View Full Version : Yet another Virtumonde victem, please help
snowman101178
2008-05-08, 20:58
i run spybot and vundofix and nothing works.....myIE privacy settings , reset to allow all cookies.... i have run hijack this.......please help , thanks you
Logfile of HijackThis v1.99.1
Scan saved at 1:38:58 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Brian\Desktop\VundoFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BMe7a57b1f] Rundll32.exe "C:\WINDOWS\system32\opxujexk.dll",s
O4 - HKLM\..\Run: [e4964883] rundll32.exe "C:\WINDOWS\system32\klblhouw.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176414129109
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177284942609
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
Rorschach112
2008-05-08, 21:37
Hello
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Please visit this web page for instructions for downloading and running ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.
Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
snowman101178
2008-05-08, 23:40
ComboFix 08-05-07.2 - Brian 2008-05-08 16:08:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1391 [GMT -4:00]
Running from: C:\Documents and Settings\Brian\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brian\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bang-006.ico
C:\WINDOWS\system32\BeOUBJlm.ini
C:\WINDOWS\system32\BeOUBJlm.ini2
C:\WINDOWS\system32\bjievnqy.ini
C:\WINDOWS\system32\byXOIBrQ.dll
C:\WINDOWS\system32\CIkUFfhk.ini
C:\WINDOWS\system32\CIkUFfhk.ini2
C:\WINDOWS\system32\DffefMoq.ini
C:\WINDOWS\system32\DffefMoq.ini2
C:\WINDOWS\system32\hqckcnja.dll
C:\WINDOWS\system32\hqwmenay.dll
C:\WINDOWS\system32\khfFUkIC.dll
C:\WINDOWS\system32\klblhouw.dll
C:\WINDOWS\system32\lStuwyay.ini
C:\WINDOWS\system32\lStuwyay.ini2
C:\WINDOWS\system32\lwgmtuvy.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mnxbyvjh.ini
C:\WINDOWS\system32\ncgnxuwo.dll
C:\WINDOWS\system32\opxujexk.dll
C:\WINDOWS\system32\pwldbcax.ini
C:\WINDOWS\system32\wuohlblk.ini
C:\WINDOWS\system32\yqnvelijb.dll
C:\WINDOWS\system32\yvutmgwl.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.
2008-05-08 13:20 . 2008-05-08 13:20 <DIR> d-------- C:\VundoFix Backups
2008-05-08 13:01 . 2008-05-08 13:01 2,112 --a------ C:\WINDOWS\system32\febypagd.exe
2008-05-08 07:27 . 2008-05-08 07:27 2,048 --a------ C:\WINDOWS\system32\bpikwijh.exe
2008-05-06 21:51 . 2008-05-08 14:43 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\.purple
2008-05-06 17:10 . 2008-05-06 17:11 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-05-06 14:49 . 2008-05-06 14:49 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Grisoft
2008-05-06 14:49 . 2008-05-06 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-06 14:49 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-04 16:31 . 2008-05-06 22:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-04 16:31 . 2008-05-04 16:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-04 16:17 . 2008-05-04 16:17 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-04 16:16 . 2008-05-04 16:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-04 10:31 . 2008-05-08 07:24 109,709 --a------ C:\WINDOWS\BMe7a57b1f.xml
2008-05-03 23:13 . 2008-05-03 23:16 67 --a------ C:\WINDOWS\#1 DVD Ripper.INI
2008-05-03 22:27 . 2008-05-03 22:27 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Malwarebytes
2008-05-03 22:27 . 2008-05-03 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-03 22:24 . 2008-05-04 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-30 08:28 . 2008-04-30 08:28 <DIR> d-------- C:\Program Files\VSO
2008-04-30 08:28 . 2008-04-30 08:29 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Vso
2008-04-30 08:28 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-04-30 08:28 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-04-30 08:28 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-04-30 08:28 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-04-30 08:28 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-04-30 08:28 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-04-30 08:28 . 2008-04-30 08:28 87,608 --a------ C:\Documents and Settings\Brian\Application Data\inst.exe
2008-04-30 08:28 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-04-30 08:28 . 2008-04-30 08:28 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-30 08:28 . 2008-04-30 08:28 47,360 --a------ C:\Documents and Settings\Brian\Application Data\pcouffin.sys
2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-28 19:02 . 2008-04-28 19:08 <DIR> d-------- C:\Program Files\WinWatermark 2
2008-04-28 19:02 . 2008-04-28 19:02 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Sony
2008-04-28 18:59 . 2008-04-28 18:59 <DIR> d-------- C:\Program Files\Sony Setup
2008-04-22 20:24 . 2008-04-22 20:24 <DIR> d-------- C:\Program Files\Ashampoo
2008-04-22 20:24 . 2008-04-22 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ashampoo
2008-04-22 20:19 . 2008-04-22 20:19 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2008-04-21 15:08 . 2008-04-21 15:08 13,144 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-04-20 10:11 . 2008-04-20 10:56 <DIR> d-------- C:\Program Files\Picasa2
2008-04-20 09:18 . 2008-05-03 10:51 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Ulead Systems
2008-04-20 09:00 . 2008-04-20 09:00 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-04-20 09:00 . 2008-04-20 09:00 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-20 08:59 . 2008-04-20 08:59 <DIR> d-------- C:\Program Files\Windows Media Components
2008-04-20 08:57 . 2008-04-20 08:57 <DIR> d-------- C:\Program Files\Ulead Systems
2008-04-20 08:57 . 2008-04-20 08:57 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-20 08:57 . 2008-04-20 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-20 08:44 . 2008-04-20 08:44 15,172 --a------ C:\WINDOWS\system32\drivers\PzWDM.sys
2008-04-20 08:43 . 2003-10-02 00:01 27,965 --a------ C:\WINDOWS\system32\EPPICPresetData_JP.dat
2008-04-20 08:43 . 2003-10-02 00:00 15,822 --a------ C:\WINDOWS\system32\EPPICLocal_JP.cfg
2008-04-20 08:42 . 2008-04-20 08:44 <DIR> d-------- C:\Program Files\CASIO
2008-04-20 08:41 . 2008-04-20 10:10 <DIR> d-------- C:\Program Files\HOTALBUMMyBOX
2008-04-17 09:32 . 2008-05-02 18:28 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\DivX
2008-04-15 21:35 . 2008-05-08 07:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-14 16:50 . 2008-05-06 08:49 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-14 16:50 . 2008-04-14 16:50 <DIR> d-------- C:\Program Files\SiSoftware
2008-04-14 16:50 . 2008-05-06 08:49 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Spyware Terminator
2008-04-14 16:50 . 2008-05-04 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-04-14 16:50 . 2008-04-14 16:50 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-14 16:48 . 2008-04-14 16:48 <DIR> d-------- C:\Program Files\Defraggler
2008-04-14 16:41 . 2008-04-14 16:42 <DIR> d-------- C:\Program Files\Pidgin
2008-04-14 16:41 . 2008-04-14 16:41 <DIR> d-------- C:\Program Files\iTunes
2008-04-14 16:41 . 2008-04-14 16:41 <DIR> d-------- C:\Program Files\iPod
2008-04-14 16:40 . 2008-04-14 16:40 <DIR> d-------- C:\Program Files\Bonjour
2008-04-14 16:39 . 2008-04-14 16:39 <DIR> d-------- C:\Program Files\QuickTime
2008-04-11 10:14 . 2008-04-11 10:14 97,728 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 16:56 --------- d-----w C:\Program Files\KeePass Password Safe
2008-05-06 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-06 22:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-06 20:59 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-05-06 20:15 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-06 18:40 --------- d-----w C:\Program Files\CamGrab-2LE
2008-05-04 20:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-03 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-03 23:27 --------- d-----w C:\Documents and Settings\Brian\Application Data\RipIt4Me
2008-05-03 02:22 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-03 02:19 --------- d-----w C:\Program Files\Windows Live
2008-05-03 02:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-28 23:51 --------- d-----w C:\Program Files\SlySoft
2008-04-28 23:42 --------- d-----w C:\Program Files\IrfanView
2008-04-23 00:28 --------- d-----w C:\Program Files\Elaborate Bytes
2008-04-20 13:15 --------- d-----w C:\Program Files\McAfee
2008-04-20 12:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 02:18 --------- d-----w C:\Documents and Settings\Brian\Application Data\gtk-2.0
2008-04-16 01:37 --------- d-----w C:\Program Files\Google
2008-04-14 20:53 --------- d-----w C:\Program Files\Winamp
2008-04-14 20:43 --------- d-----w C:\Program Files\DivX
2008-03-30 17:25 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-29 22:59 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-03-29 22:56 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-29 22:11 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-16 02:00 --------- d-----w C:\Program Files\Creative
2008-03-16 01:20 --------- d-----w C:\Program Files\Steinberg
2008-03-16 01:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-03-16 01:06 --------- d-----w C:\Program Files\Recuva
2008-03-16 00:49 --------- d-----w C:\Documents and Settings\Brian\Application Data\Creative
2008-03-13 16:27 --------- d-----w C:\Program Files\VideoLAN
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C2EC0AC-8F8D-4411-BE76-CF4BB88194F1}]
C:\WINDOWS\system32\qoMfeffD.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Wtrn"="C:\PROGRA~1\COMMON~1\CROSOF~1.NET\fast.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"= 1 (0x1)
"Mn@mlrf"= 1 (0x1)
"MnOndNeg"= 1 (0x1)
"MnQtm"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-04-11 07:42 2075584 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0\AOL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
--------- 2004-11-30 11:00 135168 C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--------- 2003-06-18 01:00 45056 C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-08-07 18:10 16384 C:\WINDOWS\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
--------- 1999-10-10 13:00 41984 C:\WINDOWS\CTRegRun.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2005-08-07 18:10 18944 C:\WINDOWS\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-02-01 16:32 8699904 C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet]
--a------ 2005-01-11 22:09 2572288 C:\Program Files\Hello\Hello.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
--------- 2005-06-16 18:25 49152 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2007-03-01 19:55 4865600 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
--------- 2005-07-11 11:34 122880 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
--a------ 2005-06-10 09:43 1095680 C:\Program Files\Webroot\Washer\wwDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-11-06 20:51 3810544 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2a\\RpcAgentSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2a\\WNt500x86\\RpcSandraSrv.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-04-20 08:44]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-14 16:50]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe [2008-04-10 11:53]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 17:54]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 22:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-15 05:56:11 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-05-01 05:01:12 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
"2008-05-08 20:25:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 16:21:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-05-08 16:35:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-08 20:33:59
Pre-Run: 50,930,708,480 bytes free
Post-Run: 51,019,526,144 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
318 --- E O F --- 2008-05-0Logfile of HijackThis v1.99.1
Scan saved at 4:40:05 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0C2EC0AC-8F8D-4411-BE76-CF4BB88194F1} - C:\WINDOWS\system32\qoMfeffD.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176414129109
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177284942609
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
2 04:44:38
Rorschach112
2008-05-09, 00:46
Hello
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\febypagd.exe
C:\WINDOWS\system32\bpikwijh.exe
C:\WINDOWS\BMe7a57b1f.xml
DirLook::
C:\Documents and Settings\Brian\Application Data\.purple
C:\WINDOWS\ie8
Registry::
Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Also post a new HijackThis log
snowman101178
2008-05-09, 16:24
Thanks you very very much for your help in this matter....
Logfile of HijackThis v1.99.1
Scan saved at 9:23:32 AM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0C2EC0AC-8F8D-4411-BE76-CF4BB88194F1} - C:\WINDOWS\system32\qoMfeffD.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176414129109
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177284942609
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
Rorschach112
2008-05-09, 18:28
Can you post the ComboFix log please
snowman101178
2008-05-09, 19:23
ComboFix 08-05-07.2 - Brian 2008-05-09 0:56:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1129 [GMT -4:00]
Running from: C:\Documents and Settings\Brian\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brian\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
FILE ::
C:\WINDOWS\BMe7a57b1f.xml
C:\WINDOWS\system32\bpikwijh.exe
C:\WINDOWS\system32\febypagd.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Brian\Application Data\inst.exe
C:\WINDOWS\BMe7a57b1f.xml
C:\WINDOWS\system32\_000103_.tmp.dll
C:\WINDOWS\system32\bpikwijh.exe
C:\WINDOWS\system32\febypagd.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.
2008-05-08 13:20 . 2008-05-08 13:20 <DIR> d-------- C:\VundoFix Backups
2008-05-06 21:51 . 2008-05-08 14:43 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\.purple
2008-05-06 17:10 . 2008-05-06 17:11 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-05-06 14:49 . 2008-05-06 14:49 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Grisoft
2008-05-06 14:49 . 2008-05-06 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-06 14:49 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-04 16:31 . 2008-05-06 22:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-04 16:31 . 2008-05-04 16:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-04 16:17 . 2008-05-04 16:17 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-04 16:16 . 2008-05-04 16:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 23:13 . 2008-05-03 23:16 67 --a------ C:\WINDOWS\#1 DVD Ripper.INI
2008-05-03 22:27 . 2008-05-03 22:27 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Malwarebytes
2008-05-03 22:27 . 2008-05-03 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-03 22:24 . 2008-05-04 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-30 08:28 . 2008-04-30 08:28 <DIR> d-------- C:\Program Files\VSO
2008-04-30 08:28 . 2008-04-30 08:29 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Vso
2008-04-30 08:28 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-04-30 08:28 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-04-30 08:28 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-04-30 08:28 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-04-30 08:28 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-04-30 08:28 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-04-30 08:28 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-04-30 08:28 . 2008-04-30 08:28 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-30 08:28 . 2008-04-30 08:28 47,360 --a------ C:\Documents and Settings\Brian\Application Data\pcouffin.sys
2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-28 19:02 . 2008-04-28 19:08 <DIR> d-------- C:\Program Files\WinWatermark 2
2008-04-28 19:02 . 2008-04-28 19:02 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Sony
2008-04-28 18:59 . 2008-04-28 18:59 <DIR> d-------- C:\Program Files\Sony Setup
2008-04-22 20:24 . 2008-04-22 20:24 <DIR> d-------- C:\Program Files\Ashampoo
2008-04-22 20:24 . 2008-04-22 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ashampoo
2008-04-22 20:19 . 2008-04-22 20:19 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2008-04-21 15:08 . 2008-04-21 15:08 13,144 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-04-20 10:11 . 2008-04-20 10:56 <DIR> d-------- C:\Program Files\Picasa2
2008-04-20 09:18 . 2008-05-03 10:51 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Ulead Systems
2008-04-20 09:00 . 2008-04-20 09:00 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-04-20 09:00 . 2008-04-20 09:00 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-20 08:59 . 2008-04-20 08:59 <DIR> d-------- C:\Program Files\Windows Media Components
2008-04-20 08:57 . 2008-04-20 08:57 <DIR> d-------- C:\Program Files\Ulead Systems
2008-04-20 08:57 . 2008-04-20 08:57 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-20 08:57 . 2008-04-20 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-20 08:44 . 2008-04-20 08:44 15,172 --a------ C:\WINDOWS\system32\drivers\PzWDM.sys
2008-04-20 08:43 . 2003-10-02 00:01 27,965 --a------ C:\WINDOWS\system32\EPPICPresetData_JP.dat
2008-04-20 08:43 . 2003-10-02 00:00 15,822 --a------ C:\WINDOWS\system32\EPPICLocal_JP.cfg
2008-04-20 08:42 . 2008-04-20 08:44 <DIR> d-------- C:\Program Files\CASIO
2008-04-20 08:41 . 2008-04-20 10:10 <DIR> d-------- C:\Program Files\HOTALBUMMyBOX
2008-04-17 09:32 . 2008-05-02 18:28 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\DivX
2008-04-15 21:35 . 2008-05-08 07:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-14 16:50 . 2008-05-06 08:49 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-14 16:50 . 2008-04-14 16:50 <DIR> d-------- C:\Program Files\SiSoftware
2008-04-14 16:50 . 2008-05-06 08:49 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Spyware Terminator
2008-04-14 16:50 . 2008-05-04 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-04-14 16:50 . 2008-04-14 16:50 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-14 16:48 . 2008-04-14 16:48 <DIR> d-------- C:\Program Files\Defraggler
2008-04-14 16:41 . 2008-04-14 16:42 <DIR> d-------- C:\Program Files\Pidgin
2008-04-14 16:41 . 2008-04-14 16:41 <DIR> d-------- C:\Program Files\iTunes
2008-04-14 16:41 . 2008-04-14 16:41 <DIR> d-------- C:\Program Files\iPod
2008-04-14 16:40 . 2008-04-14 16:40 <DIR> d-------- C:\Program Files\Bonjour
2008-04-14 16:39 . 2008-04-14 16:39 <DIR> d-------- C:\Program Files\QuickTime
2008-04-11 10:14 . 2008-04-11 10:14 97,728 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 16:56 --------- d-----w C:\Program Files\KeePass Password Safe
2008-05-06 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-06 22:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-06 20:59 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-05-06 20:15 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-06 18:40 --------- d-----w C:\Program Files\CamGrab-2LE
2008-05-04 20:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-03 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-03 23:27 --------- d-----w C:\Documents and Settings\Brian\Application Data\RipIt4Me
2008-05-03 02:22 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-03 02:19 --------- d-----w C:\Program Files\Windows Live
2008-05-03 02:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-28 23:51 --------- d-----w C:\Program Files\SlySoft
2008-04-28 23:42 --------- d-----w C:\Program Files\IrfanView
2008-04-23 00:28 --------- d-----w C:\Program Files\Elaborate Bytes
2008-04-20 13:15 --------- d-----w C:\Program Files\McAfee
2008-04-20 12:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 02:18 --------- d-----w C:\Documents and Settings\Brian\Application Data\gtk-2.0
2008-04-16 01:37 --------- d-----w C:\Program Files\Google
2008-04-14 20:53 --------- d-----w C:\Program Files\Winamp
2008-04-14 20:43 --------- d-----w C:\Program Files\DivX
2008-03-30 17:25 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-29 22:59 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-03-29 22:56 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-29 22:11 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-16 02:00 --------- d-----w C:\Program Files\Creative
2008-03-16 01:20 --------- d-----w C:\Program Files\Steinberg
2008-03-16 01:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-03-16 01:06 --------- d-----w C:\Program Files\Recuva
2008-03-16 00:49 --------- d-----w C:\Documents and Settings\Brian\Application Data\Creative
2008-03-13 16:27 --------- d-----w C:\Program Files\VideoLAN
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Documents and Settings\Brian\Application Data\.purple ----
2008-05-08 14:43 7570 --a------ C:\Documents and Settings\Brian\Application Data\.purple\accounts.xml
2008-05-08 14:43 55567 --a------ C:\Documents and Settings\Brian\Application Data\.purple\blist.xml
2008-05-08 14:34 19565 --a------ C:\Documents and Settings\Brian\Application Data\.purple\prefs.xml
2008-05-07 05:07 17308 --a------ C:\Documents and Settings\Brian\Application Data\.purple\icons\ad5a49aa699f1b1106b40c7d2cc05c01d4a7f034.png
2008-05-06 22:21 5809 --a------ C:\Documents and Settings\Brian\Application Data\.purple\accels
2008-05-06 21:51 538 --a------ C:\Documents and Settings\Brian\Application Data\.purple\status.xml
2008-05-06 21:51 24695 --a------ C:\Documents and Settings\Brian\Application Data\.purple\icons\4ac1ba830d80ce90fc6a8c45247c6ad84378dd66.png
2008-05-06 21:51 19353 --a------ C:\Documents and Settings\Brian\Application Data\.purple\icons\c90cfc9e3a867c5becd309aad27f9b96034f06bf.png
2008-05-06 21:51 18715 --a------ C:\Documents and Settings\Brian\Application Data\.purple\icons\fefde9d8413e207a72c5aa82d3424d9332b17d94.png
2008-05-06 21:51 18404 --a------ C:\Documents and Settings\Brian\Application Data\.purple\icons\84bbd36db65fbc4ed28ba2ee55901c1c6f2ef0e9.png
2008-05-06 21:51 18181 --a------ C:\Documents and Settings\Brian\Application Data\.purple\icons\11d3a37adcd982c8252034ec59ffaa14f1f9cc3f.png
2008-05-06 21:51 17881 --a------ C:\Documents and Settings\Brian\Application Data\.purple\icons\eae9eb363e794ca81d47eb4cbad85216df01b899.png
2008-05-06 21:51 17111 --a------ C:\Documents and Settings\Brian\Application Data\.purple\icons\c65c2441e2e19b657e6dfa22148be0ee4d8f8fe4.png
2008-05-06 21:51 16558 --a------ C:\Documents and Settings\Brian\Application Data\.purple\icons\440de5b777bccffb5177dac5bc5340ba6977fe76.png
2008-05-06 21:51 16132 --a------ C:\Documents and Settings\Brian\Application Data\.purple\icons\add8b0b6e8f4f38614e6130288b25f509f1625e1.png
2008-05-06 21:51 15685 --a------ C:\Documents and Settings\Brian\Application Data\.purple\icons\593d52f1ce6f3a06eaa64f58127cbd22b3b9bce8.png
2008-05-06 21:51 15307 --a------ C:\Documents and Settings\Brian\Application Data\.purple\icons\3b0c88d3acb6a53dd0786f5d7baf0ed1c518259b.png
2008-05-06 21:51 14817 --a------ C:\Documents and Settings\Brian\Application Data\.purple\icons\64724c7387affbd422866bdaf1bd6202c5aeee6a.png
2008-05-06 21:51 1085 --a------ C:\Documents and Settings\Brian\Application Data\.purple\icons\6a96a94db63746331e1730960e3daa708eb98f76.icon
2008-05-06 21:51 1080 --a------ C:\Documents and Settings\Brian\Application Data\.purple\icons\ff756f661487e49721b06cecf4dbe4636342e69a.icon
---- Directory of C:\WINDOWS\ie8 ----
2008-05-06 17:13 400433 --a--c--- C:\WINDOWS\ie8\spuninst\spuninst.inf
2008-05-06 17:11 81920 --a--c--- C:\WINDOWS\ie8\reg01391
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01410
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01409
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01407
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01406
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01405
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01404
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01403
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01402
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01401
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01400
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01398
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01397
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01396
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01394
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01393
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01392
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01389
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01388
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01386
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01385
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01383
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01382
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01381
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01380
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01379
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01378
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01377
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01374
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01373
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01371
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01370
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01369
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01368
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01367
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01366
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01364
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01362
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01361
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01360
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01359
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01357
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01355
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01354
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01353
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01351
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01350
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01349
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01348
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01347
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01346
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01344
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01343
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01341
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01339
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01337
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01336
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01335
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01334
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01332
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01331
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01330
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01329
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01327
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01326
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01325
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01324
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01323
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01322
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01320
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01319
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01318
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01317
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01316
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01315
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01314
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01313
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01311
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01310
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01308
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01306
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01305
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01304
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01303
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01302
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01301
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01299
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01297
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01296
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01294
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01293
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01292
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01291
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01290
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01288
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01286
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01285
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01284
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01282
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01280
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01277
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01276
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01275
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01274
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01272
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01271
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01269
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01268
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01267
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01266
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01264
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01263
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01262
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01261
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01260
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01259
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01258
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01257
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01256
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01255
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01254
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01253
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01252
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01248
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01247
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01246
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01244
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01243
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01242
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01240
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01239
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01238
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01237
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01236
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01235
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01234
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01233
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01232
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01231
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01230
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01229
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01228
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01226
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01225
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01224
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01223
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01222
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01221
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01220
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01219
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01218
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01216
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01215
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01214
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01212
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01210
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01209
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01208
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01207
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01206
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01205
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01204
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01203
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01201
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01199
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01198
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01197
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01196
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01195
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01193
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01192
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01190
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01189
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01188
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01187
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01185
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01183
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01182
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01181
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01180
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01179
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01178
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01177
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01176
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01175
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01174
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01173
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01170
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01169
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01168
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01167
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01166
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01165
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01164
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01163
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01162
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01161
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01160
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01159
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01158
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01157
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01156
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01155
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01154
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01153
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01152
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01151
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01150
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01149
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01148
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01147
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01146
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01145
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01144
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01143
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01141
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01140
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01138
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01137
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01136
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01135
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01134
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01133
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01132
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01131
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01129
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01128
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01127
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01126
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01124
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01123
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01122
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01121
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01120
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01119
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01118
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01117
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01116
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01115
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01114
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01113
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01112
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01111
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01110
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01109
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01108
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01107
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01106
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01105
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01104
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01103
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01102
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01101
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01100
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01099
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01098
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01097
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01096
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01095
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01094
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01093
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01091
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01090
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01088
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01087
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01086
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01085
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01084
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01083
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01082
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01081
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01080
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01079
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01078
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01077
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01076
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01075
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01072
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01071
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01070
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01069
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01068
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01067
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01066
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01065
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01064
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01063
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01062
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01060
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01058
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01057
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01056
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01055
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01054
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01053
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01052
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01051
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01050
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01049
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01048
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01047
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01046
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01044
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01043
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01042
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01041
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01040
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01039
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01038
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01037
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01036
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01035
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01034
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01033
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01032
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01030
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01029
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01028
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01027
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01026
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01025
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01024
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01023
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01022
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01021
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01020
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01019
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01018
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01017
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01015
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01014
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01013
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01012
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01011
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01010
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01009
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01008
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01007
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01006
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01005
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01004
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01003
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01002
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01001
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg01000
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00999
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00998
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00997
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00996
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00995
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00994
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00992
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00991
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00990
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00989
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00988
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00987
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00986
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00985
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00983
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00982
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00981
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00980
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00979
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00978
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00977
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00976
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00975
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00974
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00973
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00972
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00971
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00970
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00969
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00968
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00967
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00966
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00964
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00963
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00962
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00961
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00960
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00958
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00957
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00956
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00955
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00954
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00953
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00952
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00951
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00950
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00949
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00948
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00947
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00946
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00945
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00944
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00943
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00942
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00941
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00940
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00939
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00938
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00937
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00936
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00935
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00934
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00933
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00932
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00931
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00930
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00929
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00928
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00927
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00926
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00925
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00924
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00923
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00922
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00921
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00920
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00919
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00918
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00917
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00916
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00915
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00914
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00913
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00912
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00911
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00910
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00909
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00908
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00907
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00906
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00905
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00904
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00903
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00902
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00901
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00900
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00899
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00898
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00897
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00896
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00895
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00894
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00893
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00892
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00891
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00890
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00888
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00887
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00886
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00885
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00884
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00883
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00882
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00881
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00880
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00879
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00878
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00877
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00875
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00874
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00873
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00872
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00871
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00870
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00869
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00868
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00867
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00866
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00865
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00864
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00863
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00862
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00861
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00860
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00859
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00858
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00857
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00856
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00855
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00854
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00853
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00852
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00851
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00850
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00849
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00848
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00847
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00846
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00845
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00844
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00843
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00842
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00841
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00840
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00839
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00838
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00837
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00836
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00835
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00834
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00833
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00832
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00831
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00830
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00829
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00828
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00827
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00826
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00825
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00824
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00823
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00822
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00821
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00820
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00818
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00817
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00816
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00815
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00814
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00813
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00812
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00811
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00810
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00809
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00808
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00807
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00806
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00805
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00804
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00803
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00802
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00801
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00800
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00799
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00798
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00797
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00796
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00795
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00794
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00793
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00792
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00791
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00790
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00789
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00788
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00787
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00786
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00784
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00783
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00782
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00781
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00780
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00779
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00778
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00777
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00776
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00775
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00774
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00773
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00772
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00771
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00770
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00769
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00768
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00767
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00766
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00765
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00764
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00763
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00762
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00761
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00760
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00759
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00758
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00757
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00756
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00754
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00753
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00752
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00751
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00750
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00749
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00748
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00747
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00746
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00744
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00743
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00742
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00741
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00740
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00739
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00738
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00736
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00735
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00734
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00733
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00732
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00731
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00730
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00729
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00728
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00727
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00726
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00725
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00720
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00719
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00718
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00717
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00716
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00715
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00714
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00713
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00712
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00711
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00710
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00709
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00708
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00707
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00706
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00705
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00704
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00703
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00702
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00701
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00700
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00699
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00698
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00697
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00696
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00695
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00694
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00693
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00692
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00691
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00690
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00689
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00688
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00687
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00686
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00685
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00684
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00683
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00682
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00681
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00680
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00679
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00678
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00677
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00676
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00675
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00674
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00673
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00672
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00671
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00670
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00669
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00668
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00667
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00666
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00665
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00664
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00663
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00662
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00661
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00660
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00659
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00658
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00657
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00656
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00655
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00654
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00653
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00652
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00651
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00650
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00649
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00648
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00647
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00646
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00645
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00644
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00643
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00642
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00641
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00640
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00639
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00638
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00637
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00636
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00635
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00634
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00633
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00632
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00631
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00630
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00629
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00628
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00627
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00626
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00625
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00624
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00623
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00622
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00621
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00620
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00619
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00618
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00617
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00616
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00615
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00614
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00613
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00612
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00611
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00610
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00609
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00608
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00607
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00606
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00605
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00604
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00603
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00602
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00601
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00596
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00595
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00594
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00593
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00592
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00591
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00590
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00589
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00588
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00587
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00586
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00585
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00584
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00583
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00582
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00581
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00580
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00579
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00578
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00577
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00576
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00575
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00574
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00573
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00572
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00571
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00570
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00569
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00568
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00567
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00566
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00565
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00564
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00563
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00562
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00561
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00560
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00559
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00558
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00557
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00556
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00555
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00554
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00553
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00552
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00551
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00550
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00549
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00548
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00547
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00546
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00545
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00544
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00543
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00542
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00541
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00540
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00539
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00538
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00537
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00536
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00535
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00534
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00533
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00532
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00531
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00530
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00529
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00528
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00527
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00526
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00525
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00524
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00523
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00522
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00521
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00520
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00519
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00518
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00517
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00516
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00515
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00514
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00513
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00512
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00511
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00510
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00509
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00508
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00507
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00506
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00505
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00504
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00503
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00502
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00501
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00500
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00499
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00498
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00497
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00496
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00495
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00494
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00493
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00492
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00491
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00490
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00489
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00488
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00487
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00486
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00485
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00484
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00483
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00482
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00481
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00480
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00479
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00478
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00477
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00476
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00475
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00474
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00473
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00472
snowman101178
2008-05-09, 19:24
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00471
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00470
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00469
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00468
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00467
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00466
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00465
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00464
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00463
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00462
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00461
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00460
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00459
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00458
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00457
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00456
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00455
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00454
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00453
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00452
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00451
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00450
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00449
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00448
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00447
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00446
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00445
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00444
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00443
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00442
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00441
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00440
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00439
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00438
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00437
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00436
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00435
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00434
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00433
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00432
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00431
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00430
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00429
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00428
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00427
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00426
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00425
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00424
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00423
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00422
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00421
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00420
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00419
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00418
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00417
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00416
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00415
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00414
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00413
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00412
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00411
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00410
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00409
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00408
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00407
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00406
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00405
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00404
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00403
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00402
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00401
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00400
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00399
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00398
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00397
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00396
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00395
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00394
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00393
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00392
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00391
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00390
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00389
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00388
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00387
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00386
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00385
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00384
2008-05-06 17:11 8192 --a--c--- C:\WINDOWS\ie8\reg00383
2008-05-06 17:11 364544 --a--c--- C:\WINDOWS\ie8\reg01413
2008-05-06 17:11 24576 --a--c--- C:\WINDOWS\ie8\reg01395
2008-05-06 17:11 16384 --a--c--- C:\WINDOWS\ie8\reg01399
2008-05-06 17:11 1310720 --a--c--- C:\WINDOWS\ie8\reg01390
2008-05-06 17:11 12288 --a--c--- C:\WINDOWS\ie8\reg01092
2008-05-06 17:11 11982 --a--c--- C:\WINDOWS\ie8\spuninst\spuninst.txt
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00382
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00381
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00380
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00379
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00378
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00377
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00376
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00375
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00374
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00373
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00372
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00371
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00370
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00369
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00368
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00367
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00366
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00365
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00364
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00363
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00362
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00361
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00360
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00359
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00358
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00357
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00356
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00355
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00354
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00353
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00352
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00351
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00350
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00349
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00348
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00347
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00346
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00345
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00344
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00342
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00341
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00340
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00339
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00338
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00337
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00336
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00335
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00334
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00333
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00332
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00331
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00330
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00329
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00328
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00327
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00326
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00325
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00324
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00323
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00322
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00321
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00320
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00319
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00318
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00317
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00316
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00315
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00314
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00313
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00312
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00311
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00310
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00309
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00308
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00307
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00306
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00305
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00304
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00303
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00302
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00301
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00300
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00299
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00298
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00297
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00296
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00294
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00292
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00291
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00290
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00289
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00288
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00287
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00286
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00285
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00284
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00283
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00282
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00281
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00280
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00279
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00278
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00277
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00276
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00275
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00274
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00273
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00272
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00271
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00270
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00269
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00268
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00267
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00266
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00265
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00264
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00263
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00260
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00259
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00258
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00257
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00255
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00254
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00253
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00252
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00251
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00250
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00249
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00248
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00247
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00246
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00245
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00244
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00243
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00242
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00240
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00238
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00237
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00234
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00233
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00232
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00231
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00230
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00229
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00228
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00227
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00224
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00223
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00222
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00220
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00219
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00218
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00217
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00216
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00214
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00212
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00211
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00210
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00209
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00208
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00207
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00206
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00203
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00201
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00200
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00199
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00198
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00196
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00194
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00193
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00192
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00191
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00190
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00189
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00188
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00187
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00186
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00185
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00184
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00183
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00182
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00181
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00180
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00179
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00178
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00177
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00176
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00175
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00174
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00173
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00172
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00171
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00170
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00169
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00168
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00167
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00165
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00164
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00163
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00162
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00161
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00158
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00157
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00156
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00155
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00154
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00153
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00152
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00150
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00148
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00147
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00146
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00145
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00144
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00143
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00142
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00141
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00140
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00139
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00138
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00137
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00136
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00135
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00134
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00133
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00132
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00131
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00129
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00128
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00127
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00126
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00125
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00124
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00122
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00121
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00120
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00119
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00118
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00117
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00116
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00115
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00114
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00113
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00112
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00110
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00109
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00108
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00107
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00106
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00104
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00103
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00102
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00099
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00098
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00097
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00096
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00095
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00094
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00093
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00092
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00091
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00090
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00089
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00088
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00087
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00086
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00085
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00084
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00083
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00082
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00081
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00080
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00079
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00078
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00077
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00074
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00073
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00072
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00071
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00070
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00069
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00068
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00067
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00066
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00065
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00064
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00063
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00062
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00061
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00060
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00059
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00058
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00057
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00056
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00055
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00054
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00053
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00052
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00051
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00050
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00049
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00048
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00047
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00046
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00045
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00044
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00043
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00042
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00041
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00040
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00039
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00038
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00037
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00036
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00035
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00034
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00033
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00032
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00031
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00029
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00027
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00026
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00024
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00023
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00022
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00021
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00020
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00018
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00016
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00015
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00014
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00013
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00012
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00011
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00010
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00008
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00007
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00006
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00004
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00003
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00002
2008-05-06 17:10 8192 --a--c--- C:\WINDOWS\ie8\reg00001
2008-05-06 17:10 12288 --a--c--- C:\WINDOWS\ie8\reg00009
2008-03-03 20:01 51784 --a--c--- C:\WINDOWS\ie8\spuninst\iecustom.dll
2008-03-01 18:36 3591680 --a--c--- C:\WINDOWS\ie8\mshtml.dll
2008-03-01 09:06 826368 --a--c--- C:\WINDOWS\ie8\wininet.dll
2008-03-01 09:06 671232 --a--c--- C:\WINDOWS\ie8\mstime.dll
2008-03-01 09:06 63488 --a--c--- C:\WINDOWS\ie8\icardie.dll
2008-03-01 09:06 6066176 --a--c--- C:\WINDOWS\ie8\ieframe.dll
2008-03-01 09:06 52224 --a--c--- C:\WINDOWS\ie8\msfeedsbs.dll
2008-03-01 09:06 478208 --a--c--- C:\WINDOWS\ie8\mshtmled.dll
2008-03-01 09:06 459264 --a--c--- C:\WINDOWS\ie8\msfeeds.dll
2008-03-01 09:06 44544 --a--c--- C:\WINDOWS\ie8\pngfilt.dll
2008-03-01 09:06 44544 --a--c--- C:\WINDOWS\ie8\iernonce.dll
2008-03-01 09:06 384512 --a--c--- C:\WINDOWS\ie8\iedkcs32.dll
2008-03-01 09:06 383488 --a--c--- C:\WINDOWS\ie8\ieapfltr.dll
2008-03-01 09:06 347136 --a--c--- C:\WINDOWS\ie8\dxtmsft.dll
2008-03-01 09:06 27648 --a--c--- C:\WINDOWS\ie8\jsproxy.dll
2008-03-01 09:06 267776 --a--c--- C:\WINDOWS\ie8\iertutil.dll
2008-03-01 09:06 233472 --a--c--- C:\WINDOWS\ie8\webcheck.dll
2008-03-01 09:06 230400 --a--c--- C:\WINDOWS\ie8\ieaksie.dll
2008-03-01 09:06 214528 --a--c--- C:\WINDOWS\ie8\dxtrans.dll
2008-03-01 09:06 193024 --a--c--- C:\WINDOWS\ie8\msrating.dll
2008-03-01 09:06 1831424 --a--c--- C:\WINDOWS\ie8\inetcpl.cpl
2008-03-01 09:06 153088 --a--c--- C:\WINDOWS\ie8\ieakeng.dll
2008-03-01 09:06 124928 --a--c--- C:\WINDOWS\ie8\advpack.dll
2008-03-01 09:06 1159680 --a--c--- C:\WINDOWS\ie8\urlmon.dll
2008-03-01 09:06 105984 --a--c--- C:\WINDOWS\ie8\url.dll
2008-03-01 09:06 102912 --a--c--- C:\WINDOWS\ie8\occache.dll
2008-02-29 04:55 70656 --a--c--- C:\WINDOWS\ie8\ie4uinit.exe
2008-02-29 04:55 625664 --a--c--- C:\WINDOWS\ie8\iexplore.exe
2008-02-15 01:44 161792 --a--c--- C:\WINDOWS\ie8\ieakui.dll
2008-01-11 11:35 371424 --a--c--- C:\WINDOWS\ie8\spuninst\updspapi.dll
2008-01-11 11:35 213216 --a--c--- C:\WINDOWS\ie8\spuninst\spuninst.exe
2007-10-16 16:17 781 --a--c--- C:\WINDOWS\ie8\spuninst\spuninst.exe.manifest
2007-07-12 19:31 765952 --a--c--- C:\WINDOWS\ie8\vgx.dll
2007-04-17 05:28 2455488 --a--c--- C:\WINDOWS\ie8\ieapfltr.dat
2007-01-31 02:47 991232 --a--c--- C:\WINDOWS\ie8\ieframe.dll.mui
2006-11-07 21:03 413696 --a--c--- C:\WINDOWS\ie8\vbscript.dll
2006-11-07 21:03 287744 --a--c--- C:\WINDOWS\ie8\ieproxy.dll
2006-11-07 21:03 191488 --a--c--- C:\WINDOWS\ie8\iepeers.dll
2006-11-07 21:03 180736 --a--c--- C:\WINDOWS\ie8\ieui.dll
2006-11-07 21:03 156160 --a--c--- C:\WINDOWS\ie8\msls31.dll
2006-11-07 03:27 2560 --a--c--- C:\WINDOWS\ie8\ieunatt.exe.mui
2006-11-07 03:26 92672 --a--c--- C:\WINDOWS\ie8\inseng.dll
2006-11-07 03:26 81920 --a--c--- C:\WINDOWS\ie8\iedkcs32.dll.mui
2006-11-07 03:26 7680 --a--c--- C:\WINDOWS\ie8\ieakeng.dll.mui
2006-11-07 03:26 71680 --a--c--- C:\WINDOWS\ie8\admparse.dll
2006-11-07 03:26 5632 --a--c--- C:\WINDOWS\ie8\admparse.dll.mui
2006-11-07 03:26 55296 --a--c--- C:\WINDOWS\ie8\iesetup.dll
2006-11-07 03:26 5120 --a--c--- C:\WINDOWS\ie8\iernonce.dll.mui
2006-11-07 03:26 4096 --a--c--- C:\WINDOWS\ie8\ie4uinit.exe.mui
2006-11-07 03:26 3584 --a--c--- C:\WINDOWS\ie8\inseng.dll.mui
2006-11-07 03:26 16896 --a--c--- C:\WINDOWS\ie8\iesetup.dll.mui
2006-11-07 03:26 102400 --a--c--- C:\WINDOWS\ie8\ieaksie.dll.mui
2006-11-07 03:25 266240 --a--c--- C:\WINDOWS\ie8\ieakui.dll.mui
2006-11-07 03:25 10240 --a--c--- C:\WINDOWS\ie8\advpack.dll.mui
2006-11-07 03:24 56483 --a--c--- C:\WINDOWS\ie8\ieuinit.inf
2006-11-07 03:24 448 --a--c--- C:\WINDOWS\ie8\install.ins
2006-10-17 12:06 78336 --a--c--- C:\WINDOWS\ie8\ieencode.dll
2006-10-17 12:06 443904 --a--c--- C:\WINDOWS\ie8\html.iec
2006-10-17 12:06 10752 --a--c--- C:\WINDOWS\ie8\html.iec.mui
2006-10-17 12:05 6144 --a--c--- C:\WINDOWS\ie8\winfxdocobj.exe.mui
2006-10-17 12:05 40960 --a--c--- C:\WINDOWS\ie8\licmgr10.dll
2006-10-17 12:05 4096 --a--c--- C:\WINDOWS\ie8\licmgr10.dll.mui
2006-10-17 12:05 206336 --a--c--- C:\WINDOWS\ie8\winfxdocobj.exe
2006-10-17 12:05 1273856 --a--c--- C:\WINDOWS\ie8\inetcpl.cpl.mui
2006-10-17 12:04 94208 --a--c--- C:\WINDOWS\ie8\webcheck.dll.mui
2006-10-17 12:04 90112 --a--c--- C:\WINDOWS\ie8\msrating.dll.mui
2006-10-17 12:04 69120 --a--c--- C:\WINDOWS\ie8\iedw.exe
2006-10-17 12:04 573440 --a--c--- C:\WINDOWS\ie8\iexplore.exe.mui
2006-10-17 12:04 5120 --a--c--- C:\WINDOWS\ie8\iedw.exe.mui
2006-10-17 12:04 32768 --a--c--- C:\WINDOWS\ie8\occache.dll.mui
2006-10-17 12:03 17408 --a--c--- C:\WINDOWS\ie8\corpol.dll
2006-10-17 12:02 131072 --a--c--- C:\WINDOWS\ie8\wininet.dll.mui
2006-10-17 12:01 331776 --a--c--- C:\WINDOWS\ie8\urlmon.dll.mui
2006-10-17 12:00 491520 --a--c--- C:\WINDOWS\ie8\jscript.dll
2006-10-17 11:58 8704 --a--c--- C:\WINDOWS\ie8\icardie.dll.mui
2006-10-17 11:58 4608 --a--c--- C:\WINDOWS\ie8\iepeers.dll.mui
2006-10-17 11:58 2560 --a--c--- C:\WINDOWS\ie8\msfeedsbs.dll.mui
2006-10-17 11:58 12288 --a--c--- C:\WINDOWS\ie8\msfeedssync.exe
2006-10-17 11:57 36352 --a--c--- C:\WINDOWS\ie8\imgutil.dll
2006-10-17 11:56 45568 --a--c--- C:\WINDOWS\ie8\mshta.exe
2006-10-17 11:56 2560 --a--c--- C:\WINDOWS\ie8\mshta.exe.mui
2006-10-17 11:56 237568 --a--c--- C:\WINDOWS\ie8\mshtml.dll.mui
2006-10-17 11:55 66560 --a--c--- C:\WINDOWS\ie8\tdc.ocx
2006-10-17 11:44 60416 --a--c--- C:\WINDOWS\ie8\hmmapi.dll
2006-10-17 11:44 32768 --a--c--- C:\WINDOWS\ie8\hmmapi.dll.mui
2006-10-17 11:35 3584 --a--c--- C:\WINDOWS\ie8\ieui.dll.mui
2006-10-17 11:28 57344 --a--c--- C:\WINDOWS\ie8\mshtmler.dll.mui
2006-10-17 11:28 48128 --a--c--- C:\WINDOWS\ie8\mshtmler.dll
2006-10-17 11:19 1383424 --a--c--- C:\WINDOWS\ie8\mshtml.tlb
2006-10-03 01:43 2402550 --a--c--- C:\WINDOWS\ie8\inetres.adm
2006-09-06 16:43 213216 --a--c--- C:\WINDOWS\ie8\spuninst.exe
2006-09-01 07:47 8636 --a--c--- C:\WINDOWS\ie8\windows feed discovered.wav
2006-09-01 07:47 29444 --a--c--- C:\WINDOWS\ie8\windows pop-up blocked.wav
2006-09-01 07:47 2202 --a--c--- C:\WINDOWS\ie8\windows navigation start.wav
2006-09-01 07:47 20336 --a--c--- C:\WINDOWS\ie8\windows information bar.wav
2006-09-01 07:43 54197 --a--c--- C:\WINDOWS\ie8\ieakmmc.chm
((((((((((((((((((((((((((((( snapshot@2008-05-08_16.33.32.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-08 20:21:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 05:03:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-08 15:52:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-09 01:45:38 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-08 15:52:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-09 01:45:38 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-08 15:52:52 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-09 01:45:38 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C2EC0AC-8F8D-4411-BE76-CF4BB88194F1}]
C:\WINDOWS\system32\qoMfeffD.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"combofix"="C:\WINDOWS\system32\CF14653.exe" [2004-08-04 03:56 388608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Wtrn"="C:\PROGRA~1\COMMON~1\CROSOF~1.NET\fast.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"= 1 (0x1)
"Mn@mlrf"= 1 (0x1)
"MnOndNeg"= 1 (0x1)
"MnQtm"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-04-11 07:42 2075584 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0\AOL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
--------- 2004-11-30 11:00 135168 C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--------- 2003-06-18 01:00 45056 C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-08-07 18:10 16384 C:\WINDOWS\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
--------- 1999-10-10 13:00 41984 C:\WINDOWS\CTRegRun.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2005-08-07 18:10 18944 C:\WINDOWS\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-02-01 16:32 8699904 C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet]
--a------ 2005-01-11 22:09 2572288 C:\Program Files\Hello\Hello.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
--------- 2005-06-16 18:25 49152 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2007-03-01 19:55 4865600 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
--------- 2005-07-11 11:34 122880 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
--a------ 2005-06-10 09:43 1095680 C:\Program Files\Webroot\Washer\wwDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-11-06 20:51 3810544 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2a\\RpcAgentSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2a\\WNt500x86\\RpcSandraSrv.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-04-20 08:44]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-14 16:50]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe [2008-04-10 11:53]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 17:54]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 22:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-15 05:56:11 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-05-01 05:01:12 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
"2008-05-09 05:06:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 01:08:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
.
**************************************************************************
.
Completion time: 2008-05-09 1:21:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-09 05:20:35
ComboFix2.txt 2008-05-08 20:35:05
Pre-Run: 50,857,525,248 bytes free
Post-Run: 50,912,382,976 bytes free
1715 --- E O F --- 2008-05-02 04:44:38
Rorschach112
2008-05-09, 20:49
Hello
Please download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Also post a new HijackThis log
snowman101178
2008-05-10, 01:53
Malwarebytes' Anti-Malware 1.12
Database version: 737
Scan type: Quick Scan
Objects scanned: 37905
Time elapsed: 7 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\LocalService\Desktop\Click to Find and Fix Errors.url (Rogue.Link) -> Quarantined and deleted successfully.
Logfile of HijackThis v1.99.1
Scan saved at 6:52:46 PM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Brian\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0C2EC0AC-8F8D-4411-BE76-CF4BB88194F1} - C:\WINDOWS\system32\qoMfeffD.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176414129109
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177284942609
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
Rorschach112
2008-05-10, 02:06
Hello
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
O2 - BHO: (no name) - {0C2EC0AC-8F8D-4411-BE76-CF4BB88194F1} - C:\WINDOWS\system32\qoMfeffD.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Reboot and post a new HijackThis log and tell me how your PC is running
snowman101178
2008-05-10, 02:59
Malwarebytes' Anti-Malware 1.12
Database version: 737
Scan type: Quick Scan
Objects scanned: 37905
Time elapsed: 7 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\LocalService\Desktop\Click to Find and Fix Errors.url (Rogue.Link) -> Quarantined and deleted successfully.
Logfile of HijackThis v1.99.1
Scan saved at 7:59:03 PM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Brian\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0C2EC0AC-8F8D-4411-BE76-CF4BB88194F1} - C:\WINDOWS\system32\qoMfeffD.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176414129109
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177284942609
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
snowman101178
2008-05-10, 03:02
opps sorry disreguard the last post.....here is the last HIJACK after deleting those 3 files
Logfile of HijackThis v1.99.1
Scan saved at 8:01:52 PM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176414129109
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177284942609
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
Rorschach112
2008-05-10, 03:12
Your logs are clean ! We need to do a few things
Follow these steps to uninstall Combofix and tools used in the removal of malware
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.
* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.
Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here (http://java.sun.com/javase/downloads/index.jsp)
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html) protects against bad ActiveX
IE-SPYAD (http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe) puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)
* SpywareGuard (http://www.javacoolsoftware.com/sgdownload.html) offers realtime protection from spyware installation attempts.
Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here (http://www.mozilla.org/products/firefox/)
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here (http://forums.spywareinfo.com/index.php?showtopic=60955)
Thank you for your patience, and performing all of the procedures requested.
snowman101178
2008-05-10, 05:27
Thank you sooooooo much for your help in this matter, i cant say that enough......Brian
Rorschach112
2008-05-10, 14:37
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.