
C:\pos34E.tmp
C:\pos34F.tmp
C:\pos35.tmp
C:\pos350.tmp
C:\pos351.tmp
C:\pos352.tmp
C:\pos353.tmp
C:\pos354.tmp
C:\pos355.tmp
C:\pos356.tmp
C:\pos357.tmp
C:\pos358.tmp
C:\pos359.tmp
C:\pos35A.tmp
C:\pos35B.tmp
C:\pos35C.tmp
C:\pos35D.tmp
C:\pos35E.tmp
C:\pos35F.tmp
C:\pos36.tmp
C:\pos360.tmp
C:\pos361.tmp
C:\pos362.tmp
C:\pos363.tmp
C:\pos364.tmp
C:\pos365.tmp
C:\pos366.tmp
C:\pos367.tmp
C:\pos368.tmp
C:\pos369.tmp
C:\pos36A.tmp
C:\pos36B.tmp
C:\pos36C.tmp
C:\pos36D.tmp
C:\pos36E.tmp
C:\pos36F.tmp
C:\pos37.tmp
C:\pos370.tmp
C:\pos371.tmp
C:\pos372.tmp
C:\pos373.tmp
C:\pos374.tmp
C:\pos375.tmp
C:\pos376.tmp
C:\pos377.tmp
C:\pos378.tmp
C:\pos379.tmp
C:\pos37A.tmp
C:\pos37B.tmp
C:\pos37C.tmp
C:\pos37D.tmp
C:\pos37E.tmp
C:\pos37F.tmp
C:\pos38.tmp
C:\pos380.tmp
C:\pos381.tmp
C:\pos382.tmp
C:\pos383.tmp
C:\pos384.tmp
C:\pos385.tmp
C:\pos386.tmp
C:\pos387.tmp
C:\pos388.tmp
C:\pos389.tmp
C:\pos38A.tmp
C:\pos38B.tmp
C:\pos38C.tmp
C:\pos38D.tmp
C:\pos38E.tmp
C:\pos38F.tmp
C:\pos39.tmp
C:\pos390.tmp
C:\pos391.tmp
C:\pos392.tmp
C:\pos393.tmp
C:\pos394.tmp
C:\pos395.tmp
C:\pos396.tmp
C:\pos397.tmp
C:\pos398.tmp
C:\pos399.tmp
C:\pos39A.tmp
C:\pos39B.tmp
C:\pos39C.tmp
C:\pos39D.tmp
C:\pos39E.tmp
C:\pos39F.tmp

C:\pos3A.tmp
C:\pos3A0.tmp
C:\pos3A1.tmp
C:\pos3A2.tmp
C:\pos3A3.tmp
C:\pos3A4.tmp
C:\pos3A5.tmp
C:\pos3A6.tmp
C:\pos3A7.tmp
C:\pos3A8.tmp
C:\pos3A9.tmp
C:\pos3AA.tmp
C:\pos3AB.tmp
C:\pos3AC.tmp
C:\pos3AD.tmp
C:\pos3AE.tmp
C:\pos3AF.tmp
C:\pos3B.tmp
C:\pos3B0.tmp
C:\pos3B1.tmp
C:\pos3B2.tmp
C:\pos3B3.tmp
C:\pos3B4.tmp
C:\pos3B5.tmp
C:\pos3B6.tmp
C:\pos3B7.tmp
C:\pos3B8.tmp
C:\pos3B9.tmp
C:\pos3BA.tmp
C:\pos3BB.tmp
C:\pos3BC.tmp
C:\pos3BD.tmp
C:\pos3BE.tmp
C:\pos3BF.tmp
C:\pos3C.tmp
C:\pos3C0.tmp
C:\pos3C1.tmp
C:\pos3C2.tmp
C:\pos3C3.tmp
C:\pos3C4.tmp
C:\pos3C5.tmp
C:\pos3C6.tmp
C:\pos3C7.tmp
C:\pos3C8.tmp
C:\pos3C9.tmp
C:\pos3CA.tmp
C:\pos3CB.tmp
C:\pos3CC.tmp
C:\pos3CD.tmp
C:\pos3CE.tmp
C:\pos3CF.tmp
C:\pos3D.tmp
C:\pos3D0.tmp
C:\pos3D1.tmp
C:\pos3D2.tmp
C:\pos3D3.tmp
C:\pos3D4.tmp
C:\pos3D5.tmp
C:\pos3D6.tmp
C:\pos3D7.tmp
C:\pos3D8.tmp
C:\pos3D9.tmp
C:\pos3DA.tmp
C:\pos3DB.tmp
C:\pos3DC.tmp
C:\pos3DD.tmp
C:\pos3DE.tmp
C:\pos3DF.tmp
C:\pos3E.tmp
C:\pos3E0.tmp
C:\pos3E1.tmp
C:\pos3E2.tmp
C:\pos3E3.tmp
C:\pos3E4.tmp
C:\pos3E5.tmp
C:\pos3E6.tmp
C:\pos3E7.tmp
C:\pos3E8.tmp
C:\pos3E9.tmp
C:\pos3EA.tmp
C:\pos3EB.tmp
C:\pos3EC.tmp
C:\pos3ED.tmp
C:\pos3EE.tmp
C:\pos3EF.tmp
C:\pos3F.tmp
C:\pos3F0.tmp
C:\pos3F1.tmp
C:\pos3F2.tmp
C:\pos3F3.tmp
C:\pos3F4.tmp
C:\pos3F5.tmp
C:\pos3F6.tmp
C:\pos3F7.tmp
C:\pos3F8.tmp
C:\pos3F9.tmp
C:\pos3FA.tmp
C:\pos3FB.tmp
C:\pos3FC.tmp
C:\pos3FD.tmp
C:\pos3FE.tmp
C:\pos3FF.tmp
C:\pos4.tmp
C:\pos40.tmp
C:\pos400.tmp
C:\pos401.tmp
C:\pos402.tmp
C:\pos403.tmp
C:\pos404.tmp
C:\pos405.tmp
C:\pos406.tmp
C:\pos407.tmp
C:\pos408.tmp
C:\pos409.tmp
C:\pos40A.tmp
C:\pos40B.tmp
C:\pos40C.tmp
C:\pos40D.tmp
C:\pos40E.tmp
C:\pos40F.tmp
C:\pos41.tmp
C:\pos410.tmp
C:\pos411.tmp
C:\pos412.tmp
C:\pos413.tmp
C:\pos414.tmp
C:\pos415.tmp
C:\pos416.tmp
C:\pos417.tmp
C:\pos418.tmp
C:\pos419.tmp
C:\pos41A.tmp
C:\pos41B.tmp
C:\pos41C.tmp
C:\pos41D.tmp
C:\pos41E.tmp
C:\pos41F.tmp
C:\pos42.tmp
C:\pos420.tmp
C:\pos421.tmp
C:\pos422.tmp
C:\pos423.tmp
C:\pos424.tmp
C:\pos425.tmp
C:\pos426.tmp
C:\pos427.tmp
C:\pos428.tmp
C:\pos429.tmp
C:\pos42A.tmp
C:\pos42B.tmp
C:\pos42C.tmp
C:\pos42D.tmp
C:\pos42E.tmp
C:\pos42F.tmp
C:\pos43.tmp
C:\pos430.tmp
C:\pos431.tmp
C:\pos432.tmp
C:\pos433.tmp
C:\pos434.tmp
C:\pos435.tmp
C:\pos436.tmp
C:\pos437.tmp
C:\pos438.tmp
C:\pos439.tmp
C:\pos43A.tmp
C:\pos43B.tmp
C:\pos43C.tmp
C:\pos43D.tmp
C:\pos43E.tmp
C:\pos43F.tmp
C:\pos44.tmp
C:\pos440.tmp
C:\pos441.tmp
C:\pos442.tmp
C:\pos443.tmp
C:\pos444.tmp
C:\pos445.tmp
C:\pos446.tmp
C:\pos447.tmp
C:\pos448.tmp
C:\pos449.tmp
C:\pos44A.tmp
C:\pos44B.tmp
C:\pos44C.tmp
C:\pos44D.tmp
C:\pos44E.tmp
C:\pos44F.tmp
C:\pos45.tmp
C:\pos450.tmp
C:\pos451.tmp
C:\pos452.tmp
C:\pos453.tmp
C:\pos454.tmp
C:\pos455.tmp
C:\pos456.tmp
C:\pos457.tmp
C:\pos458.tmp
C:\pos459.tmp
C:\pos45A.tmp
C:\pos45B.tmp
C:\pos45C.tmp
C:\pos45D.tmp
C:\pos45E.tmp
C:\pos45F.tmp
C:\pos46.tmp
C:\pos460.tmp
C:\pos461.tmp
C:\pos462.tmp
C:\pos463.tmp
C:\pos464.tmp
C:\pos465.tmp
C:\pos466.tmp
C:\pos467.tmp
C:\pos468.tmp
C:\pos469.tmp
C:\pos46A.tmp
C:\pos46B.tmp
C:\pos46C.tmp
C:\pos46D.tmp
C:\pos46E.tmp
C:\pos46F.tmp
C:\pos47.tmp
C:\pos470.tmp
C:\pos471.tmp
C:\pos472.tmp
C:\pos473.tmp
C:\pos474.tmp
C:\pos475.tmp
C:\pos476.tmp
C:\pos477.tmp
C:\pos478.tmp
C:\pos479.tmp
C:\pos47A.tmp
C:\pos47B.tmp
C:\pos47C.tmp
C:\pos47D.tmp
C:\pos47E.tmp
C:\pos47F.tmp
C:\pos48.tmp
C:\pos480.tmp
C:\pos481.tmp
C:\pos482.tmp
C:\pos483.tmp
C:\pos484.tmp
C:\pos485.tmp
C:\pos486.tmp
C:\pos487.tmp
C:\pos488.tmp
C:\pos489.tmp
C:\pos48A.tmp
C:\pos48B.tmp
C:\pos48C.tmp
C:\pos48D.tmp
C:\pos48E.tmp
C:\pos48F.tmp
C:\pos49.tmp
C:\pos490.tmp
C:\pos491.tmp
C:\pos492.tmp
C:\pos493.tmp
C:\pos494.tmp
C:\pos495.tmp
C:\pos496.tmp
C:\pos497.tmp
C:\pos498.tmp
C:\pos499.tmp
C:\pos49A.tmp
C:\pos49B.tmp
C:\pos49C.tmp
C:\pos49D.tmp
C:\pos49E.tmp
C:\pos49F.tmp
C:\pos4A.tmp
C:\pos4A0.tmp
C:\pos4A1.tmp
C:\pos4A2.tmp
C:\pos4A3.tmp
C:\pos4A4.tmp
C:\pos4A5.tmp
C:\pos4A6.tmp
C:\pos4A7.tmp
C:\pos4A8.tmp
C:\pos4A9.tmp
C:\pos4AA.tmp
C:\pos4AB.tmp
C:\pos4AC.tmp
C:\pos4AD.tmp
C:\pos4AE.tmp
C:\pos4AF.tmp
C:\pos4B.tmp
C:\pos4B0.tmp
C:\pos4B1.tmp
C:\pos4B2.tmp
C:\pos4B3.tmp
C:\pos4B4.tmp
C:\pos4B5.tmp
C:\pos4B6.tmp
C:\pos4B7.tmp
C:\pos4B8.tmp
C:\pos4B9.tmp
C:\pos4BA.tmp
C:\pos4BB.tmp
C:\pos4BC.tmp
C:\pos4BD.tmp
C:\pos4BE.tmp
C:\pos4BF.tmp
C:\pos4C.tmp
C:\pos4C0.tmp
C:\pos4C1.tmp
C:\pos4C2.tmp
C:\pos4C3.tmp
C:\pos4C4.tmp
C:\pos4C5.tmp
C:\pos4C6.tmp
C:\pos4C7.tmp
C:\pos4C8.tmp
C:\pos4C9.tmp
C:\pos4CA.tmp
C:\pos4CB.tmp
C:\pos4CC.tmp
C:\pos4CD.tmp
C:\pos4CE.tmp
C:\pos4CF.tmp
C:\pos4D.tmp
C:\pos4D0.tmp
C:\pos4D1.tmp
C:\pos4D2.tmp
C:\pos4D3.tmp
C:\pos4D4.tmp
C:\pos4D5.tmp
C:\pos4D6.tmp
C:\pos4D7.tmp
C:\pos4D8.tmp
C:\pos4D9.tmp
C:\pos4DA.tmp
C:\pos4DB.tmp
C:\pos4DC.tmp
C:\pos4DD.tmp
C:\pos4DE.tmp
C:\pos4DF.tmp
C:\pos4E.tmp
C:\pos4E0.tmp
C:\pos4E1.tmp
C:\pos4E2.tmp
C:\pos4E3.tmp
C:\pos4E4.tmp
C:\pos4E5.tmp
C:\pos4E6.tmp
C:\pos4E7.tmp
C:\pos4E8.tmp
C:\pos4E9.tmp
C:\pos4EA.tmp
C:\pos4EB.tmp
C:\pos4EC.tmp
C:\pos4ED.tmp
C:\pos4EE.tmp
C:\pos4EF.tmp
C:\pos4F.tmp
C:\pos4F0.tmp
C:\pos4F1.tmp
C:\pos4F2.tmp
C:\pos4F3.tmp
C:\pos4F4.tmp
C:\pos4F5.tmp
C:\pos4F6.tmp
C:\pos4F7.tmp
C:\pos4F8.tmp
C:\pos4F9.tmp
C:\pos4FA.tmp
C:\pos4FB.tmp
C:\pos4FC.tmp
C:\pos4FD.tmp
C:\pos4FE.tmp
C:\pos4FF.tmp
C:\pos5.tmp
C:\pos50.tmp
C:\pos500.tmp
C:\pos501.tmp
C:\pos502.tmp
C:\pos503.tmp
C:\pos504.tmp
C:\pos505.tmp
C:\pos506.tmp
C:\pos507.tmp
C:\pos508.tmp
C:\pos509.tmp
C:\pos50A.tmp
C:\pos50B.tmp
C:\pos50C.tmp
C:\pos50D.tmp
C:\pos50E.tmp
C:\pos50F.tmp
C:\pos51.tmp
C:\pos510.tmp
C:\pos511.tmp
C:\pos512.tmp
C:\pos513.tmp
C:\pos514.tmp
C:\pos515.tmp
C:\pos516.tmp
C:\pos517.tmp
C:\pos518.tmp
C:\pos519.tmp
C:\pos51A.tmp
C:\pos51B.tmp
C:\pos51C.tmp
C:\pos51D.tmp
C:\pos51E.tmp
C:\pos51F.tmp
C:\pos52.tmp
C:\pos520.tmp
C:\pos521.tmp
C:\pos522.tmp
C:\pos523.tmp
C:\pos524.tmp
C:\pos525.tmp
C:\pos526.tmp
C:\pos527.tmp
C:\pos528.tmp
C:\pos529.tmp
C:\pos52A.tmp
C:\pos52B.tmp
C:\pos52C.tmp
C:\pos52D.tmp
C:\pos52E.tmp
C:\pos52F.tmp
C:\pos53.tmp
C:\pos530.tmp
C:\pos531.tmp
C:\pos532.tmp
C:\pos533.tmp
C:\pos534.tmp
C:\pos535.tmp
C:\pos536.tmp
C:\pos537.tmp
C:\pos538.tmp
C:\pos539.tmp
C:\pos53A.tmp
C:\pos53B.tmp
C:\pos53C.tmp
C:\pos53D.tmp
C:\pos53E.tmp
C:\pos53F.tmp
C:\pos54.tmp
C:\pos540.tmp
C:\pos541.tmp
C:\pos542.tmp
C:\pos543.tmp
C:\pos544.tmp
C:\pos545.tmp
C:\pos546.tmp
C:\pos547.tmp
C:\pos548.tmp
C:\pos549.tmp
C:\pos54A.tmp
C:\pos54B.tmp
C:\pos54C.tmp
C:\pos54D.tmp
C:\pos54E.tmp
C:\pos54F.tmp
C:\pos55.tmp
C:\pos550.tmp
C:\pos551.tmp
C:\pos552.tmp
C:\pos553.tmp
C:\pos554.tmp
C:\pos555.tmp
C:\pos556.tmp
C:\pos557.tmp
C:\pos558.tmp
C:\pos559.tmp
C:\pos55A.tmp
C:\pos55B.tmp
C:\pos55C.tmp
C:\pos55D.tmp
C:\pos55E.tmp
C:\pos55F.tmp
C:\pos56.tmp
C:\pos560.tmp
C:\pos561.tmp
C:\pos562.tmp
C:\pos563.tmp
C:\pos564.tmp
C:\pos565.tmp
C:\pos566.tmp
C:\pos567.tmp
C:\pos568.tmp
C:\pos569.tmp
C:\pos56A.tmp
C:\pos56B.tmp
C:\pos56C.tmp
C:\pos56D.tmp
C:\pos56E.tmp
C:\pos56F.tmp
C:\pos57.tmp
C:\pos570.tmp
C:\pos571.tmp
C:\pos572.tmp
C:\pos573.tmp
C:\pos574.tmp
C:\pos575.tmp
C:\pos576.tmp
C:\pos577.tmp
C:\pos578.tmp
C:\pos579.tmp
C:\pos57A.tmp
C:\pos57B.tmp
C:\pos57C.tmp
C:\pos57D.tmp
C:\pos57E.tmp
C:\pos57F.tmp
C:\pos58.tmp
C:\pos580.tmp
C:\pos581.tmp
C:\pos582.tmp
C:\pos583.tmp
C:\pos584.tmp
C:\pos585.tmp
C:\pos586.tmp
C:\pos587.tmp
C:\pos588.tmp
C:\pos589.tmp
C:\pos58A.tmp
C:\pos58B.tmp
C:\pos58C.tmp
C:\pos58D.tmp
C:\pos58E.tmp
C:\pos58F.tmp
C:\pos59.tmp
C:\pos590.tmp
C:\pos591.tmp
C:\pos592.tmp
C:\pos593.tmp
C:\pos594.tmp
C:\pos595.tmp
C:\pos596.tmp
C:\pos597.tmp
C:\pos598.tmp
C:\pos599.tmp
C:\pos59A.tmp
C:\pos59B.tmp
C:\pos59C.tmp
C:\pos59D.tmp
C:\pos59E.tmp
C:\pos59F.tmp
C:\pos5A.tmp
C:\pos5A0.tmp
C:\pos5A1.tmp
C:\pos5A2.tmp
C:\pos5A3.tmp
C:\pos5A4.tmp
C:\pos5A5.tmp
C:\pos5A6.tmp
C:\pos5A7.tmp
C:\pos5A8.tmp
C:\pos5A9.tmp
C:\pos5AA.tmp
C:\pos5AB.tmp
C:\pos5AC.tmp
C:\pos5AD.tmp
C:\pos5AE.tmp
C:\pos5AF.tmp
C:\pos5B.tmp
C:\pos5B0.tmp
C:\pos5B1.tmp
C:\pos5B2.tmp
C:\pos5B3.tmp
C:\pos5B4.tmp
C:\pos5B5.tmp
C:\pos5B6.tmp
C:\pos5B7.tmp
C:\pos5B8.tmp
C:\pos5B9.tmp
C:\pos5BA.tmp
C:\pos5BB.tmp
C:\pos5BC.tmp
C:\pos5BD.tmp
C:\pos5BE.tmp
C:\pos5BF.tmp
C:\pos5C.tmp
C:\pos5C0.tmp
C:\pos5C1.tmp
C:\pos5C2.tmp
C:\pos5C3.tmp
C:\pos5C4.tmp
C:\pos5C5.tmp
C:\pos5C6.tmp
C:\pos5C7.tmp
C:\pos5C8.tmp
C:\pos5C9.tmp
C:\pos5CA.tmp
C:\pos5CB.tmp
C:\pos5CC.tmp
C:\pos5CD.tmp
C:\pos5CE.tmp
C:\pos5CF.tmp
C:\pos5D.tmp
C:\pos5D0.tmp
C:\pos5D1.tmp
C:\pos5D2.tmp
C:\pos5D3.tmp
C:\pos5D4.tmp
C:\pos5D5.tmp
C:\pos5D6.tmp
C:\pos5D7.tmp
C:\pos5D8.tmp
C:\pos5D9.tmp
C:\pos5DA.tmp
C:\pos5DB.tmp
C:\pos5DC.tmp
C:\pos5DD.tmp
C:\pos5DE.tmp
C:\pos5DF.tmp
C:\pos5E.tmp
C:\pos5E0.tmp
C:\pos5E1.tmp
C:\pos5E2.tmp
C:\pos5E3.tmp
C:\pos5E4.tmp
C:\pos5E5.tmp
C:\pos5E6.tmp
C:\pos5E7.tmp
C:\pos5E8.tmp
C:\pos5E9.tmp
C:\pos5EA.tmp
C:\pos5EB.tmp
C:\pos5EC.tmp
C:\pos5ED.tmp
C:\pos5EE.tmp
C:\pos5EF.tmp
C:\pos5F.tmp
C:\pos5F0.tmp
C:\pos5F1.tmp
C:\pos5F2.tmp
C:\pos5F3.tmp
C:\pos5F4.tmp
C:\pos5F5.tmp
C:\pos5F6.tmp
C:\pos5F7.tmp
C:\pos5F8.tmp
C:\pos5F9.tmp
C:\pos5FA.tmp
C:\pos5FB.tmp
C:\pos5FC.tmp
C:\pos5FD.tmp
C:\pos5FE.tmp
C:\pos5FF.tmp
C:\pos6.tmp
C:\pos60.tmp
C:\pos600.tmp
C:\pos601.tmp
C:\pos602.tmp
C:\pos603.tmp
C:\pos604.tmp
C:\pos605.tmp
C:\pos606.tmp
C:\pos607.tmp
C:\pos608.tmp
C:\pos609.tmp
C:\pos60A.tmp
C:\pos60B.tmp
C:\pos60C.tmp
C:\pos60D.tmp
C:\pos60E.tmp
C:\pos60F.tmp
C:\pos61.tmp
C:\pos610.tmp
C:\pos611.tmp
C:\pos612.tmp
C:\pos613.tmp
C:\pos614.tmp
C:\pos615.tmp
C:\pos616.tmp
C:\pos617.tmp
C:\pos618.tmp
C:\pos619.tmp
C:\pos61A.tmp
C:\pos61B.tmp
C:\pos61C.tmp
C:\pos61D.tmp
C:\pos61E.tmp
C:\pos61F.tmp
C:\pos62.tmp
C:\pos620.tmp
C:\pos621.tmp
C:\pos622.tmp
C:\pos623.tmp
C:\pos624.tmp
C:\pos625.tmp
C:\pos626.tmp
C:\pos627.tmp
C:\pos628.tmp
C:\pos629.tmp
C:\pos62A.tmp
C:\pos62B.tmp
C:\pos62C.tmp
C:\pos62D.tmp
C:\pos62E.tmp
C:\pos62F.tmp
C:\pos63.tmp
C:\pos630.tmp
C:\pos631.tmp
C:\pos632.tmp
C:\pos633.tmp
C:\pos634.tmp
C:\pos635.tmp
C:\pos636.tmp
C:\pos637.tmp
C:\pos638.tmp
C:\pos639.tmp
C:\pos63A.tmp
C:\pos63B.tmp
C:\pos63C.tmp
C:\pos63D.tmp
C:\pos63E.tmp
C:\pos63F.tmp
C:\pos64.tmp
C:\pos640.tmp
C:\pos641.tmp
C:\pos642.tmp
C:\pos643.tmp
C:\pos644.tmp
C:\pos645.tmp
C:\pos646.tmp
C:\pos647.tmp
C:\pos648.tmp
C:\pos649.tmp
C:\pos64A.tmp
C:\pos64B.tmp
C:\pos64C.tmp
C:\pos64D.tmp
C:\pos64E.tmp
C:\pos64F.tmp
C:\pos65.tmp
C:\pos650.tmp
C:\pos651.tmp
C:\pos652.tmp
C:\pos653.tmp
C:\pos654.tmp
C:\pos655.tmp
C:\pos656.tmp
C:\pos657.tmp
C:\pos658.tmp
C:\pos659.tmp
C:\pos65A.tmp
C:\pos65B.tmp
C:\pos65C.tmp
C:\pos65D.tmp
C:\pos65E.tmp
C:\pos65F.tmp
C:\pos66.tmp
C:\pos660.tmp
C:\pos661.tmp
C:\pos662.tmp
C:\pos663.tmp
C:\pos664.tmp
C:\pos665.tmp
C:\pos666.tmp
C:\pos667.tmp
C:\pos668.tmp
C:\pos669.tmp
C:\pos66A.tmp
C:\pos66B.tmp
C:\pos66C.tmp
C:\pos66D.tmp
C:\pos66E.tmp
C:\pos66F.tmp
C:\pos67.tmp
C:\pos670.tmp
C:\pos671.tmp
C:\pos672.tmp
C:\pos673.tmp
C:\pos674.tmp
C:\pos675.tmp
C:\pos676.tmp
C:\pos677.tmp
C:\pos678.tmp
C:\pos679.tmp
C:\pos67A.tmp
C:\pos67B.tmp
C:\pos67C.tmp
C:\pos67D.tmp
C:\pos67E.tmp
C:\pos67F.tmp
C:\pos68.tmp
C:\pos680.tmp
C:\pos681.tmp
C:\pos682.tmp
C:\pos683.tmp
C:\pos684.tmp
C:\pos685.tmp
C:\pos686.tmp
C:\pos687.tmp
C:\pos688.tmp
C:\pos689.tmp
C:\pos68A.tmp
C:\pos68B.tmp
C:\pos68C.tmp
C:\pos68D.tmp
C:\pos68E.tmp
C:\pos68F.tmp
C:\pos69.tmp
C:\pos690.tmp
C:\pos691.tmp
C:\pos692.tmp
C:\pos693.tmp
C:\pos694.tmp
C:\pos695.tmp
C:\pos696.tmp
C:\pos697.tmp
C:\pos698.tmp
C:\pos699.tmp
C:\pos69A.tmp
C:\pos69B.tmp
C:\pos69C.tmp
C:\pos69D.tmp
C:\pos69E.tmp
C:\pos69F.tmp
C:\pos6A.tmp
C:\pos6A0.tmp
C:\pos6A1.tmp
C:\pos6A2.tmp
C:\pos6A3.tmp
C:\pos6A4.tmp
C:\pos6A5.tmp
C:\pos6A6.tmp
C:\pos6A7.tmp
C:\pos6A8.tmp
C:\pos6A9.tmp
C:\pos6AA.tmp
C:\pos6AB.tmp
C:\pos6AC.tmp
C:\pos6AD.tmp
C:\pos6AE.tmp
C:\pos6AF.tmp
C:\pos6B.tmp
C:\pos6B0.tmp
C:\pos6B1.tmp
C:\pos6B2.tmp
C:\pos6B3.tmp
C:\pos6B4.tmp
C:\pos6B5.tmp
C:\pos6B6.tmp
C:\pos6B7.tmp
C:\pos6B8.tmp
C:\pos6B9.tmp
C:\pos6BA.tmp
C:\pos6BB.tmp
C:\pos6BC.tmp
C:\pos6BD.tmp
C:\pos6BE.tmp
C:\pos6BF.tmp
C:\pos6C.tmp
C:\pos6C0.tmp
C:\pos6C1.tmp
C:\pos6C2.tmp
C:\pos6C3.tmp
C:\pos6C4.tmp
C:\pos6C5.tmp
C:\pos6C6.tmp
C:\pos6C7.tmp
C:\pos6C8.tmp
C:\pos6C9.tmp
C:\pos6CA.tmp
C:\pos6CB.tmp
C:\pos6CC.tmp
C:\pos6CD.tmp
C:\pos6CE.tmp
C:\pos6CF.tmp
C:\pos6D.tmp
C:\pos6D0.tmp
C:\pos6D1.tmp
C:\pos6D2.tmp
C:\pos6D3.tmp
C:\pos6D4.tmp
C:\pos6D5.tmp
C:\pos6D6.tmp
C:\pos6D7.tmp
C:\pos6D8.tmp
C:\pos6D9.tmp
C:\pos6DA.tmp
C:\pos6DB.tmp
C:\pos6DC.tmp
C:\pos6DD.tmp
C:\pos6DE.tmp
C:\pos6DF.tmp
C:\pos6E.tmp
C:\pos6E0.tmp
C:\pos6E1.tmp
C:\pos6E2.tmp
C:\pos6E3.tmp
C:\pos6E4.tmp
C:\pos6E5.tmp
C:\pos6E6.tmp
C:\pos6E7.tmp
C:\pos6E8.tmp
C:\pos6E9.tmp
C:\pos6EA.tmp
C:\pos6EB.tmp
C:\pos6EC.tmp
C:\pos6ED.tmp
C:\pos6EE.tmp
C:\pos6EF.tmp
C:\pos6F.tmp
C:\pos6F0.tmp
C:\pos6F1.tmp
C:\pos6F2.tmp
C:\pos6F3.tmp
C:\pos6F4.tmp
C:\pos6F5.tmp
C:\pos6F6.tmp
C:\pos6F7.tmp
C:\pos6F8.tmp
C:\pos6F9.tmp
C:\pos6FA.tmp
C:\pos6FB.tmp
C:\pos6FC.tmp
C:\pos6FD.tmp
C:\pos6FE.tmp
C:\pos6FF.tmp
C:\pos7.tmp
C:\pos70.tmp
C:\pos700.tmp
C:\pos701.tmp
C:\pos702.tmp
C:\pos703.tmp
C:\pos704.tmp
C:\pos705.tmp
C:\pos706.tmp
C:\pos707.tmp
C:\pos708.tmp
C:\pos709.tmp
C:\pos70A.tmp
C:\pos70B.tmp
C:\pos70C.tmp
C:\pos70D.tmp
C:\pos70E.tmp
C:\pos70F.tmp
C:\pos71.tmp
C:\pos710.tmp
C:\pos711.tmp
C:\pos712.tmp
C:\pos713.tmp
C:\pos714.tmp
C:\pos715.tmp
C:\pos716.tmp
C:\pos717.tmp
C:\pos718.tmp
C:\pos719.tmp
C:\pos71A.tmp
C:\pos71B.tmp
C:\pos71C.tmp
C:\pos71D.tmp
C:\pos71E.tmp
C:\pos71F.tmp
C:\pos72.tmp
C:\pos720.tmp
C:\pos721.tmp
C:\pos722.tmp
C:\pos723.tmp
C:\pos724.tmp
C:\pos725.tmp
C:\pos726.tmp
C:\pos727.tmp
C:\pos728.tmp
C:\pos729.tmp
C:\pos72A.tmp
C:\pos72B.tmp
C:\pos72C.tmp
C:\pos72D.tmp
C:\pos72E.tmp
C:\pos72F.tmp
C:\pos73.tmp
C:\pos730.tmp
C:\pos731.tmp
C:\pos732.tmp
C:\pos733.tmp
C:\pos734.tmp
C:\pos735.tmp
C:\pos736.tmp
C:\pos737.tmp
C:\pos738.tmp
C:\pos739.tmp
C:\pos73A.tmp
C:\pos73B.tmp
C:\pos73C.tmp
C:\pos73D.tmp
C:\pos73E.tmp
C:\pos73F.tmp
C:\pos74.tmp
C:\pos740.tmp
C:\pos741.tmp
C:\pos742.tmp
C:\pos743.tmp
C:\pos744.tmp
C:\pos745.tmp
C:\pos746.tmp
C:\pos747.tmp
C:\pos748.tmp
C:\pos749.tmp
C:\pos74A.tmp
C:\pos74B.tmp
C:\pos74C.tmp
C:\pos74D.tmp
C:\pos74E.tmp
C:\pos74F.tmp
C:\pos75.tmp
C:\pos750.tmp
C:\pos751.tmp
C:\pos752.tmp
C:\pos753.tmp
C:\pos754.tmp
C:\pos755.tmp
C:\pos756.tmp
C:\pos757.tmp
C:\pos758.tmp
C:\pos759.tmp
C:\pos75A.tmp
C:\pos75B.tmp
C:\pos75C.tmp
C:\pos75D.tmp
C:\pos75E.tmp
C:\pos75F.tmp
C:\pos76.tmp
C:\pos760.tmp
C:\pos761.tmp
C:\pos762.tmp
C:\pos763.tmp
C:\pos764.tmp
C:\pos765.tmp
C:\pos766.tmp
C:\pos767.tmp
C:\pos768.tmp
C:\pos769.tmp
C:\pos76A.tmp
C:\pos76B.tmp
C:\pos76C.tmp
C:\pos76D.tmp
C:\pos76E.tmp
C:\pos76F.tmp
C:\pos77.tmp
C:\pos770.tmp
C:\pos771.tmp
C:\pos772.tmp
C:\pos773.tmp
C:\pos774.tmp
C:\pos775.tmp
C:\pos776.tmp
C:\pos777.tmp
C:\pos778.tmp
C:\pos779.tmp
C:\pos77A.tmp
C:\pos77B.tmp
C:\pos77C.tmp
C:\pos77D.tmp
C:\pos77E.tmp
C:\pos77F.tmp
C:\pos78.tmp
C:\pos780.tmp
C:\pos781.tmp
C:\pos782.tmp
C:\pos783.tmp
C:\pos784.tmp
C:\pos785.tmp
C:\pos786.tmp
C:\pos787.tmp
C:\pos788.tmp
C:\pos789.tmp
C:\pos78A.tmp
C:\pos78B.tmp
C:\pos78C.tmp
C:\pos78D.tmp
C:\pos78E.tmp
C:\pos78F.tmp
C:\pos79.tmp
C:\pos790.tmp
C:\pos791.tmp
C:\pos792.tmp
C:\pos793.tmp
C:\pos794.tmp
C:\pos795.tmp
C:\pos796.tmp
C:\pos797.tmp
C:\pos798.tmp
C:\pos799.tmp
C:\pos79A.tmp
C:\pos79B.tmp
C:\pos79C.tmp
C:\pos79D.tmp
C:\pos79E.tmp
C:\pos79F.tmp
C:\pos7A.tmp
C:\pos7A0.tmp
C:\pos7A1.tmp
C:\pos7A2.tmp
C:\pos7A3.tmp
C:\pos7A4.tmp
C:\pos7A5.tmp
C:\pos7A6.tmp
C:\pos7A7.tmp
C:\pos7A8.tmp
C:\pos7A9.tmp
C:\pos7AA.tmp
C:\pos7AB.tmp
C:\pos7AC.tmp
C:\pos7AD.tmp
C:\pos7AE.tmp
C:\pos7AF.tmp
C:\pos7B.tmp
C:\pos7B0.tmp
C:\pos7B1.tmp
C:\pos7B2.tmp
C:\pos7B3.tmp
C:\pos7B4.tmp
C:\pos7B5.tmp
C:\pos7B6.tmp
C:\pos7B7.tmp
C:\pos7B8.tmp
C:\pos7B9.tmp
C:\pos7BA.tmp
C:\pos7BB.tmp
C:\pos7BC.tmp
C:\pos7BD.tmp
C:\pos7BE.tmp
C:\pos7BF.tmp
C:\pos7C.tmp
C:\pos7C0.tmp
C:\pos7C1.tmp
C:\pos7C2.tmp
C:\pos7C3.tmp
C:\pos7C4.tmp
C:\pos7C5.tmp
C:\pos7C6.tmp
C:\pos7C7.tmp
C:\pos7C8.tmp
C:\pos7C9.tmp
C:\pos7CA.tmp
C:\pos7CB.tmp
C:\pos7CC.tmp
C:\pos7CD.tmp
C:\pos7CE.tmp
C:\pos7CF.tmp
C:\pos7D.tmp
C:\pos7D0.tmp
C:\pos7D1.tmp
C:\pos7D2.tmp
C:\pos7D3.tmp
C:\pos7D4.tmp
C:\pos7D5.tmp
C:\pos7D6.tmp
C:\pos7D7.tmp
C:\pos7D8.tmp
C:\pos7D9.tmp
C:\pos7DA.tmp
C:\pos7DB.tmp
C:\pos7DC.tmp
C:\pos7DD.tmp
C:\pos7DE.tmp
C:\pos7DF.tmp
C:\pos7E.tmp
C:\pos7E0.tmp
C:\pos7E1.tmp
C:\pos7E2.tmp
C:\pos7E3.tmp
C:\pos7E4.tmp
C:\pos7E5.tmp
C:\pos7E6.tmp
C:\pos7E7.tmp
C:\pos7E8.tmp
C:\pos7E9.tmp
C:\pos7EA.tmp
C:\pos7EB.tmp
C:\pos7EC.tmp
C:\pos7ED.tmp
C:\pos7EE.tmp
C:\pos7EF.tmp
C:\pos7F.tmp
C:\pos7F0.tmp
C:\pos7F1.tmp
C:\pos7F2.tmp
C:\pos7F3.tmp
C:\pos7F4.tmp
C:\pos7F5.tmp
C:\pos7F6.tmp
C:\pos7F7.tmp
C:\pos7F8.tmp
C:\pos7F9.tmp
C:\pos7FA.tmp
C:\pos7FB.tmp
C:\pos7FC.tmp
C:\pos7FD.tmp
C:\pos7FE.tmp
C:\pos7FF.tmp
C:\pos8.tmp
C:\pos80.tmp

C:\pos800.tmp
C:\pos801.tmp
C:\pos802.tmp
C:\pos803.tmp
C:\pos804.tmp
C:\pos805.tmp
C:\pos806.tmp
C:\pos807.tmp
C:\pos808.tmp
C:\pos809.tmp
C:\pos80A.tmp
C:\pos80B.tmp
C:\pos80C.tmp
C:\pos80D.tmp
C:\pos80E.tmp
C:\pos80F.tmp
C:\pos81.tmp
C:\pos810.tmp
C:\pos811.tmp
C:\pos812.tmp
C:\pos813.tmp
C:\pos814.tmp
C:\pos815.tmp
C:\pos816.tmp
C:\pos817.tmp
C:\pos818.tmp
C:\pos819.tmp
C:\pos81A.tmp
C:\pos81B.tmp
C:\pos81C.tmp
C:\pos81D.tmp
C:\pos81E.tmp
C:\pos81F.tmp
C:\pos82.tmp
C:\pos820.tmp
C:\pos821.tmp
C:\pos822.tmp
C:\pos823.tmp
C:\pos824.tmp
C:\pos825.tmp
C:\pos826.tmp
C:\pos827.tmp
C:\pos828.tmp
C:\pos829.tmp
C:\pos82A.tmp
C:\pos82B.tmp
C:\pos82C.tmp
C:\pos82D.tmp
C:\pos82E.tmp
C:\pos82F.tmp
C:\pos83.tmp
C:\pos830.tmp
C:\pos831.tmp
C:\pos832.tmp
C:\pos833.tmp
C:\pos834.tmp
C:\pos835.tmp
C:\pos836.tmp
C:\pos837.tmp
C:\pos838.tmp
C:\pos839.tmp
C:\pos83A.tmp
C:\pos83B.tmp
C:\pos83C.tmp
C:\pos83D.tmp
C:\pos83E.tmp
C:\pos83F.tmp
C:\pos84.tmp
C:\pos840.tmp
C:\pos841.tmp
C:\pos842.tmp
C:\pos843.tmp
C:\pos844.tmp
C:\pos845.tmp
C:\pos846.tmp
C:\pos847.tmp
C:\pos848.tmp
C:\pos849.tmp
C:\pos84A.tmp
C:\pos84B.tmp
C:\pos84C.tmp
C:\pos84D.tmp
C:\pos84E.tmp
C:\pos84F.tmp
C:\pos85.tmp
C:\pos850.tmp
C:\pos851.tmp
C:\pos852.tmp
C:\pos853.tmp
C:\pos854.tmp
C:\pos855.tmp
C:\pos856.tmp
C:\pos857.tmp
C:\pos858.tmp
C:\pos859.tmp
C:\pos85A.tmp
C:\pos85B.tmp
C:\pos85C.tmp
C:\pos85D.tmp
C:\pos85E.tmp
C:\pos85F.tmp
C:\pos86.tmp
C:\pos860.tmp
C:\pos861.tmp
C:\pos862.tmp
C:\pos863.tmp
C:\pos864.tmp
C:\pos865.tmp
C:\pos866.tmp
C:\pos867.tmp
C:\pos868.tmp
C:\pos869.tmp
C:\pos86A.tmp
C:\pos86B.tmp
C:\pos86C.tmp
C:\pos86D.tmp
C:\pos86E.tmp
C:\pos86F.tmp
C:\pos87.tmp
C:\pos870.tmp
C:\pos871.tmp
C:\pos872.tmp
C:\pos873.tmp
C:\pos874.tmp
C:\pos875.tmp
C:\pos876.tmp
C:\pos877.tmp
C:\pos878.tmp
C:\pos879.tmp
C:\pos87A.tmp
C:\pos87B.tmp
C:\pos87C.tmp
C:\pos87D.tmp
C:\pos87E.tmp
C:\pos87F.tmp
C:\pos88.tmp
C:\pos880.tmp
C:\pos881.tmp
C:\pos882.tmp
C:\pos883.tmp
C:\pos884.tmp
C:\pos885.tmp
C:\pos886.tmp
C:\pos887.tmp
C:\pos888.tmp
C:\pos889.tmp
C:\pos88A.tmp
C:\pos88B.tmp
C:\pos88C.tmp
C:\pos88D.tmp
C:\pos88E.tmp
C:\pos88F.tmp
C:\pos89.tmp
C:\pos890.tmp
C:\pos891.tmp
C:\pos892.tmp
C:\pos893.tmp
C:\pos894.tmp
C:\pos895.tmp
C:\pos896.tmp
C:\pos897.tmp
C:\pos898.tmp
C:\pos899.tmp
C:\pos89A.tmp
C:\pos89B.tmp
C:\pos89C.tmp
C:\pos89D.tmp
C:\pos89E.tmp
C:\pos89F.tmp
C:\pos8A.tmp
C:\pos8A0.tmp
C:\pos8A1.tmp
C:\pos8A2.tmp
C:\pos8A3.tmp
C:\pos8A4.tmp
C:\pos8A5.tmp
C:\pos8A6.tmp
C:\pos8A7.tmp
C:\pos8A8.tmp
C:\pos8A9.tmp
C:\pos8AA.tmp
C:\pos8AB.tmp
C:\pos8AC.tmp
C:\pos8AD.tmp
C:\pos8AE.tmp
C:\pos8AF.tmp
C:\pos8B.tmp
C:\pos8B0.tmp
C:\pos8B1.tmp
C:\pos8B2.tmp
C:\pos8B3.tmp
C:\pos8B4.tmp
C:\pos8B5.tmp
C:\pos8B6.tmp
C:\pos8B7.tmp
C:\pos8B8.tmp
C:\pos8B9.tmp
C:\pos8BA.tmp
C:\pos8BB.tmp
C:\pos8BC.tmp
C:\pos8BD.tmp
C:\pos8BE.tmp
C:\pos8BF.tmp
C:\pos8C.tmp
C:\pos8C0.tmp
C:\pos8C1.tmp
C:\pos8C2.tmp
C:\pos8C3.tmp
C:\pos8C4.tmp
C:\pos8C5.tmp
C:\pos8C6.tmp
C:\pos8C7.tmp
C:\pos8C8.tmp
C:\pos8C9.tmp
C:\pos8CA.tmp
C:\pos8CB.tmp
C:\pos8CC.tmp
C:\pos8CD.tmp
C:\pos8CE.tmp
C:\pos8CF.tmp
C:\pos8D.tmp
C:\pos8D0.tmp
C:\pos8D1.tmp
C:\pos8D2.tmp
C:\pos8D3.tmp
C:\pos8D4.tmp
C:\pos8D5.tmp
C:\pos8D6.tmp
C:\pos8D7.tmp
C:\pos8D8.tmp
C:\pos8D9.tmp
C:\pos8DA.tmp
C:\pos8DB.tmp
C:\pos8DC.tmp
C:\pos8DD.tmp
C:\pos8DE.tmp
C:\pos8DF.tmp
C:\pos8E.tmp
C:\pos8E0.tmp
C:\pos8E1.tmp
C:\pos8E2.tmp
C:\pos8E3.tmp
C:\pos8E4.tmp
C:\pos8E5.tmp
C:\pos8E6.tmp
C:\pos8E7.tmp
C:\pos8E8.tmp
C:\pos8E9.tmp
C:\pos8EA.tmp
C:\pos8EB.tmp
C:\pos8EC.tmp
C:\pos8ED.tmp
C:\pos8EE.tmp
C:\pos8EF.tmp
C:\pos8F.tmp
C:\pos8F0.tmp
C:\pos8F1.tmp
C:\pos8F2.tmp
C:\pos8F3.tmp
C:\pos8F4.tmp
C:\pos8F5.tmp
C:\pos8F6.tmp
C:\pos8F7.tmp
C:\pos8F8.tmp
C:\pos8F9.tmp
C:\pos8FA.tmp
C:\pos8FB.tmp
C:\pos8FC.tmp
C:\pos8FD.tmp
C:\pos8FE.tmp
C:\pos8FF.tmp
C:\pos9.tmp
C:\pos90.tmp
C:\pos900.tmp
C:\pos901.tmp
C:\pos902.tmp
C:\pos903.tmp
C:\pos904.tmp
C:\pos905.tmp
C:\pos906.tmp
C:\pos907.tmp
C:\pos908.tmp
C:\pos909.tmp
C:\pos90A.tmp
C:\pos90B.tmp
C:\pos90C.tmp
C:\pos90D.tmp
C:\pos90E.tmp
C:\pos90F.tmp
C:\pos91.tmp
C:\pos910.tmp
C:\pos911.tmp
C:\pos912.tmp
C:\pos913.tmp
C:\pos914.tmp
C:\pos915.tmp
C:\pos916.tmp
C:\pos917.tmp
C:\pos918.tmp
C:\pos919.tmp
C:\pos91A.tmp
C:\pos91B.tmp
C:\pos91C.tmp
C:\pos91D.tmp
C:\pos91E.tmp
C:\pos91F.tmp
C:\pos92.tmp
C:\pos920.tmp
C:\pos921.tmp
C:\pos922.tmp
C:\pos923.tmp
C:\pos924.tmp
C:\pos925.tmp
C:\pos926.tmp
C:\pos927.tmp
C:\pos928.tmp
C:\pos929.tmp
C:\pos92A.tmp
C:\pos92B.tmp
C:\pos92C.tmp
C:\pos92D.tmp
C:\pos92E.tmp
C:\pos92F.tmp
C:\pos93.tmp
C:\pos930.tmp
C:\pos931.tmp
C:\pos932.tmp
C:\pos933.tmp
C:\pos934.tmp
C:\pos935.tmp
C:\pos936.tmp
C:\pos937.tmp
C:\pos938.tmp
C:\pos939.tmp
C:\pos93A.tmp
C:\pos93B.tmp
C:\pos93C.tmp
C:\pos93D.tmp
C:\pos93E.tmp
C:\pos93F.tmp
C:\pos94.tmp
C:\pos940.tmp
C:\pos941.tmp
C:\pos942.tmp
C:\pos943.tmp
C:\pos944.tmp
C:\pos945.tmp
C:\pos946.tmp
C:\pos947.tmp
C:\pos948.tmp
C:\pos949.tmp
C:\pos94A.tmp
C:\pos94B.tmp
C:\pos94C.tmp
C:\pos94D.tmp
C:\pos94E.tmp
C:\pos94F.tmp
C:\pos95.tmp
C:\pos950.tmp
C:\pos951.tmp
C:\pos952.tmp
C:\pos953.tmp
C:\pos954.tmp
C:\pos955.tmp
C:\pos956.tmp
C:\pos957.tmp
C:\pos958.tmp
C:\pos959.tmp
C:\pos95A.tmp
C:\pos95B.tmp
C:\pos95C.tmp
C:\pos95D.tmp
C:\pos95E.tmp
C:\pos95F.tmp
C:\pos96.tmp
C:\pos960.tmp
C:\pos961.tmp
C:\pos962.tmp
C:\pos963.tmp
C:\pos964.tmp
C:\pos965.tmp
C:\pos966.tmp
C:\pos967.tmp
C:\pos968.tmp
C:\pos969.tmp
C:\pos96A.tmp
C:\pos96B.tmp
C:\pos96C.tmp
C:\pos96D.tmp
C:\pos96E.tmp
C:\pos96F.tmp
C:\pos97.tmp
C:\pos970.tmp
C:\pos971.tmp
C:\pos972.tmp
C:\pos973.tmp
C:\pos974.tmp
C:\pos975.tmp
C:\pos976.tmp
C:\pos977.tmp
C:\pos978.tmp
C:\pos979.tmp
C:\pos97A.tmp
C:\pos97B.tmp
C:\pos97C.tmp
C:\pos97D.tmp
C:\pos97E.tmp
C:\pos97F.tmp
C:\pos98.tmp
C:\pos980.tmp
C:\pos981.tmp
C:\pos982.tmp
C:\pos983.tmp
C:\pos984.tmp
C:\pos985.tmp
C:\pos986.tmp
C:\pos987.tmp
C:\pos988.tmp
C:\pos989.tmp
C:\pos98A.tmp
C:\pos98B.tmp
C:\pos98C.tmp
C:\pos98D.tmp
C:\pos98E.tmp
C:\pos98F.tmp
C:\pos99.tmp
C:\pos990.tmp
C:\pos991.tmp
C:\pos992.tmp
C:\pos993.tmp
C:\pos994.tmp
C:\pos995.tmp
C:\pos996.tmp
C:\pos997.tmp
C:\pos998.tmp
C:\pos999.tmp
C:\pos99A.tmp
C:\pos99B.tmp
C:\pos99C.tmp
C:\pos99D.tmp
C:\pos99E.tmp
C:\pos99F.tmp
C:\pos9A.tmp
C:\pos9A0.tmp
C:\pos9A1.tmp
C:\pos9A2.tmp
C:\pos9A3.tmp
C:\pos9A4.tmp
C:\pos9A5.tmp
C:\pos9A6.tmp
C:\pos9A7.tmp
C:\pos9A8.tmp
C:\pos9A9.tmp
C:\pos9AA.tmp
C:\pos9AB.tmp
C:\pos9AC.tmp
C:\pos9AD.tmp
C:\pos9AE.tmp
C:\pos9AF.tmp
C:\pos9B.tmp
C:\pos9B0.tmp
C:\pos9B1.tmp
C:\pos9B2.tmp
C:\pos9B3.tmp
C:\pos9B4.tmp
C:\pos9B5.tmp
C:\pos9B6.tmp
C:\pos9B7.tmp
C:\pos9B8.tmp
C:\pos9B9.tmp
C:\pos9BA.tmp
C:\pos9BB.tmp
C:\pos9BC.tmp
C:\pos9BD.tmp
C:\pos9BE.tmp
C:\pos9BF.tmp
C:\pos9C.tmp
C:\pos9C0.tmp
C:\pos9C1.tmp
C:\pos9C2.tmp
C:\pos9C3.tmp
C:\pos9C4.tmp
C:\pos9C5.tmp
C:\pos9C6.tmp
C:\pos9C7.tmp
C:\pos9C8.tmp
C:\pos9C9.tmp
C:\pos9CA.tmp
C:\pos9CB.tmp
C:\pos9CC.tmp
C:\pos9CD.tmp
C:\pos9CE.tmp
C:\pos9CF.tmp
C:\pos9D.tmp
C:\pos9D0.tmp
C:\pos9D1.tmp
C:\pos9D2.tmp
C:\pos9D3.tmp
C:\pos9D4.tmp
C:\pos9D5.tmp
C:\pos9D6.tmp
C:\pos9D7.tmp
C:\pos9D8.tmp
C:\pos9D9.tmp
C:\pos9DA.tmp
C:\pos9DB.tmp
C:\pos9DC.tmp
C:\pos9DD.tmp
C:\pos9DE.tmp
C:\pos9DF.tmp
C:\pos9E.tmp
C:\pos9E0.tmp
C:\pos9E1.tmp
C:\pos9E2.tmp
C:\pos9E3.tmp
C:\pos9E4.tmp
C:\pos9E5.tmp
C:\pos9E6.tmp
C:\pos9E7.tmp
C:\pos9E8.tmp
C:\pos9E9.tmp
C:\pos9EA.tmp
C:\pos9EB.tmp
C:\pos9EC.tmp
C:\pos9ED.tmp
C:\pos9EE.tmp
C:\pos9EF.tmp
C:\pos9F.tmp
C:\pos9F0.tmp
C:\pos9F1.tmp
C:\pos9F2.tmp
C:\pos9F3.tmp
C:\pos9F4.tmp
C:\pos9F5.tmp
C:\pos9F6.tmp
C:\pos9F7.tmp
C:\pos9F8.tmp
C:\pos9F9.tmp
C:\pos9FA.tmp
C:\pos9FB.tmp
C:\pos9FC.tmp
C:\pos9FD.tmp
C:\pos9FE.tmp
C:\pos9FF.tmp
C:\posA.tmp
C:\posA0.tmp
C:\posA00.tmp
C:\posA01.tmp
C:\posA02.tmp
C:\posA03.tmp
C:\posA04.tmp
C:\posA05.tmp
C:\posA06.tmp
C:\posA07.tmp
C:\posA08.tmp
C:\posA09.tmp
C:\posA0A.tmp
C:\posA0B.tmp
C:\posA0C.tmp
C:\posA0D.tmp
C:\posA0E.tmp
C:\posA0F.tmp
C:\posA1.tmp
C:\posA10.tmp
C:\posA11.tmp
C:\posA12.tmp
C:\posA13.tmp
C:\posA14.tmp
C:\posA15.tmp
C:\posA16.tmp
C:\posA17.tmp
C:\posA18.tmp
C:\posA19.tmp
C:\posA1A.tmp
C:\posA1B.tmp
C:\posA1C.tmp
C:\posA1D.tmp
C:\posA1E.tmp
C:\posA1F.tmp
C:\posA2.tmp
C:\posA20.tmp
C:\posA21.tmp
C:\posA22.tmp
C:\posA23.tmp
C:\posA24.tmp
C:\posA25.tmp
C:\posA26.tmp
C:\posA27.tmp
C:\posA28.tmp
C:\posA29.tmp
C:\posA2A.tmp
C:\posA2B.tmp
C:\posA2C.tmp
C:\posA2D.tmp
C:\posA2E.tmp
C:\posA2F.tmp
C:\posA3.tmp
C:\posA30.tmp
C:\posA31.tmp
C:\posA32.tmp
C:\posA33.tmp
C:\posA34.tmp
C:\posA35.tmp
C:\posA36.tmp
C:\posA37.tmp
C:\posA38.tmp
C:\posA39.tmp
C:\posA3A.tmp
C:\posA3B.tmp
C:\posA3C.tmp
C:\posA3D.tmp
C:\posA3E.tmp
C:\posA3F.tmp
C:\posA4.tmp
C:\posA40.tmp
C:\posA41.tmp
C:\posA42.tmp
C:\posA43.tmp
C:\posA44.tmp
C:\posA45.tmp
C:\posA46.tmp
C:\posA47.tmp
C:\posA48.tmp
C:\posA49.tmp
C:\posA4A.tmp
C:\posA4B.tmp
C:\posA4C.tmp
C:\posA4D.tmp
C:\posA4E.tmp
C:\posA4F.tmp
C:\posA5.tmp
C:\posA50.tmp
C:\posA51.tmp
C:\posA52.tmp
C:\posA53.tmp
C:\posA54.tmp
C:\posA55.tmp
C:\posA56.tmp
C:\posA57.tmp
C:\posA58.tmp
C:\posA59.tmp
C:\posA5A.tmp
C:\posA5B.tmp
C:\posA5C.tmp
C:\posA5D.tmp
C:\posA5E.tmp
C:\posA5F.tmp
C:\posA6.tmp
C:\posA60.tmp
C:\posA61.tmp
C:\posA62.tmp
C:\posA63.tmp
C:\posA64.tmp
C:\posA65.tmp
C:\posA66.tmp
C:\posA67.tmp
C:\posA68.tmp
C:\posA69.tmp
C:\posA6A.tmp
C:\posA6B.tmp
C:\posA6C.tmp
C:\posA6D.tmp
C:\posA6E.tmp
C:\posA6F.tmp
C:\posA7.tmp
C:\posA70.tmp
C:\posA71.tmp
C:\posA72.tmp
C:\posA73.tmp
C:\posA74.tmp
C:\posA75.tmp
C:\posA76.tmp
C:\posA77.tmp
C:\posA78.tmp
C:\posA79.tmp
C:\posA7A.tmp
C:\posA7B.tmp
C:\posA7C.tmp
C:\posA7D.tmp
C:\posA7E.tmp
C:\posA7F.tmp
C:\posA8.tmp
C:\posA80.tmp
C:\posA81.tmp
C:\posA82.tmp
C:\posA83.tmp
C:\posA84.tmp
C:\posA85.tmp
C:\posA86.tmp
C:\posA87.tmp
C:\posA88.tmp
C:\posA89.tmp
C:\posA8A.tmp
C:\posA8B.tmp
C:\posA8C.tmp
C:\posA8D.tmp
C:\posA8E.tmp
C:\posA8F.tmp
C:\posA9.tmp
C:\posA90.tmp
C:\posA91.tmp
C:\posA92.tmp
C:\posA93.tmp
C:\posA94.tmp
C:\posA95.tmp
C:\posA96.tmp
C:\posA97.tmp
C:\posA98.tmp
C:\posA99.tmp
C:\posA9A.tmp
C:\posA9B.tmp
C:\posA9C.tmp
C:\posA9D.tmp
C:\posA9E.tmp
C:\posA9F.tmp
C:\posAA.tmp
C:\posAA0.tmp
C:\posAA1.tmp
C:\posAA2.tmp
C:\posAA3.tmp
C:\posAA4.tmp
C:\posAA5.tmp
C:\posAA6.tmp
C:\posAA7.tmp
C:\posAA8.tmp
C:\posAA9.tmp
C:\posAAA.tmp
C:\posAAB.tmp
C:\posAAC.tmp
C:\posAAD.tmp
C:\posAAE.tmp
C:\posAAF.tmp
C:\posAB.tmp
C:\posAB0.tmp
C:\posAB1.tmp
C:\posAB2.tmp
C:\posAB3.tmp
C:\posAB4.tmp
C:\posAB5.tmp
C:\posAB6.tmp
C:\posAB7.tmp
C:\posAB8.tmp
C:\posAB9.tmp
C:\posABA.tmp
C:\posABB.tmp
C:\posABC.tmp
C:\posABD.tmp
C:\posABE.tmp
C:\posABF.tmp
C:\posAC.tmp
C:\posAC0.tmp
C:\posAC1.tmp
C:\posAC2.tmp
C:\posAC3.tmp
C:\posAC4.tmp
C:\posAC5.tmp
C:\posAC6.tmp
C:\posAC7.tmp
C:\posAC8.tmp
C:\posAC9.tmp
C:\posACA.tmp
C:\posACB.tmp
C:\posACC.tmp
C:\posACD.tmp
C:\posACE.tmp
C:\posACF.tmp
C:\posAD.tmp
C:\posAD0.tmp
C:\posAD1.tmp
C:\posAD2.tmp
C:\posAD3.tmp
C:\posAD4.tmp
C:\posAD5.tmp
C:\posAD6.tmp
C:\posAD7.tmp
C:\posAD8.tmp
C:\posAD9.tmp
C:\posADA.tmp
C:\posADB.tmp
C:\posADC.tmp
C:\posADD.tmp
C:\posADE.tmp
C:\posADF.tmp
C:\posAE.tmp
C:\posAE0.tmp
C:\posAE1.tmp
C:\posAE2.tmp
C:\posAE3.tmp
C:\posAE4.tmp
C:\posAE5.tmp
C:\posAE6.tmp
C:\posAE7.tmp
C:\posAE8.tmp
C:\posAE9.tmp
C:\posAEA.tmp
C:\posAEB.tmp
C:\posAEC.tmp
C:\posAED.tmp
C:\posAEE.tmp
C:\posAEF.tmp
C:\posAF.tmp
C:\posAF0.tmp
C:\posAF1.tmp
C:\posAF2.tmp
C:\posAF3.tmp
C:\posAF4.tmp
C:\posAF5.tmp
C:\posAF6.tmp
C:\posAF7.tmp
C:\posAF8.tmp
C:\posAF9.tmp
C:\posAFA.tmp
C:\posAFB.tmp
C:\posAFC.tmp
C:\posAFD.tmp
C:\posAFE.tmp
C:\posAFF.tmp
C:\posB.tmp
C:\posB0.tmp
C:\posB00.tmp
C:\posB01.tmp
C:\posB02.tmp
C:\posB03.tmp
C:\posB04.tmp
C:\posB05.tmp
C:\posB06.tmp
C:\posB07.tmp
C:\posB08.tmp
C:\posB09.tmp
C:\posB0A.tmp
C:\posB0B.tmp
C:\posB0C.tmp
C:\posB0D.tmp
C:\posB0E.tmp
C:\posB0F.tmp
C:\posB1.tmp
C:\posB10.tmp
C:\posB11.tmp
C:\posB12.tmp
C:\posB13.tmp
C:\posB14.tmp
C:\posB15.tmp
C:\posB16.tmp
C:\posB17.tmp
C:\posB18.tmp
C:\posB19.tmp
C:\posB1A.tmp
C:\posB1B.tmp
C:\posB1C.tmp
C:\posB1D.tmp
C:\posB1E.tmp
C:\posB1F.tmp
C:\posB2.tmp
C:\posB20.tmp
C:\posB21.tmp
C:\posB22.tmp
C:\posB23.tmp
C:\posB24.tmp
C:\posB25.tmp
C:\posB26.tmp
C:\posB27.tmp
C:\posB28.tmp
C:\posB29.tmp
C:\posB2A.tmp
C:\posB2B.tmp
C:\posB2C.tmp
C:\posB2D.tmp
C:\posB2E.tmp
C:\posB2F.tmp
C:\posB3.tmp
C:\posB30.tmp
C:\posB31.tmp
C:\posB32.tmp
C:\posB33.tmp
C:\posB34.tmp
C:\posB35.tmp
C:\posB36.tmp
C:\posB37.tmp
C:\posB38.tmp
C:\posB39.tmp
C:\posB3A.tmp
C:\posB3B.tmp
C:\posB3C.tmp
C:\posB3D.tmp
C:\posB3E.tmp
C:\posB3F.tmp
C:\posB4.tmp
C:\posB40.tmp
C:\posB41.tmp
C:\posB42.tmp
C:\posB43.tmp
C:\posB44.tmp
C:\posB45.tmp
C:\posB46.tmp
C:\posB47.tmp
C:\posB48.tmp
C:\posB49.tmp
C:\posB4A.tmp
C:\posB4B.tmp
C:\posB4C.tmp
C:\posB4D.tmp
C:\posB4E.tmp
C:\posB4F.tmp
C:\posB5.tmp
C:\posB50.tmp
C:\posB51.tmp
C:\posB52.tmp
C:\posB53.tmp
C:\posB54.tmp
C:\posB55.tmp
C:\posB56.tmp
C:\posB57.tmp
C:\posB58.tmp
C:\posB59.tmp
C:\posB5A.tmp
C:\posB5B.tmp
C:\posB5D.tmp
C:\posB5E.tmp
C:\posB5F.tmp
C:\posB6.tmp
C:\posB60.tmp
C:\posB61.tmp
C:\posB62.tmp
C:\posB63.tmp
C:\posB64.tmp
C:\posB65.tmp
C:\posB66.tmp
C:\posB67.tmp
C:\posB68.tmp
C:\posB69.tmp
C:\posB6B.tmp
C:\posB6C.tmp
C:\posB6D.tmp
C:\posB6E.tmp
C:\posB7.tmp
C:\posB70.tmp
C:\posB71.tmp
C:\posB72.tmp
C:\posB73.tmp
C:\posB74.tmp
C:\posB75.tmp
C:\posB76.tmp
C:\posB77.tmp
C:\posB78.tmp
C:\posB79.tmp
C:\posB7A.tmp
C:\posB7B.tmp
C:\posB7C.tmp
C:\posB8.tmp
C:\posB80.tmp
C:\posB81.tmp
C:\posB82.tmp
C:\posB83.tmp
C:\posB84.tmp
C:\posB85.tmp
C:\posB86.tmp
C:\posB87.tmp
C:\posB88.tmp
C:\posB89.tmp
C:\posB8A.tmp
C:\posB8B.tmp
C:\posB8D.tmp
C:\posB8E.tmp
C:\posB8F.tmp
C:\posB9.tmp
C:\posB90.tmp
C:\posB91.tmp
C:\posB92.tmp
C:\posB93.tmp
C:\posB94.tmp
C:\posB95.tmp
C:\posB96.tmp
C:\posB97.tmp
C:\posB98.tmp
C:\posB99.tmp
C:\posB9A.tmp
C:\posB9B.tmp
C:\posB9C.tmp
C:\posB9D.tmp
C:\posB9E.tmp
C:\posB9F.tmp
C:\posBA.tmp
C:\posBA0.tmp
C:\posBA1.tmp
C:\posBA2.tmp
C:\posBA3.tmp
C:\posBA4.tmp
C:\posBA5.tmp
C:\posBA6.tmp
C:\posBA7.tmp
C:\posBA8.tmp
C:\posBA9.tmp
C:\posBAA.tmp
C:\posBAB.tmp
C:\posBAC.tmp
C:\posBAD.tmp
C:\posBAE.tmp
C:\posBAF.tmp
C:\posBB.tmp
C:\posBB0.tmp
C:\posBB1.tmp
C:\posBB2.tmp
C:\posBB3.tmp
C:\posBB4.tmp
C:\posBB5.tmp
C:\posBB6.tmp
C:\posBB7.tmp
C:\posBB8.tmp
C:\posBB9.tmp
C:\posBBA.tmp
C:\posBBB.tmp
C:\posBBC.tmp
C:\posBBD.tmp
C:\posBBE.tmp
C:\posBBF.tmp
C:\posBC.tmp
C:\posBD.tmp
C:\posBE.tmp
C:\posBF.tmp
C:\posC.tmp
C:\posC0.tmp
C:\posC1.tmp
C:\posC2.tmp
C:\posC3.tmp
C:\posC4.tmp
C:\posC5.tmp
C:\posC6.tmp
C:\posC7.tmp
C:\posC8.tmp
C:\posC9.tmp
C:\posCA.tmp
C:\posCB.tmp
C:\posCC.tmp
C:\posCD.tmp
C:\posCE.tmp
C:\posCF.tmp
C:\posD.tmp
C:\posD0.tmp
C:\posD1.tmp
C:\posD2.tmp
C:\posD3.tmp
C:\posD4.tmp
C:\posD5.tmp
C:\posD6.tmp
C:\posD7.tmp
C:\posD8.tmp
C:\posD9.tmp
C:\posDA.tmp
C:\posDB.tmp
C:\posDC.tmp
C:\posDD.tmp
C:\posDE.tmp
C:\posDF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE1.tmp
C:\posE2.tmp
C:\posE3.tmp
C:\posE4.tmp
C:\posE5.tmp
C:\posE6.tmp
C:\posE7.tmp
C:\posE8.tmp
C:\posE9.tmp
C:\posEA.tmp
C:\posEB.tmp
C:\posEC.tmp
C:\posED.tmp
C:\posEE.tmp
C:\posEF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF1.tmp
C:\posF2.tmp
C:\posF3.tmp
C:\posF4.tmp
C:\posF5.tmp
C:\posF6.tmp
C:\posF7.tmp
C:\posF8.tmp
C:\posF9.tmp
C:\posFA.tmp
C:\posFB.tmp
C:\posFC.tmp
C:\posFD.tmp
C:\posFE.tmp
C:\posFF.tmp

C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\Spruce
C:\Program Files\Spruce\Spruce.dll
C:\Program Files\Spruce\Spruce.dll.intermediate.manifest
C:\Program Files\Spruce\Spruce.original
C:\Program Files\Spruce\SpruceRg.dll
C:\Program Files\Spruce\un_SpruceSetup_17737.exe
C:\Program Files\Spruce\un_SpruceSetup_17737.txt
C:\WINDOWS\764.exe
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.log
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\abc2
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\asembl~1
C:\WINDOWS\system32\asembl~1\a?sembly\
C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.bak2
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drygvwoc.ini
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\ex1
C:\WINDOWS\system32\gyidaxgj.ini
C:\WINDOWS\system32\ineWc01
C:\WINDOWS\system32\ipd1
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oc9
C:\WINDOWS\system32\shel9
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\wapisvcc32.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-10 12:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 11:50 . 2008-01-10 11:50 <DIR> d-------- C:\VundoFix Backups
2008-01-10 11:32 . 2008-01-10 11:32 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-08 16:46 . 2008-01-08 16:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-08 12:40 . 2008-01-08 12:55 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-08 12:40 . 2008-01-08 12:55 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-08 12:39 . 2008-01-08 12:39 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-08 12:39 . 2008-01-10 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-08 12:39 . 2008-01-10 13:15 2,702,368 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-08 12:39 . 2008-01-10 13:12 36,548 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-08 12:39 . 2008-01-10 13:14 27,168 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-08 12:39 . 2008-01-10 13:12 3,524 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-08 12:33 . 2008-01-08 12:33 <DIR> d-------- C:\KAV
2008-01-08 12:31 . 2008-01-08 12:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-02 23:42 . 2008-01-04 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-02 22:12 . 2008-01-02 22:12 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-02 22:12 . 2008-01-02 22:12 <DIR> d-------- C:\Documents and Settings\Stephanie Thomas\Application Data\Lavasoft
2008-01-02 22:11 . 2008-01-02 22:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 21:12 . 2008-01-02 21:12 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-02 18:29 . 2008-01-08 12:35 <DIR> d-------- C:\Documents and Settings\Stephanie Thomas\Application Data\AVG7
2008-01-02 18:28 . 2008-01-02 18:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-02 18:28 . 2008-01-08 12:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-02 18:17 . 2008-01-02 18:17 <DIR> d-------- C:\Documents and Settings\Administrator.STEPHANIE\Application Data\U3
2008-01-02 17:38 . 2008-01-02 17:38 7,476 --a------ C:\WINDOWS\system\drew.exe
2008-01-02 17:38 . 2008-01-02 17:38 2,920 --a------ C:\WINDOWS\system\igo.exe
2007-12-20 08:25 . 2007-12-20 08:26 109 --ahs---- C:\WINDOWS\system32\201809583.dat
2007-12-19 17:57 . 2006-04-15 07:06 <DIR> d-------- C:\Documents and Settings\Administrator.STEPHANIE\Application Data\Corel
2007-12-19 17:16 . 2007-12-20 08:26 2,920 --a------ C:\win.exe
2007-12-19 17:14 . 2008-01-02 18:23 4,616 --a------ C:\lir.exe
2007-12-18 17:43 . 2007-12-18 17:43 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-18 16:27 . 2008-01-02 17:38 7,328 --a------ C:\WINDOWS\system\head.exe
2007-12-15 17:50 . 2007-12-15 17:50 1,077,336 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2007-12-15 16:57 . 2007-12-15 16:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-12-15 16:50 . 2008-01-10 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-15 16:49 . 2007-12-15 16:49 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2007-12-15 16:46 . 2008-01-02 21:58 <DIR> d--hs---- C:\WINDOWS\U3RlcGhhbmllIFRob21hcw
2007-12-15 16:46 . 2008-01-02 19:01 <DIR> d-------- C:\WINDOWS\system32\ineWc02
2007-12-15 16:46 . 2008-01-10 11:46 <DIR> d-------- C:\Temp
2007-12-15 11:00 . 2007-12-15 11:00 <DIR> d-------- C:\Documents and Settings\Stephanie Thomas\Application Data\Yahoo!
2007-12-15 10:57 . 2007-12-18 16:25 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-15 10:57 . 2007-12-18 16:25 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 23:06 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-03 05:40 --------- d-----w C:\Documents and Settings\Stephanie Thomas\Application Data\U3
2007-12-15 16:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-15 21:36 --------- d-----w C:\Program Files\Compton's Learning
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-16 20:47 868 ----a-w C:\Program Files\VisualBoyAdvance.lnk
2007-04-25 23:23 88 --sh--r C:\WINDOWS\system32\BD75514796.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{259F4E40-BF09-49F4-8EFC-BFFBAD8E34AD}]
C:\WINDOWS\system32\ddaya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93E819DE-EAA4-47E7-B780-B730C3A72382}]
C:\Program Files\Windows NT\nipyradi4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C65FACD8-6526-4782-AEC1-C32E0468A3A0}]
C:\Program Files\Windows NT\nipyradiC:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\\hpzasda213a.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6CC3FD9-101D-469D-8D91-49FDFCA4ADC2}]
C:\Program Files\Windows NT\nipyradi83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4696a5e-5e5b-4fcd-b673-6b388cd0b2f8}]
C:\WINDOWS\system32\rpscguqg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 01:24 20480]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 10:41 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 19:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 19:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 19:50 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48 32881]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 03:56 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 14:08 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 22:19 393216 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-15 09:44 839680]
"ShowLOMControl"="1 (0x1)" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 15:19 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-15 06:58 98304]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 13:46 8192]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 13:46 110592]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-04-15 07:09 169472]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"DioCleaner"="C:\Program Files\DioCleaner\DioCleaner.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 10:41 68856]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2006-04-15 06:58:08]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-15 06:54:50]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= C:\WINDOWS\system32\ieframe.dll [2007-10-10 17:55 6065664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxxvv]
cbxxxvv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvtsq]
tuvvtsq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyawvu]
xxyawvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 NetDDEFastUserSwitchingCompatibility;Network DDE NetDDEFastUserSwitchingCompatibility;C:\WINDOWS\system32\0.6043512f.exe srv []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-09 09:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
- C:\Program Files\AdwareAlert
"2008-01-10 19:16:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 13:15:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-10 13:20:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-10 19:20:23
.
2008-01-09 09:03:25 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:03 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\cindy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/msk/en-us/redir.asp?affid=105-79&installtype=force&dtag=42c7t91&langid=1&systempopup=true
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F4E40-BF09-49F4-8EFC-BFFBAD8E34AD} - C:\WINDOWS\system32\ddaya.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {93E819DE-EAA4-47E7-B780-B730C3A72382} - C:\Program Files\Windows NT\nipyradi4444.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C65FACD8-6526-4782-AEC1-C32E0468A3A0} - C:\Program Files\Windows NT\nipyradiC:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\\hpzasda213a.dll (file missing)
O2 - BHO: (no name) - {C6CC3FD9-101D-469D-8D91-49FDFCA4ADC2} - C:\Program Files\Windows NT\nipyradi83122.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: {8f2b0dc8-83b6-376b-dcf4-b5e5e5a6964e} - {e4696a5e-5e5b-4fcd-b673-6b388cd0b2f8} - C:\WINDOWS\system32\rpscguqg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DioCleaner] C:\Program Files\DioCleaner\DioCleaner.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: cbxxxvv - cbxxxvv.dll (file missing)
O20 - Winlogon Notify: tuvvtsq - tuvvtsq.dll (file missing)
O20 - Winlogon Notify: xxyawvu - xxyawvu.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Network DDE NetDDEFastUserSwitchingCompatibility (NetDDEFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\system32\0.6043512f.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10052 bytes

Hello,

Your doing real well following the instructions, :bigthumb:a bit more to do. You were infected with the SDBot worm, the Vundo Trojan and some Rogue programs along with some other garbage that I have never heard of.



Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::



File::
C:\lir.exe
C:\win.exe
C:\WINDOWS\system32\xxyawvu.dll
C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\jkjudhmm.dll

Folder::
C:\Program Files\Spruce
C:\Program Files\DioCleaner

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48269FC6-954D-4B49-B668-E04EF846E4A4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54DE7259-C729-45B1-BBD8-4BE9B5BD8248}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C10DAA9A-17DD-4642-A390-23C0C022A9D2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4AB87D8-F743-4920-9394-D365FC8A20FD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA9EF3E8-FDDC-48D2-B8EC-58B8B8743F9B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d57b075e-7495-4e1c-89ef-dfb0a79aed93}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxxvv]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvtsq]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyawvu]


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

ComboFix 08-01-10.2 - Fred Thomas 2008-01-11 9:09:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.185 [GMT -6:00]
Running from: C:\Documents and Settings\Fred Thomas\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fred Thomas\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\lir.exe
C:\win.exe
C:\WINDOWS\system32\jkjudhmm.dll
C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\xxyawvu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\lir.exe
C:\win.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-10 12:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 11:50 . 2008-01-10 11:50 <DIR> d-------- C:\VundoFix Backups
2008-01-10 11:32 . 2008-01-10 11:32 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-08 16:46 . 2008-01-08 16:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-08 12:40 . 2008-01-08 12:55 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-08 12:40 . 2008-01-08 12:55 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-08 12:39 . 2008-01-08 12:39 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-08 12:39 . 2008-01-11 08:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-08 12:39 . 2008-01-11 09:34 3,021,344 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-08 12:39 . 2008-01-10 14:24 40,724 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-08 12:39 . 2008-01-11 09:34 31,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-08 12:39 . 2008-01-10 14:24 3,788 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-08 12:33 . 2008-01-08 12:33 <DIR> d-------- C:\KAV
2008-01-08 12:31 . 2008-01-08 12:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-02 23:42 . 2008-01-04 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-02 22:12 . 2008-01-02 22:12 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-02 22:12 . 2008-01-02 22:12 <DIR> d-------- C:\Documents and Settings\Stephanie Thomas\Application Data\Lavasoft
2008-01-02 22:11 . 2008-01-02 22:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 21:12 . 2008-01-02 21:12 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-02 18:29 . 2008-01-08 12:35 <DIR> d-------- C:\Documents and Settings\Stephanie Thomas\Application Data\AVG7
2008-01-02 18:28 . 2008-01-02 18:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-02 18:28 . 2008-01-08 12:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-02 18:17 . 2008-01-02 18:17 <DIR> d-------- C:\Documents and Settings\Administrator.STEPHANIE\Application Data\U3
2008-01-02 17:38 . 2008-01-02 17:38 7,476 --a------ C:\WINDOWS\system\drew.exe
2008-01-02 17:38 . 2008-01-02 17:38 2,920 --a------ C:\WINDOWS\system\igo.exe
2007-12-20 08:25 . 2007-12-20 08:26 109 --ahs---- C:\WINDOWS\system32\201809583.dat
2007-12-19 17:57 . 2006-04-15 07:06 <DIR> d-------- C:\Documents and Settings\Administrator.STEPHANIE\Application Data\Corel
2007-12-18 17:43 . 2007-12-18 17:43 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-18 16:27 . 2008-01-02 17:38 7,328 --a------ C:\WINDOWS\system\head.exe
2007-12-15 17:50 . 2007-12-15 17:50 1,077,336 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2007-12-15 16:57 . 2007-12-15 16:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-12-15 16:50 . 2008-01-10 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-15 16:49 . 2007-12-15 16:49 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2007-12-15 16:46 . 2008-01-02 21:58 <DIR> d--hs---- C:\WINDOWS\U3RlcGhhbmllIFRob21hcw
2007-12-15 16:46 . 2008-01-02 19:01 <DIR> d-------- C:\WINDOWS\system32\ineWc02
2007-12-15 16:46 . 2008-01-10 11:46 <DIR> d-------- C:\Temp
2007-12-15 11:00 . 2007-12-15 11:00 <DIR> d-------- C:\Documents and Settings\Stephanie Thomas\Application Data\Yahoo!
2007-12-15 10:57 . 2007-12-18 16:25 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-15 10:57 . 2007-12-18 16:25 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 23:06 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-03 05:40 --------- d-----w C:\Documents and Settings\Stephanie Thomas\Application Data\U3
2008-01-02 23:39 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-02 23:39 14,336 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
2007-12-15 16:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-23 14:59 8,456 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-15 21:36 --------- d-----w C:\Program Files\Compton's Learning
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-06-16 20:47 868 ----a-w C:\Program Files\VisualBoyAdvance.lnk
2007-04-25 23:23 88 --sh--r C:\WINDOWS\system32\BD75514796.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-10_13.19.25.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-10 18:26:11 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-11 15:08:00 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-10 18:26:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-11 15:08:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-10 18:26:11 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-11 15:08:00 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-10 18:26:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-11 15:08:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-10 18:26:11 3,264,512 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-11 15:08:00 3,264,512 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-10 18:26:11 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-11 15:08:00 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-10 17:43:48 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-11 14:54:31 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-10 17:43:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-11 14:54:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-10 17:43:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-11 14:54:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{259F4E40-BF09-49F4-8EFC-BFFBAD8E34AD}]
C:\WINDOWS\system32\ddaya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93E819DE-EAA4-47E7-B780-B730C3A72382}]
C:\Program Files\Windows NT\nipyradi4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C65FACD8-6526-4782-AEC1-C32E0468A3A0}]
C:\Program Files\Windows NT\nipyradiC:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\\hpzasda213a.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6CC3FD9-101D-469D-8D91-49FDFCA4ADC2}]
C:\Program Files\Windows NT\nipyradi83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4696a5e-5e5b-4fcd-b673-6b388cd0b2f8}]
C:\WINDOWS\system32\rpscguqg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 01:24 20480]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 10:41 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 19:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 19:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 19:50 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48 32881]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 03:56 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 14:08 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 22:19 393216 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-15 09:44 839680]
"ShowLOMControl"="1 (0x1)" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 15:19 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-15 06:58 98304]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 13:46 8192]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 13:46 110592]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-04-15 07:09 169472]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"DioCleaner"="C:\Program Files\DioCleaner\DioCleaner.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 10:41 68856]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2006-04-15 06:58:08]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-15 06:54:50]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= C:\WINDOWS\system32\ieframe.dll [2007-10-10 17:55 6065664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 NetDDEFastUserSwitchingCompatibility;Network DDE NetDDEFastUserSwitchingCompatibility;C:\WINDOWS\system32\0.6043512f.exe srv []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-09 09:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-01-11 14:57:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 09:34:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-11 9:36:24
ComboFix-quarantined-files.txt 2008-01-11 15:36:17
ComboFix2.txt 2008-01-10 19:20:36
.
2008-01-09 09:03:25 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:05 AM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\cindy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/msk/en-us/redir.asp?affid=105-79&installtype=force&dtag=42c7t91&langid=1&systempopup=true
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F4E40-BF09-49F4-8EFC-BFFBAD8E34AD} - C:\WINDOWS\system32\ddaya.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {93E819DE-EAA4-47E7-B780-B730C3A72382} - C:\Program Files\Windows NT\nipyradi4444.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C65FACD8-6526-4782-AEC1-C32E0468A3A0} - C:\Program Files\Windows NT\nipyradiC:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\\hpzasda213a.dll (file missing)
O2 - BHO: (no name) - {C6CC3FD9-101D-469D-8D91-49FDFCA4ADC2} - C:\Program Files\Windows NT\nipyradi83122.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: {8f2b0dc8-83b6-376b-dcf4-b5e5e5a6964e} - {e4696a5e-5e5b-4fcd-b673-6b388cd0b2f8} - C:\WINDOWS\system32\rpscguqg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DioCleaner] C:\Program Files\DioCleaner\DioCleaner.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Network DDE NetDDEFastUserSwitchingCompatibility (NetDDEFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\system32\0.6043512f.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9820 bytes

Hello Cindy,

It looks like a few were not removed so lets do it this way.

First off is this something you know about and use, the only thing I get from a Google search is back to your post.

O23 - Service: Network DDE NetDDEFastUserSwitchingCompatibility (NetDDEFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\system32\0.6043512f.exe (file missing)


C:\Program Files\DioCleaner <-- This a Rogue program and not recommended. Lets try and uninstall it via the Add Remove Programs in the Control Panel. Let me know if it would not uninstall



Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O2 - BHO: (no name) - {259F4E40-BF09-49F4-8EFC-BFFBAD8E34AD} - C:\WINDOWS\system32\ddaya.dll (file missing)
O2 - BHO: (no name) - {C65FACD8-6526-4782-AEC1-C32E0468A3A0} - C:\Program Files\Windows NT\nipyradiC:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\\hpzasda213a.dll (file missing)
O2 - BHO: (no name) - {93E819DE-EAA4-47E7-B780-B730C3A72382} - C:\Program Files\Windows NT\nipyradi4444.dll (file missing)
O2 - BHO: (no name) - {C6CC3FD9-101D-469D-8D91-49FDFCA4ADC2} - C:\Program Files\Windows NT\nipyradi83122.dll (file missing)
O2 - BHO: {8f2b0dc8-83b6-376b-dcf4-b5e5e5a6964e} - {e4696a5e-5e5b-4fcd-b673-6b388cd0b2f8} - C:\WINDOWS\system32\rpscguqg.dll (file missing)

O4 - HKLM\..\Run: [DioCleaner] C:\Program Files\DioCleaner\DioCleaner.exe


C:\Program Files\DioCleaner <-- Delete this folder


Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up


Post a new HJT log and let me know how your doing??

Thank you for your help thus far, I feel we are getting close to cleaning up this mess.

I have no idea what the following is, I have never heard of this before

O23 - Service: Network DDE NetDDEFastUserSwitchingCompatibility (NetDDEFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\system32\0.6043512f.exe (file missing)

I could not find DioClean in the Add/Remove nor in C:Program Files. But I did check it in HJT the log is below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:12 AM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Trend Micro\HijackThis\cindy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/msk/en-us/redir.asp?affid=105-79&installtype=force&dtag=42c7t91&langid=1&systempopup=true
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Network DDE NetDDEFastUserSwitchingCompatibility (NetDDEFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\system32\0.6043512f.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8816 bytes

Your HJT log looks fine :bigthumb:

This may be it, do you have mulitple users on this computer, someone may have set this.
http://www.microsoft.com/windowsxp/using/accessibility/fastuserswitching.mspx


C:\Program Files\DioCleaner <--Was this folder present??



Your Java is out of date and leaving your system vulnerable.
Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
It should have an icon next to it:
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
Select it and click Remove.
Reboot your system.
Then go to the Sun Microsystems (http://www.java.com/en/download/manual.jsp) and install the update
Java Runtime Environment Version 6 Update 3 <--This is what you need to download and install.
If you chose the online installation, it will prompt you to run the program.
If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
Then after install you can verify your installation here Sun Java Verify (http://www.java.com/en/download/manual.jsp)
I like to to do the offline installation and save the setup file in case I may need it in the future

I do have multiple users and I went in and cleared the box next to Fast User Switch.

C:\Program Files\DioCleaner .... this was NOT present

I have removed old Java and installed Java version 6 update 3 then restarted and went back to Sun Java and verified that I have the latest version installed.

What do I do with SDFix, ComboFix and VundoFix softwares on my desktop? I would hate for someone in the house to open these and create problems.

Post one last HJT log and lets make sure nothing has come back and then I will show you how to remove all the tools we used plus link you to some tips and free programs to install to help keep you more secure.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:31 PM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\cindy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/msk/en-us/redir.asp?affid=105-79&installtype=force&dtag=42c7t91&langid=1&systempopup=true
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Network DDE NetDDEFastUserSwitchingCompatibility (NetDDEFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\system32\0.6043512f.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9093 bytes

Ok, log looks good :bigthumb:

This is still bothering me somewhat, it appears to be safe but I have never seen it in a HJT log before and have been doing this for about 5 years. Its possible that one of your programs requires it, what I would do is post in one of the forums that I am listing and ask about it, and if it is a problem if they cant take care of it you can post back here, I will leave this thread open for you.

Tell them you have this service running and you want to know what it is.
Service: Network DDE NetDDEFastUserSwitchingCompatibility


Windows Tech Support Forums

Windows Helpnet (http://www.windowsbbs.com/) <-- Excellent XP Forum
PcPitStop (http://pcpitstop.com/) <-- You can take your system in for a checkup here.



Time for some housekeeping

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png


When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.




You can drag SDfix to the trash.

ATF cleaner is yours to keep



One of the programs I would like you to install is Spybot Search and Destroy, its our own tool from Safer Networking, download and install it, check for updates, use the Immunize feature to block 1000s of bad sites from accessing your computer. Read the tutorial .




Malware Complaints (http://malwarecomplaints.info/index.php)
Are you mad ? I mean really mad, seething mad, so mad your ready to spit, mad that you have taken your hard earned dollars to buy a computer only to have some Miscredents, Dirt Bags and Cyber Criminals install a malicious program on your computer without your knowledge or consent. You can post your complaint at the above site. If you live in the U.S.A. you can also report your grievance to your State Attorney Generals Office and the Federal Trade Commission's Bureau of Consumer Protection.


How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
TonyKlein CastleCops (http://www.castlecops.com/postlite7736-.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.5 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 2.0.0.6 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Zone Alarm (http://www.pcworld.com/downloads/file_description/0,fid,7228,00.asp) Here is a free Firewall from Zone Labs, I wouldn't access the internet without it.


Glad we could help

Safe Surfn
Ken

I have not had any replies about the Service: Network DDE NetDDEFastUserSwitchingCompatibility so I have done some research on my own and I have found the following sites talking about NetDDE. Could this be associated with XP - SP2? and what is Clipbook?

http://www.theeldergeek.com/network_dde.htm
http://www.ss64.com/ntsyntax/services.html
http://support.microsoft.com/kb/q114089/

Good Morning,

If you go to Start> Run and type in services.msc, it will show you all the services that are running on your computer. They are most all needed by windows to run ( but this is another issue that we do not want to get into ) sometimes a virus will install itself as one of those services. You can click on any service once to highlight it and it will tell you what it does. As far as Fast User Switching and Network DDE, there both legit, I have just never seen it with the title is has and Google picks up nothing with the file attached to that service except coming back to your thread.

So, open up services and highlight this one and lets see what it does or what its related to
Network DDE NetDDEFastUserSwitchingCompatibility

NetDDEFastSwitchingCompatibility does not show a description it just says Start the Service and the word start is the start button.

Network DDE & Network DDE DSDM manages the Dynamic Data Exchange network shares.

We need to make sure all hidden files are showing :

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide file extensions for known types option.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Once your system is clean, we suggest that you reverse this to keep critical windows files from accidently being deleted.

Go to this site Jotti Upload (http://virusscan.jotti.org/) and use the browse feature to find this file and upload it


C:\WINDOWS\system32\0.6043512f.exe

Then click on Submit and it will give you a report, post the report in your next reply.

I did it twice and received the same results and the second time was after I turned off my firewall.

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

When I hit browse a Choose File window pops up with the Look In address System 32. When I click on open it tells me that file is not found.

I ran a search for C:\WINDOWS\system32\0.6043512f.exe in all files including system and all hidden files and folders and the result came back with no file or folder found.

This is what I think I would do is to disable that service, use your computer for a bit and see if any programs squawk that they need it, you can always re enable it if you have to .


Go to Start> Run and type in services.msc then press Enter
Scroll down to Network DDE NetDDEFastUserSwitchingCompatibility
Double Click that service to open it.
Click on Stop Service.
Then change the Startup Type to Disabled.
OK your way out of the program.

Thank you so much for your help. This computer is 100 times better and I can actually work on it now. Thanks again. cindy

Your very welcome Cindy, I am so glad things are running well for you. Please do post back if you have any other issues in the future.

Ken:euro: