You guessed it..Virtumonde! [Archive] - Safer-Networking Forums

View Full Version : You guessed it..Virtumonde!

hfosteriii

2008-04-14, 07:30

I have updated and ran spybot, adaware and nortons av, more than once to no avail. Now I turn to you. The comp in question isn't connected to the internet. I am posting the HTJ and ComboFix logs. Thanks in advance and I'll be sure to thank afterwards.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:47 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
F:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
O2 - BHO: (no name) - {4CB690D4-BE97-4CE8-A153-F56463A6E077} - C:\WINDOWS\system32\nnnljjGa.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {78C7963F-A936-47F5-9365-AD7F783F8BEE} - C:\WINDOWS\system32\mlJDvWOG.dll (file missing)
O2 - BHO: (no name) - {7BCBE1BA-53B3-442D-9D0A-3507441C393A} - C:\WINDOWS\system32\rqRJApmj.dll (file missing)
O2 - BHO: (no name) - {A0F860F1-987B-4BFC-AE36-33840CDC50B9} - C:\WINDOWS\system32\qoMggHAS.dll (file missing)
O2 - BHO: (no name) - {BB98B576-2B99-4C67-92BC-C918C4395A7B} - C:\WINDOWS\system32\byXOhEwU.dll (file missing)
O2 - BHO: (no name) - {E17C5AE4-1DA8-4015-B8D9-0CD681973EC7} - C:\WINDOWS\system32\cbXQghHw.dll (file missing)
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [985aaa28] rundll32.exe "C:\WINDOWS\system32\vqqtoctx.dll",b
O4 - HKLM\..\Run: Rundll32.exe "C:\WINDOWS\system32\xrijukog.dll",s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://download-games.pogo.com/online2/pogo/luxor_amun_rising/mjolauncher.cab
O20 - Winlogon Notify: urqOHYSL - urqOHYSL.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7690 bytes

ComboFix 08-04-13.2 - a 2008-04-13 23:43:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.732 [GMT -4:00]
Running from: F:\ComboFix.exe

[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\gbRve12
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aGjjlnnn.ini
C:\WINDOWS\system32\aGjjlnnn.ini2
C:\WINDOWS\system32\jmpAJRqr.ini
C:\WINDOWS\system32\jmpAJRqr.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rYFgPXbc.ini
C:\WINDOWS\system32\rYFgPXbc.ini2
C:\WINDOWS\system32\SAHggMoq.ini
C:\WINDOWS\system32\SAHggMoq.ini2
C:\WINDOWS\system32\urqOHYSL.dll
C:\WINDOWS\system32\UwEhOXyb.ini
C:\WINDOWS\system32\UwEhOXyb.ini2
C:\WINDOWS\system32\vefkdwqp.ini
C:\WINDOWS\system32\wHhgQXbc.ini
C:\WINDOWS\system32\wHhgQXbc.ini2
C:\winlogon.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.

2008-04-12 18:57 . 2008-04-12 19:02 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-04-12 18:56 . 2006-09-02 18:21 108,728 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-12 18:56 . 2006-09-02 18:21 48,824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-12 18:55 . 2008-04-12 18:59 <DIR> d-------- C:\Program Files\Symantec
2008-04-12 18:50 . 2008-04-12 18:53 354 --ahs---- C:\WINDOWS\system32\xtcotqqv.ini
2008-04-12 18:47 . 2008-04-12 18:47 3,648 --a------ C:\WINDOWS\system32\wewgmffb.dll
2008-04-12 18:44 . 2002-01-01 01:08 275,988 --ahs---- C:\WINDOWS\system32\GOWvDJlm.ini
2008-04-12 18:44 . 2002-01-01 01:05 275,874 --ahs---- C:\WINDOWS\system32\GOWvDJlm.ini2
2008-04-12 17:05 . 2008-04-12 17:05 294 --ahs---- C:\WINDOWS\system32\aogfhnjc.ini
2008-04-12 17:02 . 2008-04-12 18:15 94,208 --------- C:\WINDOWS\system32\stwwsqxc.gmt
2008-04-12 16:59 . 2008-04-12 16:59 3,648 --a------ C:\WINDOWS\system32\djwmxqdj.dll
2008-04-12 16:56 . 2008-04-12 16:56 272,384 --a------ C:\WINDOWS\system32\cfrfhzto.yol
2008-04-12 12:28 . 2008-04-12 12:54 294 --ahs---- C:\WINDOWS\system32\ylphyjhn.ini
2008-04-12 12:21 . 2008-04-12 15:36 94,208 --------- C:\WINDOWS\system32\vpcyzqrj.zll
2008-04-12 12:21 . 2008-04-12 12:21 3,648 --a------ C:\WINDOWS\system32\ucdgmody.dll
2008-04-12 12:18 . 2008-04-12 12:18 272,384 --a------ C:\WINDOWS\system32\xoakldvo.pyh
2008-04-12 02:56 . 2008-04-12 12:09 406 --ahs---- C:\WINDOWS\system32\oiwbumsa.ini
2008-04-12 02:53 . 2008-04-12 15:35 274,432 --a------ C:\WINDOWS\system32\iorpusjb.rfi
2008-04-12 02:06 . 2008-04-12 02:06 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-12 02:06 . 2008-04-12 02:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-11 21:17 . 2008-04-11 21:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 21:03 . 2002-01-01 00:42 1,033 --a------ C:\WINDOWS\wininit.ini
2008-04-11 20:25 . 2008-04-11 20:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-11 20:25 . 2008-04-12 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 19:13 . 2008-04-11 20:14 594 --ahs---- C:\WINDOWS\system32\piivxvyt.ini
2008-04-10 17:59 . 2008-04-10 17:59 414 --ahs---- C:\WINDOWS\system32\lgigijpl.ini
2008-04-09 17:59 . 2008-04-11 12:05 646 --ahs---- C:\WINDOWS\system32\rajfhpfj.ini
2008-04-08 19:12 . 2008-04-09 08:53 1,778 --ahs---- C:\WINDOWS\system32\dshapovf.ini
2008-04-07 19:09 . 2008-04-08 19:09 1,366 --ahs---- C:\WINDOWS\system32\poadruvt.ini
2008-04-06 19:09 . 2008-04-06 19:15 1,306 --ahs---- C:\WINDOWS\system32\jrkkphsf.ini
2008-04-06 11:50 . 2006-02-28 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-06 11:48 . 2008-04-06 11:48 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-06 11:43 . 2008-04-06 11:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-06 11:43 . 2008-04-06 11:45 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-05 18:57 . 2008-04-05 18:57 0 --a------ C:\config.ini
2008-04-05 18:54 . 2008-04-06 19:04 1,186 --ahs---- C:\WINDOWS\system32\egerapcw.ini
2008-04-05 18:47 . 2008-04-05 18:47 414 --ahs---- C:\WINDOWS\system32\mewhaxms.ini
2008-04-05 09:02 . 2008-04-05 18:39 354 --ahs---- C:\WINDOWS\system32\ysdgmqby.ini
2008-04-04 11:26 . 2008-04-04 09:00 294 --ahs---- C:\WINDOWS\system32\kpydqlju.ini
2008-04-04 08:58 . 2008-04-04 08:58 2,386 --ahs---- C:\WINDOWS\system32\kpydqlju.tmp
2008-04-04 01:19 . 2008-04-04 08:51 2,386 --ahs---- C:\WINDOWS\system32\wntjctim.ini
2008-04-03 13:16 . 2008-04-04 01:11 2,266 --ahs---- C:\WINDOWS\system32\vqlkurkl.ini
2008-04-02 13:18 . 2008-04-03 11:43 1,966 --ahs---- C:\WINDOWS\system32\pnwfiwbm.ini
2008-04-01 13:19 . 2008-04-02 12:33 1,786 --ahs---- C:\WINDOWS\system32\urxwnxnp.ini
2008-04-01 13:13 . 2008-04-12 19:26 101,100 --a------ C:\WINDOWS\BM9b6999b4.xml
2008-03-31 13:15 . 2008-04-01 12:01 1,306 --ahs---- C:\WINDOWS\system32\nurbsroy.ini
2008-03-30 13:15 . 2008-03-31 11:33 774 --ahs---- C:\WINDOWS\system32\liqsfqml.ini
2008-03-29 13:13 . 2008-03-30 13:13 534 --ahs---- C:\WINDOWS\system32\vnnjcylr.ini
2008-03-29 01:21 . 2008-03-29 01:21 <DIR> d-------- C:\Documents and Settings\Test\Application Data\alot
2008-03-29 01:18 . 2008-03-29 01:22 <DIR> d--hs---- C:\Documents and Settings\Test\!
2008-03-29 01:18 . 2008-03-29 01:18 3,545,428 --------- C:\Documents and Settings\Test\x1.dat
2008-03-29 00:45 . 2008-03-29 00:45 <DIR> d-------- C:\WINDOWS\system32\aqVreo05
2008-03-29 00:45 . 2008-04-13 23:44 <DIR> d-------- C:\Temp
2008-03-29 00:45 . 2008-03-29 09:43 <DIR> d--hs---- C:\Documents and Settings\a\!
2008-03-29 00:45 . 2008-03-29 09:20 3,545,428 --------- C:\Documents and Settings\a\x1.dat
2008-03-29 00:45 . 2008-03-29 00:45 0 --a------ C:\WINDOWS\system32\taskkill.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 23:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-12 23:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-12 05:49 --------- d-----w C:\Program Files\WeatherStudio Desktop
2008-04-11 23:58 --------- d-----w C:\Documents and Settings\a\Application Data\LimeWire
2008-04-05 23:58 --------- d-----w C:\Program Files\Google
2008-04-05 22:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 22:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-29 04:46 --------- d-----w C:\Program Files\LimeWire
2008-03-18 19:01 --------- d-----w C:\Program Files\support.com
2008-03-15 17:35 144 ----a-w C:\domains.dat
2008-02-26 23:50 --------- d-----w C:\Program Files\Yahoo! Games
2008-02-21 23:23 --------- d-----w C:\Program Files\Norton Security Scan
2002-01-01 05:05 275,874 --sha-w C:\WINDOWS\system32\GOWvDJlm.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CB690D4-BE97-4CE8-A153-F56463A6E077}]
C:\WINDOWS\system32\nnnljjGa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78C7963F-A936-47F5-9365-AD7F783F8BEE}]
C:\WINDOWS\system32\mlJDvWOG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7BCBE1BA-53B3-442D-9D0A-3507441C393A}]
C:\WINDOWS\system32\rqRJApmj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0F860F1-987B-4BFC-AE36-33840CDC50B9}]
C:\WINDOWS\system32\qoMggHAS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB98B576-2B99-4C67-92BC-C918C4395A7B}]
C:\WINDOWS\system32\byXOhEwU.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E17C5AE4-1DA8-4015-B8D9-0CD681973EC7}]
C:\WINDOWS\system32\cbXQghHw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"985aaa28"="C:\WINDOWS\system32\vqqtoctx.dll" [ ]
"BM9b6999b4"="C:\WINDOWS\system32\xrijukog.dll" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 03:04 84640]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 21:47 8720384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqOHYSL]
urqOHYSL.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-02-28 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
--a------ 2007-04-19 15:21 198184 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-12-15 18:42 114688 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-12-15 18:42 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-12-18 21:47 8720384 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2003-03-11 17:24 86016 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-15 19:20 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2003-03-17 18:39]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 17:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 17:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 17:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 17:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 17:50]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-06 09:00:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-04-12 23:29:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - a.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 23:49:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\SoftwareDistribution\Download\d61766d223927760d60364c3824ce500\update\update.exe
.
**************************************************************************
.
Completion time: 2008-04-13 23:53:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-14 03:53:25

Pre-Run: 37,039,960,064 bytes free
Post-Run: 36,996,100,096 bytes free
.
2008-04-07 07:02:24 --- E O F ---

Blade81

2008-04-15, 20:54

Hi

Start hjt, do a system scan, check:
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolba...lerControl.cab

Close browsers and other windows. Click fix checked.

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\xtcotqqv.ini
C:\WINDOWS\system32\wewgmffb.dll
C:\WINDOWS\system32\GOWvDJlm.ini
C:\WINDOWS\system32\GOWvDJlm.ini2
C:\WINDOWS\system32\aogfhnjc.ini
C:\WINDOWS\system32\stwwsqxc.gmt
C:\WINDOWS\system32\djwmxqdj.dll
C:\WINDOWS\system32\cfrfhzto.yol
C:\WINDOWS\system32\ylphyjhn.ini
C:\WINDOWS\system32\vpcyzqrj.zll
C:\WINDOWS\system32\ucdgmody.dll
C:\WINDOWS\system32\xoakldvo.pyh
C:\WINDOWS\system32\oiwbumsa.ini
C:\WINDOWS\system32\iorpusjb.rfi
C:\WINDOWS\system32\piivxvyt.ini
C:\WINDOWS\system32\lgigijpl.ini
C:\WINDOWS\system32\rajfhpfj.ini
C:\WINDOWS\system32\dshapovf.ini
C:\WINDOWS\system32\poadruvt.ini
C:\WINDOWS\system32\jrkkphsf.ini
C:\WINDOWS\system32\egerapcw.ini
C:\WINDOWS\system32\mewhaxms.ini
C:\WINDOWS\system32\ysdgmqby.ini
C:\WINDOWS\system32\kpydqlju.ini
C:\WINDOWS\system32\kpydqlju.tmp
C:\WINDOWS\system32\wntjctim.ini
C:\WINDOWS\system32\vqlkurkl.ini
C:\WINDOWS\system32\pnwfiwbm.ini
C:\WINDOWS\system32\urxwnxnp.ini
C:\WINDOWS\BM9b6999b4.xml
C:\WINDOWS\system32\nurbsroy.ini
C:\WINDOWS\system32\liqsfqml.ini
C:\WINDOWS\system32\vnnjcylr.ini
C:\Documents and Settings\Test\x1.dat
C:\Documents and Settings\a\x1.dat
C:\WINDOWS\system32\taskkill.exe
C:\domains.dat
C:\WINDOWS\system32\GOWvDJlm.ini2

Folder::
C:\Documents and Settings\Test\Application Data\alot
C:\Documents and Settings\Test\!
C:\WINDOWS\system32\aqVreo05
C:\Documents and Settings\a\!

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CB690D4-BE97-4CE8-A153-F56463A6E077}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78C7963F-A936-47F5-9365-AD7F783F8BEE}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7BCBE1BA-53B3-442D-9D0A-3507441C393A}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0F860F1-987B-4BFC-AE36-33840CDC50B9}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB98B576-2B99-4C67-92BC-C918C4395A7B}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E17C5AE4-1DA8-4015-B8D9-0CD681973EC7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"985aaa28"=-
"BM9b6999b4"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqOHYSL]

Save this as
CFScript

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings and select the following:
Scan using the following Anti-Virus database:
Extended (If available, otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK.
Under
select a target to scan
, select My Computer.
The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.Once the scan is complete:
Click on the Save as Text button.
Save the file to your desktop.
Copy and paste that information into your next post if the AV content will fit into one post only. Post a fresh hjt log and ComboFix resultant log too (asked above).
If the results of the anti virus scan itself will take more than one post to contain, you may upload it to http://rapidshare.com

Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.

hfosteriii

2008-04-16, 02:42

After completing your instructions, I cannot connect to the internet. I cannot run the Kapersky scanner. Here are the logs from HJT and combofix.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:19 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\wuauclt.exe
F:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: KODAK Software Updater.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://download-games.pogo.com/online2/pogo/luxor_amun_rising/mjolauncher.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6209 bytes

hfosteriii

2008-04-16, 02:48

ComboFix 08-04-13.2 - a 2008-04-15 17:39:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.689 [GMT -4:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\a\x1.dat
C:\Documents and Settings\Test\x1.dat
C:\domains.dat
C:\WINDOWS\BM9b6999b4.xml
C:\WINDOWS\system32\aogfhnjc.ini
C:\WINDOWS\system32\cfrfhzto.yol
C:\WINDOWS\system32\djwmxqdj.dll
C:\WINDOWS\system32\dshapovf.ini
C:\WINDOWS\system32\egerapcw.ini
C:\WINDOWS\system32\GOWvDJlm.ini
C:\WINDOWS\system32\GOWvDJlm.ini2
C:\WINDOWS\system32\iorpusjb.rfi
C:\WINDOWS\system32\jrkkphsf.ini
C:\WINDOWS\system32\kpydqlju.ini
C:\WINDOWS\system32\kpydqlju.tmp
C:\WINDOWS\system32\lgigijpl.ini
C:\WINDOWS\system32\liqsfqml.ini
C:\WINDOWS\system32\mewhaxms.ini
C:\WINDOWS\system32\nurbsroy.ini
C:\WINDOWS\system32\oiwbumsa.ini
C:\WINDOWS\system32\piivxvyt.ini
C:\WINDOWS\system32\pnwfiwbm.ini
C:\WINDOWS\system32\poadruvt.ini
C:\WINDOWS\system32\rajfhpfj.ini
C:\WINDOWS\system32\stwwsqxc.gmt
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\ucdgmody.dll
C:\WINDOWS\system32\urxwnxnp.ini
C:\WINDOWS\system32\vnnjcylr.ini
C:\WINDOWS\system32\vpcyzqrj.zll
C:\WINDOWS\system32\vqlkurkl.ini
C:\WINDOWS\system32\wewgmffb.dll
C:\WINDOWS\system32\wntjctim.ini
C:\WINDOWS\system32\xoakldvo.pyh
C:\WINDOWS\system32\xtcotqqv.ini
C:\WINDOWS\system32\ylphyjhn.ini
C:\WINDOWS\system32\ysdgmqby.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\a\!
C:\Documents and Settings\a\!\!DOCTYPE html PUBLIC -W3CDTD XHTML 1.0 TransitionalEN httpwww.w3.orgTRxhtml1DTDxhtml1-transitional.dtd.wma
C:\Documents and Settings\a\!\06 Take That Gum Out - 06 Take That Gum Out.wma
C:\Documents and Settings\a\!\10111.Org - Music For Dreamachine 01.wma
C:\Documents and Settings\a\!\12 Stones - Broken.wma
C:\Documents and Settings\a\!\1d Handful Of - Rain.wma
C:\Documents and Settings\a\!\2 Funk - Piano Funk.wma
C:\Documents and Settings\a\!\2PAC - Ambitionz Az A Ridah.wma
C:\Documents and Settings\a\!\2pac - Californialove.wma
C:\Documents and Settings\a\!\2pac - Changes.wma
C:\Documents and Settings\a\!\2PAC - Check Out Time.wma
C:\Documents and Settings\a\!\2PAC - Dear Mama (Anthony Hamilton Remix).wma
C:\Documents and Settings\a\!\2pac - Heartz Of Men.wma
C:\Documents and Settings\a\!\2PAC - I Got My Mind Made Up.wma
C:\Documents and Settings\a\!\2pac - My Enemyz ft. Silverback Guerillaz.wma
C:\Documents and Settings\a\!\2PAC - Never B Peace.wma
C:\Documents and Settings\a\!\2PAC - No More Pain.wma
C:\Documents and Settings\a\!\2PAC - Shorty Wanna Be A Thug.wma
C:\Documents and Settings\a\!\2pac - Smoke Weed All Day.wma
C:\Documents and Settings\a\!\2pac - To Live And Die In L.A..wma
C:\Documents and Settings\a\!\2PAC - U Don't Have To Worry.wma
C:\Documents and Settings\a\!\2PAC and Scarface - Smile (DJ Khaira Mix).wma
C:\Documents and Settings\a\!\2pac ft. The Outlawz - Homeboyz Dj Hitman.wma
C:\Documents and Settings\a\!\2pacSnoop Dogg - 2 Of Amerikaz Most Wanted.wma
C:\Documents and Settings\a\!\2Raumwohnung - Kommt Zusammen.wma
C:\Documents and Settings\a\!\2Raumwohnung - Mit Viel Glueck.wma
C:\Documents and Settings\a\!\2XL ft. Na'Sahy - Kissing Game.wma
C:\Documents and Settings\a\!\3 Doors Down - Here Without You.wma
C:\Documents and Settings\a\!\3 Doors Down - Live For Today.wma
C:\Documents and Settings\a\!\3 Doors Down - When I`m Gone.wma
C:\Documents and Settings\a\!\30 Seconds To Mars - Attack.wma
C:\Documents and Settings\a\!\311 - Beautiful Disaster.wma
C:\Documents and Settings\a\!\311 - Empire (WBlack Eyed Peas).wma
C:\Documents and Settings\a\!\311 - Love Song.wma
C:\Documents and Settings\a\!\311 - Time Is Precious.wma
C:\Documents and Settings\a\!\311 - We Do It Like This.wma
C:\Documents and Settings\a\!\4 - Sprinklers, Man.wma
C:\Documents and Settings\a\!\4 Elements - Long Way To Run.wma
C:\Documents and Settings\a\!\456 Rastabus - 456 Rastabus.wma
C:\Documents and Settings\a\!\50 Cent - 21 Questions (Dj Merlin Remix).wma
C:\Documents and Settings\a\!\50 Cent - 8 More Miles.wma
C:\Documents and Settings\a\!\50 Cent - Best Friend.wma
C:\Documents and Settings\a\!\50 Cent - Bump Dat.wma
C:\Documents and Settings\a\!\50 Cent - Collapse.wma
C:\Documents and Settings\a\!\50 Cent - Gotta Get.wma
C:\Documents and Settings\a\!\50 Cent - Gun Runner.wma
C:\Documents and Settings\a\!\50 Cent - Hate It Or Love It (ft. The Game, Lloyd Banks, Tony Yay ...).wma
C:\Documents and Settings\a\!\50 Cent - How The Job.wma
C:\Documents and Settings\a\!\50 Cent - Hustler's Ambition.wma
C:\Documents and Settings\a\!\50 Cent - If I Cant.wma
C:\Documents and Settings\a\!\50 Cent - In Da Club (Dj Tt's Reversed Mix).wma
C:\Documents and Settings\a\!\50 Cent - In Da Club (Instrumental).wma
C:\Documents and Settings\a\!\50 Cent - In Da Club (Kramix).wma
C:\Documents and Settings\a\!\50 Cent - In Da Club.wma
C:\Documents and Settings\a\!\50 Cent - Intro.wma
C:\Documents and Settings\a\!\50 Cent - Just A Lil Bit Reggaeton (Dj Santarosa Remix).wma
C:\Documents and Settings\a\!\50 Cent - Just A Little Bit.wma
C:\Documents and Settings\a\!\50 Cent - Just A Touch Freestyle (Dirty).wma
C:\Documents and Settings\a\!\50 Cent - Outta Control (ft. Mobb Deep).wma
C:\Documents and Settings\a\!\50 Cent - Outta Control.wma
C:\Documents and Settings\a\!\50 Cent - P.I.M.P.wma
C:\Documents and Settings\a\!\50 Cent - Patiently Waiting (ft. Eminem).wma
C:\Documents and Settings\a\!\50 Cent - Slow Doe.wma
C:\Documents and Settings\a\!\50 Cent - The Massacre Hate It Or Love It.wma
C:\Documents and Settings\a\!\50 Cent - Wanksta (Bonus).wma
C:\Documents and Settings\a\!\50 Cent - Wanksta.wma
C:\Documents and Settings\a\!\50 Cent and Justin Timberlake and Timbaland - Ayo Technology.wma
C:\Documents and Settings\a\!\50 Cent ft. Fergie - London Bridge (Remix).wma
C:\Documents and Settings\a\!\50 Cent ft. Justin Timberlake - Ayo, Technology.wma
C:\Documents and Settings\a\!\50 Cent ft. Justin Timberlake - She Wants It (Ayo Technology).wma
C:\Documents and Settings\a\!\50 Cent ft. Justin Timberlake - She Wants It.wma
C:\Documents and Settings\a\!\50 Cent ft. Mobb Deep - Have A Party Remix (Dirty Promo).wma
C:\Documents and Settings\a\!\50 Cent ft. Olivia - Best Friend Remix.wma
C:\Documents and Settings\a\!\50 Cent vs. Helmet - Unsung Wanksta.wma
C:\Documents and Settings\a\!\50 Cent vs. Trust Company - If I Downfall (Edited).wma
C:\Documents and Settings\a\!\7Zuma7 - Mirrorman.wma
C:\Documents and Settings\a\!\A-Ha - High.wma
C:\Documents and Settings\a\!\A-Ha - I Call Your Name.wma
C:\Documents and Settings\a\!\A-Ha - Take On Me.wma
C:\Documents and Settings\a\!\A-Ha - The Living Daylights.wma
C:\Documents and Settings\a\!\A-Ha - The Sun Always Shines On Tv.wma
C:\Documents and Settings\a\!\A-Ha - Touchy.wma
C:\Documents and Settings\a\!\A-Nihilist - Reinvent Yourself (The Return Of The A-Nihilist).wma
C:\Documents and Settings\a\!\A Day - Twin.wma
C:\Documents and Settings\a\!\A Guy Called Gerald - 6 Mix On Bbc 6 Music.wma
C:\Documents and Settings\a\!\A Long Time A - Growing.wma
C:\Documents and Settings\a\!\A New Found Glory - Hit Or Miss.wma
C:\Documents and Settings\a\!\A Silent Flute - Universal Dress Rehearsal.wma
C:\Documents and Settings\a\!\A Tribe Called Quest - Check The Rhyme.wma
C:\Documents and Settings\a\!\A Tribe Called Quest - Find A Way.wma
C:\Documents and Settings\a\!\A Tribe Called Quest - Luck Of Lucien.wma
C:\Documents and Settings\a\!\A Tribe Called Quest - Scenario.wma
C:\Documents and Settings\a\!\A Tribe Called Quest - The Chase, Part Ii.wma
C:\Documents and Settings\a\!\A World Of Possibilities - Becky Hyde.wma
C:\Documents and Settings\a\!\A.Vanvranken - Bent.wma
C:\Documents and Settings\a\!\A1 - Bus (The Radio Dept. Cover).wma
C:\Documents and Settings\a\!\A1 - Dj Assault.wma
C:\Documents and Settings\a\!\A1 - Ho Pianto.wma
C:\Documents and Settings\a\!\A1 - How Much Are They.wma
C:\Documents and Settings\a\!\A1 - No More.wma
C:\Documents and Settings\a\!\A1 - Obey.wma
C:\Documents and Settings\a\!\A1 - Rwb007-A1-The Kid-Sex Made Me Sick.wma
C:\Documents and Settings\a\!\A1 - Sotaa.wma
C:\Documents and Settings\a\!\A1 Stud Muffin - Rusted.wma
C:\Documents and Settings\a\!\A4a - Become.wma
C:\Documents and Settings\a\!\A4a - Blue.wma
C:\Documents and Settings\a\!\A4a - Borg.wma
C:\Documents and Settings\a\!\A4a - Bring It On.wma
C:\Documents and Settings\a\!\A4a - Lifeless.wma
C:\Documents and Settings\a\!\A4a - March Of Man, The.wma
C:\Documents and Settings\a\!\A4a - Outside (Demo Edit).wma
C:\Documents and Settings\a\!\A4a - Sins.wma
C:\Documents and Settings\a\!\Aaliyah - Are You Feelin' Me.wma
C:\Documents and Settings\a\!\Aaliyah - Death Of A Playa.wma
C:\Documents and Settings\a\!\Aaliyah - Extra Smooth.wma
C:\Documents and Settings\a\!\Aaliyah - Four Page Letter.wma
C:\Documents and Settings\a\!\Aaliyah - Hot Like Fire (Album Version).wma
C:\Documents and Settings\a\!\Aaliyah - If Your Girl Only Knew(Siik Remix).wma
C:\Documents and Settings\a\!\Aaliyah - Let Me Down Easy (Live).wma
C:\Documents and Settings\a\!\Aaliyah - Miss You.wma
C:\Documents and Settings\a\!\Aaliyah - No Days Go By.wma
C:\Documents and Settings\a\!\Aaliyah - Read Between The Lines.wma
C:\Documents and Settings\a\!\Aaliyah - Rock The Boat (Saturn 9 Remix).wma
C:\Documents and Settings\a\!\Aaliyah - Rock The Boat (Terror Remix).wma
C:\Documents and Settings\a\!\Aaliyah - The One I Gave My Heart To (Radio Mix).wma
C:\Documents and Settings\a\!\Aaliyah - You Got Nerve.wma
C:\Documents and Settings\a\!\Aaliyah ft. Yaris (Bmi) - Eversong.wma
C:\Documents and Settings\a\!\Aaron - Mad.wma
C:\Documents and Settings\a\!\Aaron Carter - Have Some Fun With The Funk.wma
C:\Documents and Settings\a\!\Aaron Carter - Im All About You.wma
C:\Documents and Settings\a\!\Aaron Kwok - A Perfect Match.wma
C:\Documents and Settings\a\!\Aaron Neville - Louisiana 1927.wma
C:\Documents and Settings\a\!\Aaron Neville - Silent Night.wma
C:\Documents and Settings\a\!\Abba - Dancing Queen.wma
C:\Documents and Settings\a\!\Abba - Gimme! Gimme! Gimme!.wma
C:\Documents and Settings\a\!\Abba - Happy New Year.wma
C:\Documents and Settings\a\!\Abba - Mama Mia.wma
C:\Documents and Settings\a\!\Abba - Medley.wma
C:\Documents and Settings\a\!\Abba - The Paragons.wma
C:\Documents and Settings\a\!\Abba - We Wish You A Merry Christmas (Remix).wma
C:\Documents and Settings\a\!\Abbaesque - Zanzibar.wma
C:\Documents and Settings\a\!\Abbas - Twill Ir Fob.M.wma
C:\Documents and Settings\a\!\Abbat - Full Stop.wma
C:\Documents and Settings\a\!\Abc - Check Newsradio (2005-09-16).wma
C:\Documents and Settings\a\!\Abel - Rebelled Expropriate Colombo.wma
C:\Documents and Settings\a\!\Abigail Grush - Little Snippets.wma
C:\Documents and Settings\a\!\Above The Orange Trees - Outdoor Miner.wma
C:\Documents and Settings\a\!\Abramis Brama - Mamma Talar.wma
C:\Documents and Settings\a\!\Abstractor - Carpenter Deja Weedy.wma
C:\Documents and Settings\a\!\Absurd - Fred Pa Jorden.wma
C:\Documents and Settings\a\!\Ace Of Base - Adventures In.wma
C:\Documents and Settings\a\!\Ace Of Base - Angel Eyes.wma
C:\Documents and Settings\a\!\Ace Of Base - Living In Danger.wma
C:\Documents and Settings\a\!\Acid Rain - I Was Late.wma
C:\Documents and Settings\a\!\Action Action - Drug Like.wma
C:\Documents and Settings\a\!\Action Biker - La Conjugaison Pour Tous.wma
C:\Documents and Settings\a\!\Adam DonlinLettucehead - Whiskey In The Jar.wma
C:\Documents and Settings\a\!\Adam Green - C Birds.wma
C:\Documents and Settings\a\!\Adam Green - Pay The Toll.wma
C:\Documents and Settings\a\!\Adam Sandler - The Chanukah Song.wma
C:\Documents and Settings\a\!\Adamkus Ir Ieva - Plakaty.wma
C:\Documents and Settings\a\!\Adamkus Ir Ieva - Voina S Sistemoi.wma
C:\Documents and Settings\a\!\Adamkus Ir Ieva - Vse Raznye.wma
C:\Documents and Settings\a\!\Addis - Messiah Centaur Evolve.wma
C:\Documents and Settings\a\!\Adelia - Oregano Maledict Ness.wma
C:\Documents and Settings\a\!\Adina Howard - L.O.V.A. (2oo7).wma
C:\Documents and Settings\a\!\Adolescents - Hawks And Doves.wma
C:\Documents and Settings\a\!\Adrenalin Od - Aod vs. Godzilla.wma
C:\Documents and Settings\a\!\Adriano Celentano - Jealousy (Tango).wma
C:\Documents and Settings\a\!\Adrienne Rich - Victory.wma
C:\Documents and Settings\a\!\Aerosmith - Big Ten Inch Record.wma
C:\Documents and Settings\a\!\Aerosmith - Big Ten.wma
C:\Documents and Settings\a\!\Aerosmith - Crazy.wma
C:\Documents and Settings\a\!\Aerosmith - Cryin'.wma
C:\Documents and Settings\a\!\Aerosmith - Cryin.wma
C:\Documents and Settings\a\!\Aerosmith - Crying.wma
C:\Documents and Settings\a\!\Aerosmith - Eat The Rich.wma
C:\Documents and Settings\a\!\Aerosmith - Falling In Love Is Hard On Th.wma
C:\Documents and Settings\a\!\Aerosmith - Going DownLove In An Elevat.wma
C:\Documents and Settings\a\!\Aerosmith - Hole In My Soul.wma
C:\Documents and Settings\a\!\Aerosmith - Jaded.wma
C:\Documents and Settings\a\!\Aerosmith - Pink (Live On Z100).wma
C:\Documents and Settings\a\!\Aerosmith - Pink.wma
C:\Documents and Settings\a\!\Afi - 09.The Days Of The Phoenix.wma
C:\Documents and Settings\a\!\Afi - Death Of Seasons.wma
C:\Documents and Settings\a\!\Afi - God Called In Sick Today.wma
C:\Documents and Settings\a\!\Afi - Silver And Cold.wma
C:\Documents and Settings\a\!\Afro Man - Cuz I Got High.wma
C:\Documents and Settings\a\!\Afroman - Because I Got High.wma
C:\Documents and Settings\a\!\Agata Kristi - Listopad.wma
C:\Documents and Settings\a\!\Agent Sparks - Mr. Insecurity.wma
C:\Documents and Settings\a\!\Agent Sparks - Pollyanne.wma
C:\Documents and Settings\a\!\Agressor - Manipulation Of Masses.wma
C:\Documents and Settings\a\!\Airforce One - Trance Airport.wma
C:\Documents and Settings\a\!\Airplay - Music Is Moving.wma
C:\Documents and Settings\a\!\Akoatique Orchestra - Squale.wma
C:\Documents and Settings\a\!\Akon - Bananza (Belly Dancer).wma
C:\Documents and Settings\a\!\Akon - Don't Matter.wma
C:\Documents and Settings\a\!\Akon - Ghetto (Live).wma
C:\Documents and Settings\a\!\Akon - I Wanna Love You (ft. Snoop Dogg).wma
C:\Documents and Settings\a\!\Akon - I Wanna Love You.wma
C:\Documents and Settings\a\!\Akon - Keep On Callin`.wma
C:\Documents and Settings\a\!\Akon - Lonely 21st.wma
C:\Documents and Settings\a\!\Akon - Pot Of Gold.wma
C:\Documents and Settings\a\!\Akon - Smack That.wma
C:\Documents and Settings\a\!\Akon and Snoop Dog - I Wanna Love You.wma
C:\Documents and Settings\a\!\Akon F Gwen Stephani - The Sweet Escape.wma
C:\Documents and Settings\a\!\Akon Featuring Styles P. - Locked Up.wma
C:\Documents and Settings\a\!\Akon ft. Eminem - Smack That (Clean).wma
C:\Documents and Settings\a\!\Akon ft. Eminem - Smack That.wma
C:\Documents and Settings\a\!\Akon ft. Snoop Dogg - I Wanna Fuck You.wma
C:\Documents and Settings\a\!\Akon ft. Snoop Dogg Tego Calderon - I Wanna Fuck You.wma
C:\Documents and Settings\a\!\Al Dimeola - Double Concerto.wma
C:\Documents and Settings\a\!\Al Green - Aint No Sunshine.wma
C:\Documents and Settings\a\!\Al Green - Guilty.wma
C:\Documents and Settings\a\!\Al Green - June.wma
C:\Documents and Settings\a\!\Al Green - Lets Stay Together.wma
C:\Documents and Settings\a\!\Alain Raymond - Give All Your Love To Me.wma
C:\Documents and Settings\a\!\Alan Jackson - Cuwmedley.wma
C:\Documents and Settings\a\!\Alan Jackson - Half Wired Medley.wma
C:\Documents and Settings\a\!\Alan Jackson - Pickup Man.wma
C:\Documents and Settings\a\!\Alan Jackson - Where Were You.wma
C:\Documents and Settings\a\!\Alanis Morissette - Ironic.wma
C:\Documents and Settings\a\!\Alanis Morissette - Out Is Through.wma
C:\Documents and Settings\a\!\Alanis Morissette - Precious Illusions.wma
C:\Documents and Settings\a\!\Alaska - Alaska.wma
C:\Documents and Settings\a\!\Alcazar - This Is The World We Live In (Almighty R...).wma
C:\Documents and Settings\a\!\Alcazar - This Is The World We Live In.wma
C:\Documents and Settings\a\!\Alec R. Costandinos - Grooves (Pitch).wma
C:\Documents and Settings\a\!\Aleksandra Perovic - Opijum.wma
C:\Documents and Settings\a\!\Alex Castillo - Ojos Tristes.wma
C:\Documents and Settings\a\!\Alex Castillo - Vuelven.wma
C:\Documents and Settings\a\!\Alexander - Charles Near.wma
C:\Documents and Settings\a\!\Alexander Blu - Emptiness.wma
C:\Documents and Settings\a\!\Alexandre Pires - Necesidad.wma
C:\Documents and Settings\a\!\Alice Cooper - Billion Dollar Babies (Live).wma
C:\Documents and Settings\a\!\Alice Cooper - Hello Hooray.wma
C:\Documents and Settings\a\!\Alice Cooper - I Love The Dead.wma
C:\Documents and Settings\a\!\Alice Cooper - Schools Out.wma
C:\Documents and Settings\a\!\Alice In Chains - Dirt.wma
C:\Documents and Settings\a\!\Alice In Chains - Grind.wma
C:\Documents and Settings\a\!\Alice In Chains - Over Now Mtv Unplugged Live.wma
C:\Documents and Settings\a\!\Alice In Chains - Rooster.wma
C:\Documents and Settings\a\!\Alice In Chains - Sunshine.wma
C:\Documents and Settings\a\!\Alice In Chains - We Die Young.wma
C:\Documents and Settings\a\!\Alicia Keys - A Womans Worth (Remix).wma
C:\Documents and Settings\a\!\Alicia Keys - A Womans Worth.wma
C:\Documents and Settings\a\!\Alicia Keys - Diary.wma
C:\Documents and Settings\a\!\Alicia Keys - Fallin'.wma
C:\Documents and Settings\a\!\Alicia Keys - Fallin.wma
C:\Documents and Settings\a\!\Alicia Keys - Karma.wma
C:\Documents and Settings\a\!\Alicia Keys - No One.wma
C:\Documents and Settings\a\!\Alien Ant Farm - Movies.wma
C:\Documents and Settings\a\!\Alien Ant Farm - Smoot Criminal (Live).wma
C:\Documents and Settings\a\!\Alien Ant Farm - Smooth Criminal (Radio Version).wma
C:\Documents and Settings\a\!\Alien Ant Farm - Smooth Criminal.wma
C:\Documents and Settings\a\!\Alison Krauss - Down To The River To Pray.wma
C:\Documents and Settings\a\!\Alison Krauss and Union Station - Let Me Touch You For A While.wma
C:\Documents and Settings\a\!\All - Teresa.wma
C:\Documents and Settings\a\!\All 4 One - Beautiful As You.wma
C:\Documents and Settings\a\!\All 4 One - I Swear.wma
C:\Documents and Settings\a\!\All American Rejects - Move Along.wma
C:\Documents and Settings\a\!\All Combinations - Ghost Town.wma
C:\Documents and Settings\a\!\All Mighty Senators - Triumphant.wma
C:\Documents and Settings\a\!\All Over Now - All Over Now.wma
C:\Documents and Settings\a\!\All Saints - All Hooked Up.wma
C:\Documents and Settings\a\!\Allison Crowe - Hallelujah.wma
C:\Documents and Settings\a\!\Alter Bridge - In Loving Memory.wma
C:\Documents and Settings\a\!\Alter Bridge - Open Your Eyes (Video).wma
C:\Documents and Settings\a\!\Alter Bridge - The End Is Here.wma
C:\Documents and Settings\a\!\Alter Bridge - Watch Your Words.wma
C:\Documents and Settings\a\!\Alter Ego - Highpride.wma
C:\Documents and Settings\a\!\Alter Ego - Keep The Faith Radio Edit.wma
C:\Documents and Settings\a\!\Alter Ego - Keep The Faith.wma
C:\Documents and Settings\a\!\Alter Ego - Of Others Radio Edit.wma
C:\Documents and Settings\a\!\Alter Ego - Of Others.wma

hfosteriii

2008-04-16, 02:50

C:\Documents and Settings\Test\!\Shakira - Hips Don't Lie (ft. Wyclef Jea...).wma
C:\Documents and Settings\Test\!\Shakira ft. Wyclef Jean - Hips Don't Lie.wma
C:\Documents and Settings\Test\!\Shania Twain - From This Moment On.wma
C:\Documents and Settings\Test\!\Sheryl Crow - Strong Enough (Voltron Krew Rx).wma
C:\Documents and Settings\Test\!\Shirley Caesar - Hold My Mule.wma
C:\Documents and Settings\Test\!\Simple Plane - Welcome To My Life.wma
C:\Documents and Settings\Test\!\Sixpence None The Richer - Kiss Me.wma
C:\Documents and Settings\Test\!\Smash Mouth - All Star.wma
C:\Documents and Settings\Test\!\Snap - Rythm Is A Dancer (Pharaoh Instrumental Mix).wma
C:\Documents and Settings\Test\!\Snoop Doggy Dogg - Snoop Bounce Rocknroll Remix ft. Rage Aga.wma
C:\Documents and Settings\Test\!\Sonic Youth - Plastic Sun.wma
C:\Documents and Settings\Test\!\Soulja Boy - Crank That Soulja Boy..wma
C:\Documents and Settings\Test\!\Spice Girls - Good By Song.wma
C:\Documents and Settings\Test\!\Sugarcult - Riot.wma
C:\Documents and Settings\Test\!\Supermode - Tell Me Why.wma
C:\Documents and Settings\Test\!\Take That - Patience.wma
C:\Documents and Settings\Test\!\Taking Back Sunday - Liar It Takes One To Know One.wma
C:\Documents and Settings\Test\!\The Beatles - Sgt Peppers Lonely Hea.wma
C:\Documents and Settings\Test\!\The Beatles - Yellow Submarine.wma
C:\Documents and Settings\Test\!\The Bravery - An Honest Mistake.wma
C:\Documents and Settings\Test\!\The Carpenters - Chestnuts Roasting On An Open Fire (Christmas With....wma
C:\Documents and Settings\Test\!\The Dandy Warhols - Smoke It.wma
C:\Documents and Settings\Test\!\The Decemberists - The Soldiering Life.wma
C:\Documents and Settings\Test\!\The Game ft. 50 Cent - How We Do.wma
C:\Documents and Settings\Test\!\The Hold Steady - Most People Are Djs.wma
C:\Documents and Settings\Test\!\The Killers - Bling Confessions Of A King.wma
C:\Documents and Settings\Test\!\The Killers - Somebody Told Me.wma
C:\Documents and Settings\Test\!\The Sisters Of Mercy - Anaconda (Early Studio Version).wma
C:\Documents and Settings\Test\!\The Stone Roses - Fools Gold.wma
C:\Documents and Settings\Test\!\The Streets - Its Too Late.wma
C:\Documents and Settings\Test\!\The Who - Live At Monterey International Pop Festival.wma
C:\Documents and Settings\Test\!\The Zutons - Oh Stacey Look What Youve Done.wma
C:\Documents and Settings\Test\!\Tiesto - Traffic.wma
C:\Documents and Settings\Test\!\Timbaland - Give It To Me (ft. Nelly Furtado And Justin Timberlake).wma
C:\Documents and Settings\Test\!\Timbaland ft. One Republic - Apologize.wma
C:\Documents and Settings\Test\!\Tlc - Hands Up.wma
C:\Documents and Settings\Test\!\Tony Christie - Is This The Way To Amarillo.wma
C:\Documents and Settings\Test\!\Tori Amos - Cornflake Girl (Live).wma
C:\Documents and Settings\Test\!\Tracy Byrd - Ten Rounds With Jose Cuervo.wma
C:\Documents and Settings\Test\!\Tracy Chapman - Give Me One Reason.wma
C:\Documents and Settings\Test\!\Travis - Closer.wma
C:\Documents and Settings\Test\!\Trick Daddy ft. Donk Ryders - Its My Dog Birthday.wma
C:\Documents and Settings\Test\!\Trina ft. Kelly Rowland - Feanin 4 U.wma
C:\Documents and Settings\Test\!\U2 - Sunday Bloody Sunday.wma
C:\Documents and Settings\Test\!\U2 - With Or Without You.wma
C:\Documents and Settings\Test\!\Van Morrison - Magic Time.wma
C:\Documents and Settings\Test\!\Weird Al Yankovic - Night Santa Went Crazy.wma
C:\Documents and Settings\Test\!\Wham - Club Fantastic (Megamix).wma
C:\Documents and Settings\Test\!\Wu Tang Clan - Ex-Girlfriend.wma
C:\Documents and Settings\Test\!\Xavier Naidoo - Fuhr Mich Ans Licht (Chester Ocean Love Remix).wma
C:\Documents and Settings\Test\!\Young Jibbs - Does Your Chain Hang Low.wma
C:\Documents and Settings\Test\!\z1q3w4f5g6h7j8k9lllaaz.wma
C:\Documents and Settings\Test\Application Data\alot
C:\Documents and Settings\Test\x1.dat
C:\domains.dat
C:\WINDOWS\BM9b6999b4.xml
C:\WINDOWS\system32\aogfhnjc.ini
C:\WINDOWS\system32\aqVreo05
C:\WINDOWS\system32\cfrfhzto.yol
C:\WINDOWS\system32\djwmxqdj.dll
C:\WINDOWS\system32\dshapovf.ini
C:\WINDOWS\system32\egerapcw.ini
C:\WINDOWS\system32\GOWvDJlm.ini
C:\WINDOWS\system32\GOWvDJlm.ini2
C:\WINDOWS\system32\iorpusjb.rfi
C:\WINDOWS\system32\jrkkphsf.ini
C:\WINDOWS\system32\kpydqlju.ini
C:\WINDOWS\system32\kpydqlju.tmp
C:\WINDOWS\system32\lgigijpl.ini
C:\WINDOWS\system32\liqsfqml.ini
C:\WINDOWS\system32\mewhaxms.ini
C:\WINDOWS\system32\nurbsroy.ini
C:\WINDOWS\system32\oiwbumsa.ini
C:\WINDOWS\system32\piivxvyt.ini
C:\WINDOWS\system32\pnwfiwbm.ini
C:\WINDOWS\system32\poadruvt.ini
C:\WINDOWS\system32\rajfhpfj.ini
C:\WINDOWS\system32\stwwsqxc.gmt
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\ucdgmody.dll
C:\WINDOWS\system32\urxwnxnp.ini
C:\WINDOWS\system32\vnnjcylr.ini
C:\WINDOWS\system32\vpcyzqrj.zll
C:\WINDOWS\system32\vqlkurkl.ini
C:\WINDOWS\system32\wewgmffb.dll
C:\WINDOWS\system32\wntjctim.ini
C:\WINDOWS\system32\xoakldvo.pyh
C:\WINDOWS\system32\xtcotqqv.ini
C:\WINDOWS\system32\ylphyjhn.ini
C:\WINDOWS\system32\ysdgmqby.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-12 18:57 . 2008-04-12 19:02 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-04-12 18:56 . 2006-09-02 18:21 108,728 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-12 18:56 . 2006-09-02 18:21 48,824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-12 18:55 . 2008-04-12 18:59 <DIR> d-------- C:\Program Files\Symantec
2008-04-12 02:06 . 2008-04-12 02:06 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-12 02:06 . 2008-04-12 02:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-11 21:17 . 2008-04-11 21:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 21:03 . 2002-01-01 00:42 1,033 --a------ C:\WINDOWS\wininit.ini
2008-04-11 20:25 . 2008-04-11 20:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-11 20:25 . 2008-04-12 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 11:50 . 2006-02-28 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-06 11:48 . 2008-04-06 11:48 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-06 11:43 . 2008-04-06 11:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-06 11:43 . 2008-04-06 11:45 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-05 18:57 . 2008-04-05 18:57 0 --a------ C:\config.ini
2008-03-29 00:45 . 2008-04-13 23:44 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 23:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-12 23:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-12 05:49 --------- d-----w C:\Program Files\WeatherStudio Desktop
2008-04-11 23:58 --------- d-----w C:\Documents and Settings\a\Application Data\LimeWire
2008-04-05 23:58 --------- d-----w C:\Program Files\Google
2008-04-05 22:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 22:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-29 04:46 --------- d-----w C:\Program Files\LimeWire
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 19:01 --------- d-----w C:\Program Files\support.com
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 23:50 --------- d-----w C:\Program Files\Yahoo! Games
2008-02-21 23:23 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-13_23.53.06.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
- 2008-04-14 03:47:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-04-15 21:24:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-06-26 17:37:10 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2006-02-28 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-12-19 23:01:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 22:36:30 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:53:32 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-01-01 20:42:36 90,296 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-04-15 21:24:09 90,296 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 11:00:57 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 02:21:46 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-12-07 02:21:48 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2002-01-01 08:22:48 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-14 03:50:14 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2002-01-01 08:22:48 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-14 03:50:14 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17 159744]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 03:04 84640]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
KODAK Software Updater.lnk.disabled [2002-01-02 08:42:32 1996]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-02-28 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
--a------ 2007-04-19 15:21 198184 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-12-15 18:42 114688 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-12-15 18:42 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-12-18 21:47 8720384 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2003-03-11 17:24 86016 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-15 19:20 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"985aaa28"=rundll32.exe "C:\WINDOWS\system32\vqqtoctx.dll",b
"BM9b6999b4"=Rundll32.exe "C:\WINDOWS\system32\xrijukog.dll",s
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2003-03-17 18:39]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 17:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 17:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 17:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 17:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 17:50]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-06 09:00:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-04-12 23:29:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - a.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 17:56:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-15 17:57:18
ComboFix-quarantined-files.txt 2008-04-15 21:57:16
ComboFix2.txt 2008-04-14 03:53:31

Pre-Run: 38,395,744,256 bytes free
Post-Run: 38,382,895,104 bytes free
.
2008-04-14 03:54:38 --- E O F ---

hfosteriii

2008-04-16, 02:52

Sorry, I skipped a bunch in the middle of the combofix file because it was all song files. Plus it kept freezing and I didn't think you wanted to read em all.

Blade81

2008-04-16, 07:44

Hi

Did you try to reboot?

If it didn't help to restore the connection please check here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix#restore).

Blade81

2008-04-23, 19:29

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.