View Full Version : Infected With Virtumonde
I have run Spybot and it keeps finding virtumonde. Ten days ago, I installed Amazon's MP3 Downloader and began downloading music files. Virtumonde showed up 3 days ago.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:22 AM, on 11/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\srvdpi.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Documents and Settings\Doug\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5517f2dc-b6dc-44ff-9343-10b5aae0d75f} - C:\WINDOWS\system32\jopiroka.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [yapuhayuyu] Rundll32.exe "C:\WINDOWS\system32\balayenu.dll",s
O4 - HKLM\..\Run: [686f8e8b] rundll32.exe "C:\WINDOWS\system32\tohuzeno.dll",b
O4 - HKLM\..\Run: [CPM6b5cbd17] Rundll32.exe "c:\windows\system32\rukamuwe.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wise-FTP Scheduler] C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [yapuhayuyu] Rundll32.exe "C:\WINDOWS\system32\balayenu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [yapuhayuyu] Rundll32.exe "C:\WINDOWS\system32\balayenu.dll",s (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://www.gmbuypower.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {11db1696-ff76-4f60-9261-82a711be6de5} - C:\WINDOWS\system32\mst120.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\redivipo.dll c:\windows\system32\namiviko.dll c:\windows\system32\rukamuwe.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rukamuwe.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rukamuwe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: DPI Assistant Service (srvdpi) - Ositech Communiction, Inc. - C:\WINDOWS\system32\srvdpi.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Doug/My%20Documents/My%20Web%20Page/Images/Teton.jpg
--
End of file - 10699 bytes
pskelley
2008-11-28, 13:33
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.
You have a nasty infection, if you still need help, proceed like this.
1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)
2) You are running two antivirus programs at the same time and this is not a good thing.
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp
Symantec and AVG 8 <<< uninstall one of those before you post another HijackThis log.
3) Appears the directions were not read, HJT is located unsafely. Follow these instructions to fix that.
Download Trend Micro Hijack This™ to your Desktop
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log. <<< close HJT until needed later.
4) Post an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5) http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions.
Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
Post the C:\rapport.txt amd the uninstall list.
Thanks
Thank you an your colleagues for helping us fix our infected computers.
2) You are running two antivirus programs...
Over a year ago, when I switched from Norton Antivirus to AVG, I uninstalled Norton. When I went to uninstall the Live Update Notice, I got a message telling me that some Norton components were still on my computer and Live Update should not be removed while these Norton components remained on my computer.
Today, I went ahead and uninstalled the Live Update Notice. It still remained on the Add and Remove list. I uninstalled it again and received the message "Fatal error during installation" but it was removed from the Add and Remove list. I rebooted.
When I created the uninstall list that you asked for, I noticed an item, Symantec KB-DocID:2003093015493306. I then went to Control Panel and displayed the Add and Remove list and that item did not show up.
I have correctly installed HiJackThis and noticed that there are still residual items related to Symantec (Norton) and I do not know how to remove these.
I have disabled TeaTimer.
Here is the uninstall list. I will post rapport.txt in a separate reply.
1st Pricing
AAA Map'n'Go 6.0
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.3
ArcSoft Software Suite
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
AVG 8.0
CD/DVD Drive Acoustic Silencer
Cda Product Service - shared component
C-Major Audio
DeLorme Phone Data 2009
DeLorme Street Atlas USA 2006
DeLorme Street Atlas USA 2006 Data
DeLorme Street Atlas USA 2009 Plus
DeLorme Topo USA 6.0
DeLorme Topo USA 6.0 DVD Data
DVD-RAM Driver
FastStone Image Viewer 3.4
Google Earth
Google Toolbar for Internet Explorer
Hawking Hi-Gain Wireless-G USB Dish Adapter
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Solution Center 7.0
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 4
Lernout & Hauspie TruVoice American English TTS Engine
Macromedia Flash Player 8
Metamail (Toshiba Registration Utility)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Access 2000 Runtime
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mobile Broadband Drivers
Mobile Protégé
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyConnect Special Offer
Network Stumbler 0.4.0 (remove only)
OCR Software by I.R.I.S 7.0
Office 2003 Trial Assistant
Ositech DPI Assistant
Ositech Retail PILOT
Pawn 2
PlayLinc
Quicken Deluxe 2000
QuickTime
RealPlayer Basic
RVer's Notebook
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SmartFTP Client
SmartFTP Client 2.0 Setup Files (remove only)
SmartFTP Client 3.0 Setup Files (remove only)
Sonic DLA
Sonic RecordNow!
Sony Picture Utility
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Starry Night Backyard 4
Street Atlas USA 8.0
Symantec KB-DocID:2003093015493306
TextPad 4
TomTom HOME
Topo USA 2.0
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Display Devices Change Utility
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA Password Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Q4 Retail Demo ScreenSaver
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA TouchPad On/Off Utility V2.05.01
TOSHIBA Utilities
TOSHIBA Zooming Utility
TotalAccess Smart Installer
TurboCAD Deluxe v11.2
TurboCAD Symbols
U.S. Military Campgrounds Directory
U.S. Military Campgrounds Directory
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VC_MergeModuleToMSI
Verizon Broadband Toolbar
Verizon Online Help & Support
Verizon Servicepoint 1.3.21
Viewpoint Media Player
VZAccess Manager
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Wise-FTP
Yahoo! Music Engine
SmitFraudFix v2.378
Scan done at 10:29:42.81, Fri 11/28/2008
Run from C:\Documents and Settings\Doug\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\srvdpi.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Documents and Settings\Doug\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Doug
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Doug\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Doug\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Doug\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Google\googletoolbar1.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/Documents%20and%20Settings/Doug/My%20Documents/My%20Web%20Page/Images/Teton.jpg"
"SubscribedURL"="file:///C:/Documents%20and%20Settings/Doug/My%20Documents/My%20Web%20Page/Images/Teton.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"="STS"
[HKEY_CLASSES_ROOT\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\rukamuwe.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\rukamuwe.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll C:\\WINDOWS\\system32\\redivipo.dll c:\\windows\\system32\\namiviko.dll c:\\windows\\system32\\rukamuwe.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Atheros AR5005G Wireless Network Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
DNS Server Search Order: 192.168.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{15BC8749-047F-428A-B33B-9C3D02D1D798}: DhcpNameServer=192.168.0.1 192.168.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{15BC8749-047F-428A-B33B-9C3D02D1D798}: DhcpNameServer=192.168.0.1 192.168.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{15BC8749-047F-428A-B33B-9C3D02D1D798}: DhcpNameServer=192.168.0.1 192.168.0.2
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
pskelley
2008-11-28, 19:04
Thanks for returning this information, looking at the uninstall list first.
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.
Adobe Reader 7.0.9 <<< out of date and being exploited, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows
http://www.foxitsoftware.com/pdf/rd_intro.php
J2SE Runtime Environment 5.0 Update 4
Out of date, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php
Spybot - Search & Destroy 1.4 <<< uninstall this old version
Viewpoint Media Player <<< suggested uninstall, see this:
For your information, Viewpoint is installed by aol probably without your knowledge.
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
Thanks for returning your information, After we clean, in the next C:\rapport.txt, there may be a very large hosts file
(items starting with 127.0.0.1) and I do not need to see it. Edit (remove) it from the C:\rapport.txt before you post it.
Clean: Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click SmitfraudFix.exe
Select 2 and hit Enter to delete infected files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
Optional:
To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
Post the C:\rapport.txt and a new HJT log.
Thanks
I uninstalled Spybot - Search & Destroy 1.4 but that deleted the only shortcut I had on my desktop and the shortcut I had in my Spybot folder in the All Programs list. The Spybot folder in the Program Files folder contains several *.exe files but I am unable to determine which is the correct one.
I uninstalled Viewpoint Media Player.
The rapport.txt file contained only on line starting with 127.0.0.1 and I left it in the file.
During SmitfraudFix, there was no reference to wininet.dll
It was unclear if I should remain in Safe Mode to run HiJackThis so I rebooted into Normal mode and ran HJT.
Since becoming infected with Virtumonde, at the end of bootup, I have have had 2 popup RUNDLL windows:
Error loading C:\Windows\system32\balgyenu.dll
and
Error loading C:\Windows\system32\tohuzeno.dll
I still have these popup windows.
SmitFraudFix v2.378
Scan done at 13:38:38.23, Fri 11/28/2008
Run from C:\Documents and Settings\Doug\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"="STS"
[HKEY_CLASSES_ROOT\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\rukamuwe.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\rukamuwe.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Program Files\Google\googletoolbar1.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{15BC8749-047F-428A-B33B-9C3D02D1D798}: DhcpNameServer=192.168.0.1 192.168.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{15BC8749-047F-428A-B33B-9C3D02D1D798}: DhcpNameServer=192.168.0.1 192.168.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{15BC8749-047F-428A-B33B-9C3D02D1D798}: DhcpNameServer=192.168.0.1 192.168.0.2
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"="STS"
[HKEY_CLASSES_ROOT\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\rukamuwe.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\rukamuwe.dll"
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:30, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\srvdpi.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5517f2dc-b6dc-44ff-9343-10b5aae0d75f} - C:\WINDOWS\system32\jopiroka.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [yapuhayuyu] Rundll32.exe "C:\WINDOWS\system32\balayenu.dll",s
O4 - HKLM\..\Run: [686f8e8b] rundll32.exe "C:\WINDOWS\system32\tohuzeno.dll",b
O4 - HKLM\..\Run: [CPM6b5cbd17] Rundll32.exe "c:\windows\system32\rukamuwe.dll",a
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wise-FTP Scheduler] C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [yapuhayuyu] Rundll32.exe "C:\WINDOWS\system32\balayenu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [yapuhayuyu] Rundll32.exe "C:\WINDOWS\system32\balayenu.dll",s (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://www.gmbuypower.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {11db1696-ff76-4f60-9261-82a711be6de5} - C:\WINDOWS\system32\mst120.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\redivipo.dll c:\windows\system32\namiviko.dll c:\windows\system32\rukamuwe.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rukamuwe.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rukamuwe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: DPI Assistant Service (srvdpi) - Ositech Communiction, Inc. - C:\WINDOWS\system32\srvdpi.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 9255 bytes
Since I cannot edit my posts, the following line
Error loading C:\Windows\system32\balgyenu.dll
should read
Error loading C:\Windows\system32\balayenu.dll
pskelley
2008-11-28, 21:53
I uninstalled Spybot - Search & Destroy 1.4 but that deleted the only shortcut I had on my desktop and the shortcut I had in my Spybot folder in the All Programs list. The Spybot folder in the Program Files folder contains several *.exe files but I am unable to determine which is the correct one.
To be safe, uninstall everything and download it fresh from here:
Please be sure Spybot S&D is up to date and fully immunized.
Spybot-S&D 1.6 has arrived! 8. July 2008
http://www.safer-networking.org/en/
http://www.safer-networking.org/en/news/2008-07-08.html
http://www.safer-networking.org/en/faq/index.html
You still have old Symantec running that needs to be uninstalled:
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
If you can't uninstall, Symantec makes this tool available.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=
You may wait until we remove the malware if you wish, I understand it is hard to do stuff with that junk on the computer.
You may remove (delete) Smitfraudfix, we are finished with that tool.
I should say that I still see the old Java program in this latest HJT log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Thanks
J2SE Runtime Environment 5.0 Update 4
Out of date, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
When I go to the link above, it directs me to a website to download Java Runtime Environment (JRE) SE 6 Update 7. When I go there, the only Java Runtime Environment (JRE) SE 6 Update 7 is for the Intel Itanium, which I don't have. So I selected download for Java SE Runtime Environment (JRE) 6 Update 10. When I do this, it asks me for a platform. I don't know whether to select Windows or Windows x64.
pskelley
2008-11-28, 23:34
Skip the Java installation for now, complete the balance of the instructions.
I have been using my wife's laptop to perform tasks that required Internet access, such as using this forum and downloading files. I have been transferring files between computers using a flash memory (USB memory stick). Now, my wife's computer won't display Internet Explorer. When I attempt to start IE, the hourglass appears for a few seconds as if it is loading, but nothing shows up on the screen or the taskbar. If I go to Windows Task Manager, I can see IE on the list of processes. If I try several times to start IE, I can see more than on IE item on the list of processes.
I will continue with your instructions on my computer.
You still have old Symantec running that needs to be uninstalled:
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
If you can't uninstall, Symantec makes this tool available.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=
When I go to the above link, it wants to know the version of the original Norton product that was installed on my computer and the Product Key. Since I uninstalled this maybe two years ago, I do not have this information.
Also, on my wife's computer, TeaTimer was using 99% of CPU time so I disabled TeaTimer on that computer.
ComboFix 08-11-28.02 - Doug 2008-11-28 17:46:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1555 [GMT -6:00]
Running from: c:\documents and settings\Doug\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\index.dat
c:\program files\Common\helper.dll
c:\program files\Common\helper.sig
c:\windows\system32\folopaga.dll
c:\windows\system32\mst120.dll
c:\windows\system32\neyivobu.dll
c:\windows\system32\ogoputow.ini
c:\windows\system32\rukamuwe.dll
c:\windows\system32\sofofuhi.dll
c:\windows\system32\uboviyen.ini
c:\windows\system32\vekesuwo.dll
----- BITS: Possible infected sites -----
hxxp://77.74.48.105
.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.
2008-11-28 13:31 . 2005-11-14 19:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-11-28 13:31 . 2005-11-14 18:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\toshiba
2008-11-28 13:31 . 2005-11-14 18:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intuit
2008-11-28 13:31 . 2005-11-14 19:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InterVideo
2008-11-28 13:31 . 2007-01-15 19:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL
2008-11-28 13:31 . 2008-11-28 13:31 <DIR> d-------- c:\documents and settings\Administrator
2008-11-28 10:29 . 2008-11-28 13:39 2,542 --a------ c:\windows\system32\tmp.reg
2008-11-28 09:56 . 2008-11-28 09:56 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 13:04 . 2008-11-28 17:46 <DIR> d-------- c:\program files\Common
2008-11-24 17:10 . 2008-11-24 17:10 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-24 17:10 . 2008-11-24 17:10 1,409 --a------ c:\windows\QTFont.for
2008-11-16 19:17 . 2008-11-16 19:17 <DIR> d-------- c:\documents and settings\Doug\Application Data\Amazon
2008-11-16 19:16 . 2008-11-16 19:16 <DIR> d-------- c:\program files\Amazon
2008-11-12 07:41 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 07:41 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-28 19:39 --------- d-----w c:\program files\Google
2008-11-28 19:26 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-28 19:22 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-28 15:26 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-28 15:21 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-21 14:16 --------- d-----w c:\program files\FastStone Image Viewer
2008-11-06 13:21 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-10-30 12:08 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-01 11:46 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-06-05 03:21 94 ----a-w c:\documents and settings\Doug\Application Data\wklnhst.dat
2006-11-03 20:57 0 ----a-w c:\documents and settings\Doug\remote.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-r 313,472 2006-03-30 20:45:08 c:\program files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
----a-w 196,608 2004-03-24 06:40:42 c:\program files\Apoint2K\bak\Apoint.exe
----a-w 68,856 2007-06-14 11:18:44 c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
----a-w 49,152 2006-02-19 06:41:10 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 98,304 2005-11-15 01:00:52 c:\program files\QuickTime\bak\qttask.exe
----a-w 122,880 2005-04-27 00:13:20 c:\program files\Toshiba\TOSHIBA Zooming Utility\bak\SmoothView.exe
----a-w 126,976 2005-06-29 04:43:00 c:\program files\Toshiba\TouchED\bak\TouchED.Exe
----a-w 1,880,064 2006-02-01 22:33:38 c:\program files\Verizon\Servicepoint\bak\VerizonServicepoint.exe
----a-w 50,744 2005-05-23 17:20:28 c:\program files\Verizon Online\Help Support\bak\VERIZO~1.EXE
----a-w 151,552 2005-03-18 01:37:26 c:\toshiba\IVP\ISM\bak\pinger.exe
----a-w 245,760 2005-03-01 08:43:22 c:\windows\system32\bak\00THotkey.exe
----a-w 15,360 2004-08-04 12:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 c:\windows\system32\ctfmon.exe
----a-w 77,824 2005-06-08 18:59:06 c:\windows\system32\bak\hkcmd.exe
----a-w 114,688 2005-06-08 19:03:08 c:\windows\system32\bak\igfxpers.exe
----a-w 94,208 2005-06-08 19:02:22 c:\windows\system32\bak\igfxtray.exe
----a-w 122,941 2005-05-31 13:33:00 c:\windows\system32\dla\bak\tfswctrl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Wise-FTP Scheduler"="c:\program files\AceBIT\WISE-FTP\WF_Scheduler.exe" [2003-08-29 1246720]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 206184]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]
"yapuhayuyu"="c:\windows\system32\balayenu.dll" [N/A]
"686f8e8b"="c:\windows\system32\tohuzeno.dll" [N/A]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [N/A]
"000StTHK"="000StTHK.exe" [2001-06-23 06:28 24576 c:\windows\system32\000StTHK.exe]
"TPSMain"="TPSMain.exe" [2005-08-09 c:\windows\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2005-08-09 c:\windows\system32\TPSODDCtl.exe]
"TFNF5"="TFNF5.exe" [2004-12-15 c:\windows\system32\TFNF5.exe]
"TFncKy"="TFncKy.exe" [N/A]
"NDSTray.exe"="NDSTray.exe" [N/A]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 c:\windows\agrsmmsg.exe]
"Wise-FTP Scheduler"="" [N/A]
c:\documents and settings\Doug\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-11 59080]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-04-21 344064]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2006-03-20 36864]
Hawking Wireless Utility.lnk - c:\program files\Hawking\HWU8DD\HWU8DD.exe [2007-08-24 483328]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2006-03-20 36864]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-14 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-04-08 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-04-08 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-04-08 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-04-08 231704]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\mrtRate.sys [2006-03-20 34916]
R3 NWADI;NWADI Bus Enumerator;c:\windows\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\BRGSp50.sys [2007-08-24 20608]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\NSNDIS5.SYS [2004-03-23 17280]
S3 otcsercb;Ositech Windows 2000 Modem Driver;c:\windows\system32\DRIVERS\otcserrt.sys [2006-03-22 60170]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\system32\DRIVERS\zd1211Bu.sys [2007-08-24 402432]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dae2d08d-fa75-11dc-8ce0-0011f5e4e045}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{5517f2dc-b6dc-44ff-9343-10b5aae0d75f} - c:\windows\system32\jopiroka.dll
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 17:50:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\system32\acs.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\SRVDPI.EXE
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgtray.exe
.
**************************************************************************
.
Completion time: 2008-11-28 17:55:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-28 23:54:58
Pre-Run: 11,058,401,280 bytes free
Post-Run: 11,383,590,912 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
194 --- E O F --- 2008-11-12 20:21:43
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:24, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\srvdpi.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [yapuhayuyu] Rundll32.exe "C:\WINDOWS\system32\balayenu.dll",s
O4 - HKLM\..\Run: [686f8e8b] rundll32.exe "C:\WINDOWS\system32\tohuzeno.dll",b
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wise-FTP Scheduler] C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - S-1-5-18 Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://www.gmbuypower.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: DPI Assistant Service (srvdpi) - Ositech Communiction, Inc. - C:\WINDOWS\system32\srvdpi.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8539 bytes
pskelley
2008-11-29, 01:39
First let me say I can help with one computer at a time. If you have issues with another computer, my suggestion would be to wait until this one is running as it should, then start a new topic AFTER following "Before you Post" instructions.
Now that I have the combofix log, I can see that you have a very bad infection calld AWF that infects your programs. The last thing I would suggest, but it is probably to late now, would be to put that flash memory in the infected computer and then in an uninfected computer. You have likely infected it. We will disinfect that flash drive at some point, but now we must concentrate on this infection.
http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Downloader.Win32.Agent.awf&threatid=70517
http://www.google.com/search?hl=en&q=Trojan.AWF+&btnG=Google+Search&aq=f&oq=
combofix will usually repair that infection, if it does not there is a very complex manual removal, so keep your fingers crossed!
Please read and follow these instructions carefully and in the numbered order. Please take the time you need to be careful, do not rush with complex instructions.
1) Disable the Service
Click Start > Run and type services.msc
Scroll down to Symantec Core LC and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.
2) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.
3) Open notepad and copy/paste the text in the codebox below into it:
AWF::
c:\toshiba\IVP\ISM\bak\pinger.exe
c:\program files\QuickTime\bak\qttask.exe
c:\program files\Apoint2K\bak\Apoint.exe
c:\program files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
c:\program files\Toshiba\TOSHIBA Zooming Utility\bak\SmoothView.exe
c:\program files\Toshiba\TouchED\bak\TouchED.Exe
c:\program files\Verizon\Servicepoint\bak\VerizonServicepoint.exe
c:\program files\Verizon Online\Help Support\bak\VERIZO~1.EXE
c:\windows\system32\bak\00THotkey.exe
c:\windows\system32\bak\ctfmon.exe
c:\windows\system32\bak\hkcmd.exe
c:\windows\system32\bak\igfxpers.exe
c:\windows\system32\bak\igfxtray.exe
c:\windows\system32\dla\bak\tfswctrl.exe
File::
C:\WINDOWS\system32\balayenu.dll
C:\WINDOWS\system32\tohuzeno.dll
Folder::
C:\Program Files\Common Files\Symantec Shared
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Symantec
Save this as CFScript
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the picture above, drag CFScript into ComboFix.exe.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)
4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O4 - HKLM\..\Run: [yapuhayuyu] Rundll32.exe "C:\WINDOWS\system32\balayenu.dll",s
O4 - HKLM\..\Run: [686f8e8b] rundll32.exe "C:\WINDOWS\system32\tohuzeno.dll",b
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe G
Close all programs but HJT and all browser windows, then click on "Fix Checked"
5) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html
6) Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the log from CFScript, the log from MBAM and a new HJT log.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html
How is the computer running?
Thanks
4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O4 - HKLM\..\Run: [yapuhayuyu] Rundll32.exe "C:\WINDOWS\system32\balayenu.dll",s
O4 - HKLM\..\Run: [686f8e8b] rundll32.exe "C:\WINDOWS\system32\tohuzeno.dll",b
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe G
Close all programs but HJT and all browser windows, then click on "Fix Checked"
None of these items were in the resulting HJT file. I went ahead and ran the ATF Cleaner and Malwarebytes' Anti-Malware.
Here is the "Do A System Scan Only" HJT file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:02, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\srvdpi.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wise-FTP Scheduler] C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - S-1-5-18 Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: DPI Assistant Service (srvdpi) - Ositech Communiction, Inc. - C:\WINDOWS\system32\srvdpi.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
--
End of file - 7783 bytes
This file is more than 64000 characters so I had to break it up into 2 parts.
ComboFix 08-11-28.02 - Doug 2008-11-28 19:01:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1593 [GMT -6:00]
Running from: c:\documents and settings\Doug\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Doug\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\system32\balayenu.dll
c:\windows\system32\tohuzeno.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{19967128-02CD-4234-B504-C4BACD1946B1}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{19967128-02CD-4234-B504-C4BACD1946B1}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{32FCEE0F-371C-4736-9E59-4FDB3B70B1AB}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{32FCEE0F-371C-4736-9E59-4FDB3B70B1AB}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{38174548-B228-45CB-A028-D1D04E976E9A}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{38174548-B228-45CB-A028-D1D04E976E9A}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{4C973D87-0F68-4024-9F39-4C585F178CD5}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{4C973D87-0F68-4024-9F39-4C585F178CD5}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{54F1FFF5-C0B7-4057-B9CA-C5F6A8F5CDD9}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{54F1FFF5-C0B7-4057-B9CA-C5F6A8F5CDD9}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{7015A076-9FD8-4C61-8283-A62837C52B74}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{7015A076-9FD8-4C61-8283-A62837C52B74}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{76669C6A-D540-40FA-9A49-62FDAF8910C1}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{76669C6A-D540-40FA-9A49-62FDAF8910C1}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{A4510CEE-193D-48E9-B3CE-3FDD0C43C4AA}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{A4510CEE-193D-48E9-B3CE-3FDD0C43C4AA}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{D8CBC06F-E260-41F3-A953-96DB3AA52B8E}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{D8CBC06F-E260-41F3-A953-96DB3AA52B8E}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{D993DC47-166B-40B5-BA64-45638414761B}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{D993DC47-166B-40B5-BA64-45638414761B}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{E6111D84-8B67-48E7-AE2D-BCAC1296054B}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{E6111D84-8B67-48E7-AE2D-BCAC1296054B}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{EFBB1AF5-001B-49BA-8323-6A9C3EB810E0}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{EFBB1AF5-001B-49BA-8323-6A9C3EB810E0}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{1FDB3E28-766C-4290-B4AD-4E481392C1C0}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{1FDB3E28-766C-4290-B4AD-4E481392C1C0}\{1444375A-AC76-423C-ACEC-7E4BE9B73998}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{1FDB3E28-766C-4290-B4AD-4E481392C1C0}\{1444375A-AC76-423C-ACEC-7E4BE9B73998}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{1FDB3E28-766C-4290-B4AD-4E481392C1C0}\{2290AEF7-FC47-4048-B4F7-8680FDC6A349}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{1FDB3E28-766C-4290-B4AD-4E481392C1C0}\{2290AEF7-FC47-4048-B4F7-8680FDC6A349}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{1FDB3E28-766C-4290-B4AD-4E481392C1C0}\{35E87F25-5A09-46E0-8BB1-999F58923AAD}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{1FDB3E28-766C-4290-B4AD-4E481392C1C0}\{35E87F25-5A09-46E0-8BB1-999F58923AAD}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{1FDB3E28-766C-4290-B4AD-4E481392C1C0}\{98556BD4-CD55-4B75-AD11-CF01C1988B55}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{1FDB3E28-766C-4290-B4AD-4E481392C1C0}\{98556BD4-CD55-4B75-AD11-CF01C1988B55}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{1FDB3E28-766C-4290-B4AD-4E481392C1C0}\{B6363433-D8F3-4678-8782-F3318833E95D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{1FDB3E28-766C-4290-B4AD-4E481392C1C0}\{B6363433-D8F3-4678-8782-F3318833E95D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{1FDB3E28-766C-4290-B4AD-4E481392C1C0}\{BEB94145-E094-462A-B68E-DB0A09CCAE63}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{1FDB3E28-766C-4290-B4AD-4E481392C1C0}\{BEB94145-E094-462A-B68E-DB0A09CCAE63}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{08BAF9FE-BDDF-461D-8A11-CDFB2902D9C9}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{08BAF9FE-BDDF-461D-8A11-CDFB2902D9C9}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{300B2F9C-2782-47A7-8AC4-EDB05F9C7E5E}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{300B2F9C-2782-47A7-8AC4-EDB05F9C7E5E}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{3CEE2671-5D96-45DB-9F46-9F6D8054DEC6}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{3CEE2671-5D96-45DB-9F46-9F6D8054DEC6}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{4B3469AE-3870-403F-A607-4FD909BDF115}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{4B3469AE-3870-403F-A607-4FD909BDF115}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{4B6EA979-9BAF-43B6-9639-16367ADDFC2C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{4B6EA979-9BAF-43B6-9639-16367ADDFC2C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{5BFF266B-F998-432F-A098-FED1491FB23F}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{5BFF266B-F998-432F-A098-FED1491FB23F}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{6FC189CF-186C-440D-80FA-F27B6791D7B5}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{6FC189CF-186C-440D-80FA-F27B6791D7B5}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{7449F576-DC6B-4148-BDBF-F32C2836B089}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{7449F576-DC6B-4148-BDBF-F32C2836B089}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{7D410977-2194-4F00-8F5A-EA093A882447}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{7D410977-2194-4F00-8F5A-EA093A882447}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{B92DA6B7-0B10-4133-B744-8D5CE6B56A35}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{B92DA6B7-0B10-4133-B744-8D5CE6B56A35}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{BFE91FD5-E21C-4550-B3E9-260977EAF351}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{BFE91FD5-E21C-4550-B3E9-260977EAF351}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{C8FCBBB2-FE7B-48E5-AD78-AEB559644786}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{C8FCBBB2-FE7B-48E5-AD78-AEB559644786}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{C98E846E-1DB0-489E-A84E-2A7C00E4489B}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{C98E846E-1DB0-489E-A84E-2A7C00E4489B}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{D997A155-5332-4E32-8C1A-25A402C628F7}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{D997A155-5332-4E32-8C1A-25A402C628F7}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{DB3FD0E3-DC1A-46E1-B26F-67B36046C57D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{DB3FD0E3-DC1A-46E1-B26F-67B36046C57D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{DD3D0A8A-5796-494A-97AE-9C68C343478E}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{DD3D0A8A-5796-494A-97AE-9C68C343478E}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{E3832867-A144-4ABF-94C3-B40BBEF6210E}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{E3832867-A144-4ABF-94C3-B40BBEF6210E}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{E6A885FA-946E-4932-B09F-3A530EF1005E}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{248BD00C-819B-4D52-98F8-43F527BEEF17}\{E6A885FA-946E-4932-B09F-3A530EF1005E}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{05EB4F1D-A1ED-4B78-852F-8443EBAE8BDD}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{05EB4F1D-A1ED-4B78-852F-8443EBAE8BDD}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{59983C03-8D4C-49B6-8E2B-75FE2D40C452}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{59983C03-8D4C-49B6-8E2B-75FE2D40C452}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{59A15A9F-AC3A-4F1D-B60B-81D8832A6D21}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{59A15A9F-AC3A-4F1D-B60B-81D8832A6D21}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{5AD62CC5-BB17-4599-902A-9209B73E996E}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{5AD62CC5-BB17-4599-902A-9209B73E996E}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{60D88888-EBB4-4DD1-A5DE-FDD253486FBF}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{60D88888-EBB4-4DD1-A5DE-FDD253486FBF}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{63CAB070-7BA2-4613-BA03-8B9F02E09F28}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{63CAB070-7BA2-4613-BA03-8B9F02E09F28}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{66AC9541-FA70-4088-A4CA-73BAC2629962}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{66AC9541-FA70-4088-A4CA-73BAC2629962}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{9386D642-2A93-4541-8C3C-7D89F59F123D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{9386D642-2A93-4541-8C3C-7D89F59F123D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{981812E0-9530-4558-B276-56DCB86F0D31}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{981812E0-9530-4558-B276-56DCB86F0D31}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{A1B0F044-31C7-40F6-98DF-69F229498F58}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{A1B0F044-31C7-40F6-98DF-69F229498F58}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{A33D7E0D-CC41-4CAD-8539-E9462EF92E3A}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{A33D7E0D-CC41-4CAD-8539-E9462EF92E3A}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{ABEE491A-D2F3-4369-8051-CE4A7F8CB169}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{ABEE491A-D2F3-4369-8051-CE4A7F8CB169}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{B9216D94-D8C8-425C-A08B-0BF678A42777}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{B9216D94-D8C8-425C-A08B-0BF678A42777}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{BB3B67FB-3039-4551-913D-57FAA24FA221}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{BB3B67FB-3039-4551-913D-57FAA24FA221}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{BDBAD692-5EEC-4C7C-BA34-75814BD3B6A1}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{BDBAD692-5EEC-4C7C-BA34-75814BD3B6A1}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{D18B4D38-042D-4B59-8EDC-E151CF62A44D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{D18B4D38-042D-4B59-8EDC-E151CF62A44D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{D5F46E75-6971-4C09-95F5-6E94EB829EBF}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{D5F46E75-6971-4C09-95F5-6E94EB829EBF}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{E79EA36F-B22C-4885-8803-C6E10C63404E}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{E79EA36F-B22C-4885-8803-C6E10C63404E}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{FED17399-B41B-41A1-A41D-9FB23DD55C7C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{33BAF487-C387-4552-8914-CBC0EEF03EF3}\{FED17399-B41B-41A1-A41D-9FB23DD55C7C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{053663F7-5A11-4176-B6F6-54F8280C5B23}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{053663F7-5A11-4176-B6F6-54F8280C5B23}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{07AC1B2D-3867-481B-933E-F1B723E8ED61}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{07AC1B2D-3867-481B-933E-F1B723E8ED61}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{3E3BAAAE-AC4A-4403-9972-81F9608BB864}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{3E3BAAAE-AC4A-4403-9972-81F9608BB864}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{3E98B65E-ACF8-445D-BFE5-769155246FF8}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{3E98B65E-ACF8-445D-BFE5-769155246FF8}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{3FDE1805-359F-4409-84F1-F8F22D7A070D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{3FDE1805-359F-4409-84F1-F8F22D7A070D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{41CBB13A-D615-49B5-9123-8062845AF1F8}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{41CBB13A-D615-49B5-9123-8062845AF1F8}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{5DDD52A6-4A79-4361-9D4C-D0673F8F58CC}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{5DDD52A6-4A79-4361-9D4C-D0673F8F58CC}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{6747DEED-1AB3-4D97-87A6-102543873538}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{6747DEED-1AB3-4D97-87A6-102543873538}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{78C25674-EC01-42F5-A844-CBD2E7621191}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{78C25674-EC01-42F5-A844-CBD2E7621191}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{8B8B414C-A5D2-4A60-A2C3-0DE9F3CC532C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{8B8B414C-A5D2-4A60-A2C3-0DE9F3CC532C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{99D11159-56F8-4D1A-8610-F87CE40E1055}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{99D11159-56F8-4D1A-8610-F87CE40E1055}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{9F7BC9F1-0F1E-4AFB-B1B3-15467611572E}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{9F7BC9F1-0F1E-4AFB-B1B3-15467611572E}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{BF795BF3-0F16-4864-B553-1EFEC9C5AB34}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{BF795BF3-0F16-4864-B553-1EFEC9C5AB34}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{C77BD1F6-6448-48A0-8A20-BC7BD289795A}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{C77BD1F6-6448-48A0-8A20-BC7BD289795A}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{C839F4DA-6AD4-4BA7-903D-0DBBB5B3DD6C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{C839F4DA-6AD4-4BA7-903D-0DBBB5B3DD6C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{F3D5E3B7-1D0F-4663-8196-0B799F5ACC4F}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{F3D5E3B7-1D0F-4663-8196-0B799F5ACC4F}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{FB5766A1-4B58-498A-A677-110271D631CB}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{3CFB5C28-B0FB-4166-9348-D2B89D7693CB}\{FB5766A1-4B58-498A-A677-110271D631CB}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{35EFACC9-6BB4-463C-9EA7-9488C8EF9EB8}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{35EFACC9-6BB4-463C-9EA7-9488C8EF9EB8}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{509F24EB-C2CE-4D75-A89A-A9183ED62492}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{509F24EB-C2CE-4D75-A89A-A9183ED62492}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{597ABFAF-7AB8-4266-8530-2DFAC04A3618}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{597ABFAF-7AB8-4266-8530-2DFAC04A3618}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{6855F5D5-C0E9-450F-97C4-697AD8AB3870}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{6855F5D5-C0E9-450F-97C4-697AD8AB3870}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{75C71F03-A1C2-4ECC-BF73-1A865D851662}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{75C71F03-A1C2-4ECC-BF73-1A865D851662}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{86969F85-EEC6-44FC-8B7E-4CBBE7CC61F6}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{86969F85-EEC6-44FC-8B7E-4CBBE7CC61F6}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{920ABC23-E069-4A48-9450-505AD4FDC0FC}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{920ABC23-E069-4A48-9450-505AD4FDC0FC}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{ECBD5477-A66F-4B49-B214-51378FCAC0E2}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{ECBD5477-A66F-4B49-B214-51378FCAC0E2}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{ED265A9F-C64A-4751-9DB7-7D2454432734}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{ED265A9F-C64A-4751-9DB7-7D2454432734}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{FE893E43-177E-457C-8428-901349E4DF21}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46C3D0F7-6E5D-43D9-85AE-2220841A7D98}\{FE893E43-177E-457C-8428-901349E4DF21}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{0FD52EFB-5F3E-4F19-9D63-BE93398EEDEB}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{0FD52EFB-5F3E-4F19-9D63-BE93398EEDEB}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{1690816D-1626-4169-A5CD-764CD9CA5220}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{1690816D-1626-4169-A5CD-764CD9CA5220}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{1BFF11A1-D4DC-4BCB-83A2-3DF9949D85E4}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{1BFF11A1-D4DC-4BCB-83A2-3DF9949D85E4}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{208FB0C2-E67B-4C7B-8F53-3C13FE52FE3E}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{208FB0C2-E67B-4C7B-8F53-3C13FE52FE3E}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{2AD18EE8-1FC3-4D29-9F45-886EDC4A8CF8}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{2AD18EE8-1FC3-4D29-9F45-886EDC4A8CF8}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{456F36E5-D87F-470E-9C01-313C7F9FAF29}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{456F36E5-D87F-470E-9C01-313C7F9FAF29}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{56BFC4F3-F102-45DB-AED4-7E2DEFF8DFA7}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{56BFC4F3-F102-45DB-AED4-7E2DEFF8DFA7}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{601425D3-3492-4208-9424-B9D01D22AFAC}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{601425D3-3492-4208-9424-B9D01D22AFAC}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{655A3812-F603-465C-9B9F-16B006D9306D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{655A3812-F603-465C-9B9F-16B006D9306D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{92963BDC-E65A-4824-AFB5-5399800C97DA}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{92963BDC-E65A-4824-AFB5-5399800C97DA}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{9618AE63-B3CD-4530-B5E5-DD378E33846D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{9618AE63-B3CD-4530-B5E5-DD378E33846D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{9BAEAD22-6CF6-41F3-AF95-DE30823BC3E5}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{9BAEAD22-6CF6-41F3-AF95-DE30823BC3E5}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{A3CFA5F9-2045-4351-BDEC-073C29E980CF}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{A3CFA5F9-2045-4351-BDEC-073C29E980CF}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{D18003C9-E2DD-402D-B3F0-A2237FE49166}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{49B54FE6-A68D-4E26-A5B7-FF20A6CDAA2A}\{D18003C9-E2DD-402D-B3F0-A2237FE49166}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{149B77A8-E0AC-4C69-9D30-518C75098BB6}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{149B77A8-E0AC-4C69-9D30-518C75098BB6}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{15A07147-C752-4766-BA9E-C0853D27687F}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{15A07147-C752-4766-BA9E-C0853D27687F}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{1E848A84-7EAA-4B36-BC26-DB14563C6A8B}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{1E848A84-7EAA-4B36-BC26-DB14563C6A8B}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{1EB61458-02BC-4E94-ABD7-9848F47F38E4}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{1EB61458-02BC-4E94-ABD7-9848F47F38E4}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{206AA6E5-4D82-4FDA-A066-7C8DF6EAD43C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{206AA6E5-4D82-4FDA-A066-7C8DF6EAD43C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{35955875-849C-4339-A783-ADD21CCDA455}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{35955875-849C-4339-A783-ADD21CCDA455}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{8B458BA4-25C3-4082-B38B-4392703509DD}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{8B458BA4-25C3-4082-B38B-4392703509DD}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{972401FD-D52A-4E1B-B628-45FE74267D80}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{972401FD-D52A-4E1B-B628-45FE74267D80}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{AB42939E-4829-41C7-8E37-236E8B57B422}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{AB42939E-4829-41C7-8E37-236E8B57B422}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{B6199935-7AF5-4344-82BD-7D4874FCA87A}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{B6199935-7AF5-4344-82BD-7D4874FCA87A}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{D160AD48-B029-4872-AD42-7D704C27991C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{D160AD48-B029-4872-AD42-7D704C27991C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{DE407C71-4CF1-4A05-A205-CFEB9F315926}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{DE407C71-4CF1-4A05-A205-CFEB9F315926}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{E62CBB8E-3D07-47A5-83CD-92BFF038A88F}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{E62CBB8E-3D07-47A5-83CD-92BFF038A88F}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{F3EC9631-24A6-4728-8B01-1B65ADA5582F}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{F3EC9631-24A6-4728-8B01-1B65ADA5582F}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{F9137065-5E33-40C1-8E37-2ED80D7E223F}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{8C991876-00CB-4BE8-A334-A0D4E8DA52BA}\{F9137065-5E33-40C1-8E37-2ED80D7E223F}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{2E8F8194-83DB-4A66-99A3-335DA816A98D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{2E8F8194-83DB-4A66-99A3-335DA816A98D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{2F6BCB40-8084-45E3-ACD3-ECEC7F060D0F}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{2F6BCB40-8084-45E3-ACD3-ECEC7F060D0F}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{3C995B71-4B66-4D27-A786-C4637F1CD97D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{3C995B71-4B66-4D27-A786-C4637F1CD97D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{780CD0A6-7CA9-4BD1-B201-282FD3120B05}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{780CD0A6-7CA9-4BD1-B201-282FD3120B05}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{A146B8CE-465B-41FE-8581-1114968DEF52}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{A146B8CE-465B-41FE-8581-1114968DEF52}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{AA87895A-7E9B-403A-B3FF-F02E5159F768}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{AA87895A-7E9B-403A-B3FF-F02E5159F768}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{D2987765-1A4D-4835-A758-A52C83516495}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{D2987765-1A4D-4835-A758-A52C83516495}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{EF233EFD-AC9C-4CD5-804E-3A4900566560}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{EF233EFD-AC9C-4CD5-804E-3A4900566560}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{F7A2FE98-AE1B-43E3-BDE9-75176E9C7FFF}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{F7A2FE98-AE1B-43E3-BDE9-75176E9C7FFF}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{FB21C5A7-998C-40F7-839B-7E4CBD7D4F6A}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{9032E94E-19A8-47EE-8B1E-40B6EFD86FC4}\{FB21C5A7-998C-40F7-839B-7E4CBD7D4F6A}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{08D8A891-D961-4105-BA48-560F5C7E3FE4}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{08D8A891-D961-4105-BA48-560F5C7E3FE4}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{287F1B0C-6F2E-4327-AB2C-68735D6C8F5D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{287F1B0C-6F2E-4327-AB2C-68735D6C8F5D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{3DB39DC0-905B-4B16-89E7-6BE688DFCF25}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{3DB39DC0-905B-4B16-89E7-6BE688DFCF25}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{3FDD4E3A-2CF1-4465-9315-8897A99555AD}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{3FDD4E3A-2CF1-4465-9315-8897A99555AD}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{4861E275-4987-4DD5-89AE-7A4FFEC3AD03}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{4861E275-4987-4DD5-89AE-7A4FFEC3AD03}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{552E3DCB-BA02-4634-883E-E72DEE064DB1}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{552E3DCB-BA02-4634-883E-E72DEE064DB1}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{62100BC0-D0EB-4B31-9B72-0D103A9DAF28}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{62100BC0-D0EB-4B31-9B72-0D103A9DAF28}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{79EA6126-8DD0-4D95-B07E-46A4B18106FF}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{79EA6126-8DD0-4D95-B07E-46A4B18106FF}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{8B1BE540-D856-4612-A953-7D1F50B7ED06}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{8B1BE540-D856-4612-A953-7D1F50B7ED06}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{9EB71068-89E4-46E3-93A4-5AF6F2D4C0E2}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{9EB71068-89E4-46E3-93A4-5AF6F2D4C0E2}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{A3742F0C-E301-4FEA-99C5-C69E172B2692}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{A3742F0C-E301-4FEA-99C5-C69E172B2692}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{B3484DCE-D545-4B89-9A8D-DFBC0FFD2590}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{B3484DCE-D545-4B89-9A8D-DFBC0FFD2590}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{B83C9612-276F-4662-A23D-31C849872FDD}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{B83C9612-276F-4662-A23D-31C849872FDD}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{E34253CC-BF26-4FA8-8D7F-F4A0EC0E6C82}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{E34253CC-BF26-4FA8-8D7F-F4A0EC0E6C82}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{EDF9169B-E75B-47D7-889F-36EC5CE30126}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{EDF9169B-E75B-47D7-889F-36EC5CE30126}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{F970ED3F-357C-4C8D-8972-3C9E9DBC69D9}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A788CDDF-8EFD-4305-BF50-D0BE730297BA}\{F970ED3F-357C-4C8D-8972-3C9E9DBC69D9}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{193BAAE1-3F74-431E-8D67-31E7827C655E}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{193BAAE1-3F74-431E-8D67-31E7827C655E}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{2349150B-5FC2-4873-B7D3-10CC1ABFBD71}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{2349150B-5FC2-4873-B7D3-10CC1ABFBD71}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{4032B1CE-2891-4128-8A42-18D51ED3FA14}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{4032B1CE-2891-4128-8A42-18D51ED3FA14}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{57256DA2-9734-4EF7-9FD3-AB212DC60494}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{57256DA2-9734-4EF7-9FD3-AB212DC60494}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{6F22D334-78E7-496E-8871-14C7323091A6}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{6F22D334-78E7-496E-8871-14C7323091A6}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{78077437-1DD8-438B-8A69-C211A6BB841E}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{78077437-1DD8-438B-8A69-C211A6BB841E}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{D557C056-1614-4E2F-801F-051DCAA6C8A7}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{D557C056-1614-4E2F-801F-051DCAA6C8A7}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{DC20B7DB-F554-4EBB-85BE-C85523964C27}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{DC20B7DB-F554-4EBB-85BE-C85523964C27}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{F1D0B363-384B-4563-B21C-4A1C14BE93D0}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{F1D0B363-384B-4563-B21C-4A1C14BE93D0}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{FFF863CD-6D99-4A9A-ADAF-AA26E27FFBDE}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{A8CF81E6-20B5-41CE-BF90-FDCABE00DBEE}\{FFF863CD-6D99-4A9A-ADAF-AA26E27FFBDE}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{ACBFFE1E-9062-4A63-8A8A-3B463F36A617}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{ACBFFE1E-9062-4A63-8A8A-3B463F36A617}\{0BE4CE7B-708E-4B71-B37C-5E9528F64B8F}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{ACBFFE1E-9062-4A63-8A8A-3B463F36A617}\{0BE4CE7B-708E-4B71-B37C-5E9528F64B8F}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{ACBFFE1E-9062-4A63-8A8A-3B463F36A617}\{2A22AD62-9108-4844-B113-1E5FC99BE5F2}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{ACBFFE1E-9062-4A63-8A8A-3B463F36A617}\{2A22AD62-9108-4844-B113-1E5FC99BE5F2}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{ACBFFE1E-9062-4A63-8A8A-3B463F36A617}\{67232543-F30F-4758-83E4-7BC5F507D42E}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{ACBFFE1E-9062-4A63-8A8A-3B463F36A617}\{67232543-F30F-4758-83E4-7BC5F507D42E}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{ACBFFE1E-9062-4A63-8A8A-3B463F36A617}\{95378D6E-3854-452F-A54E-634420CEAB9D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{ACBFFE1E-9062-4A63-8A8A-3B463F36A617}\{95378D6E-3854-452F-A54E-634420CEAB9D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{ACBFFE1E-9062-4A63-8A8A-3B463F36A617}\{A8FAAFC0-96E7-4547-9B8C-4D1E96390E1B}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{ACBFFE1E-9062-4A63-8A8A-3B463F36A617}\{A8FAAFC0-96E7-4547-9B8C-4D1E96390E1B}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{ACBFFE1E-9062-4A63-8A8A-3B463F36A617}\{DC86C6CA-3F15-4FCA-9C9C-962D49DE04B4}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{ACBFFE1E-9062-4A63-8A8A-3B463F36A617}\{DC86C6CA-3F15-4FCA-9C9C-962D49DE04B4}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{ACBFFE1E-9062-4A63-8A8A-3B463F36A617}\{F9536603-8894-4FDB-8037-0CC7DD1DA855}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{ACBFFE1E-9062-4A63-8A8A-3B463F36A617}\{F9536603-8894-4FDB-8037-0CC7DD1DA855}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{018B94B6-9F8A-4AC9-AB47-C4AAD125A1CB}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{018B94B6-9F8A-4AC9-AB47-C4AAD125A1CB}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{098E1E84-5BD7-45F4-BC16-8E14F90246D7}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{098E1E84-5BD7-45F4-BC16-8E14F90246D7}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{0FBBCDCA-0EBF-4C01-911E-73AD5B996F52}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{0FBBCDCA-0EBF-4C01-911E-73AD5B996F52}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{1131EF52-AFA7-49C9-BB8D-C6BF1098604A}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{1131EF52-AFA7-49C9-BB8D-C6BF1098604A}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{18793181-480A-448B-AF23-3E6C4613591E}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{18793181-480A-448B-AF23-3E6C4613591E}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{2FAFEEB8-19B9-4C69-8C1F-4FB06D0D51C6}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{2FAFEEB8-19B9-4C69-8C1F-4FB06D0D51C6}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{30790170-23E0-48FA-8224-00E1AF4D1232}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{30790170-23E0-48FA-8224-00E1AF4D1232}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{34BD6122-F2AE-4186-992E-E6C5B49B8D98}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{34BD6122-F2AE-4186-992E-E6C5B49B8D98}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{3F2C30D3-6EE8-476B-A436-A37C7E2EA7AA}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{3F2C30D3-6EE8-476B-A436-A37C7E2EA7AA}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{44BD4878-F346-4D98-BA01-C4E04BC18B9F}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{44BD4878-F346-4D98-BA01-C4E04BC18B9F}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{519D0D2E-D332-4C80-819A-76660435C40F}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{519D0D2E-D332-4C80-819A-76660435C40F}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{52DDDFAE-5DB9-47DA-8103-2BA4F62DA712}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{52DDDFAE-5DB9-47DA-8103-2BA4F62DA712}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{6A34CB14-03F0-4D93-BBAB-3126462C2B7A}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{6A34CB14-03F0-4D93-BBAB-3126462C2B7A}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{7C07C7D2-9F35-4D37-884A-69462F28DEED}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{7C07C7D2-9F35-4D37-884A-69462F28DEED}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{8026ABD5-98FD-4D39-BFE0-D431D671902D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{8026ABD5-98FD-4D39-BFE0-D431D671902D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{9414CC60-5118-4563-BBC2-DD8307B19B96}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{9414CC60-5118-4563-BBC2-DD8307B19B96}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{9B568808-F27D-4CA5-823F-240FE7678A22}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{9B568808-F27D-4CA5-823F-240FE7678A22}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{CAB11406-3A1B-48BF-8C66-87F03B0606AB}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{CAB11406-3A1B-48BF-8C66-87F03B0606AB}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{E14FE58B-51BD-4DA1-8324-294E85292E78}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{E14FE58B-51BD-4DA1-8324-294E85292E78}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{E6A0B3F5-3137-47B5-AB9D-D799B959F9CC}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{B1DA57CF-5C68-4BA5-88C9-976CE510B747}\{E6A0B3F5-3137-47B5-AB9D-D799B959F9CC}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{CC4F2358-7FCE-44B5-8188-FBB61D7BAC1B}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{CC4F2358-7FCE-44B5-8188-FBB61D7BAC1B}\{33C1F494-20FF-4B77-8030-39D175C13EE8}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{CC4F2358-7FCE-44B5-8188-FBB61D7BAC1B}\{33C1F494-20FF-4B77-8030-39D175C13EE8}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{CC4F2358-7FCE-44B5-8188-FBB61D7BAC1B}\{4FC638FE-AC5D-49DB-97BE-8D6298F84DEB}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{CC4F2358-7FCE-44B5-8188-FBB61D7BAC1B}\{4FC638FE-AC5D-49DB-97BE-8D6298F84DEB}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{CC4F2358-7FCE-44B5-8188-FBB61D7BAC1B}\{AB26D5D7-3745-49FB-8602-C34EC8624F94}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{CC4F2358-7FCE-44B5-8188-FBB61D7BAC1B}\{AB26D5D7-3745-49FB-8602-C34EC8624F94}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{CC4F2358-7FCE-44B5-8188-FBB61D7BAC1B}\{CF595138-6BE1-4960-8CCD-C3E0BAAA2515}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{CC4F2358-7FCE-44B5-8188-FBB61D7BAC1B}\{CF595138-6BE1-4960-8CCD-C3E0BAAA2515}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{CC4F2358-7FCE-44B5-8188-FBB61D7BAC1B}\{D2685D5B-4576-4A6A-8594-6C0D2CC5C70D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{CC4F2358-7FCE-44B5-8188-FBB61D7BAC1B}\{D2685D5B-4576-4A6A-8594-6C0D2CC5C70D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{11A76FB6-291E-49D6-92D7-461AB4FFC173}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{11A76FB6-291E-49D6-92D7-461AB4FFC173}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{1B6E96DA-85BD-466C-8550-B0F74D601171}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{1B6E96DA-85BD-466C-8550-B0F74D601171}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{2BC0ACA5-A356-48CC-8F16-0AC1C8C8B5F7}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{2BC0ACA5-A356-48CC-8F16-0AC1C8C8B5F7}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{3F9F772B-27E5-45C4-8AC9-6B54E04C1E61}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{3F9F772B-27E5-45C4-8AC9-6B54E04C1E61}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{6EDD1697-CF26-440D-9414-98C63FD3F2A0}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{6EDD1697-CF26-440D-9414-98C63FD3F2A0}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{7E70E62F-5038-417A-840C-ADD653D17BDA}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{7E70E62F-5038-417A-840C-ADD653D17BDA}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{7FC79587-FFB7-46A6-A9EC-C4B2AE4BF9DB}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{7FC79587-FFB7-46A6-A9EC-C4B2AE4BF9DB}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{87D5B942-C93F-4EAB-9299-2460C576D416}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{87D5B942-C93F-4EAB-9299-2460C576D416}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{B548CE63-E16C-49CD-BDE5-7103372EFB92}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{B548CE63-E16C-49CD-BDE5-7103372EFB92}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{C48F1DAB-B7A5-474E-BA3B-A85CC07A1FB4}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{C48F1DAB-B7A5-474E-BA3B-A85CC07A1FB4}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{CA87A49A-9B37-4EBE-BA9D-A5DFBDA6941C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{CA87A49A-9B37-4EBE-BA9D-A5DFBDA6941C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{D7878DCF-6194-4E7D-9861-E14EC61F04D5}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{D7878DCF-6194-4E7D-9861-E14EC61F04D5}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{E90D76E4-F887-425E-87BF-BDAAB66A9267}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{D32C03FC-49E6-4FB7-91A7-F00D5036BF52}\{E90D76E4-F887-425E-87BF-BDAAB66A9267}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{04E87B52-2164-4D86-A97B-D8FC7D492CA4}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{04E87B52-2164-4D86-A97B-D8FC7D492CA4}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{16D1F422-44A7-455B-AD31-4D3FB76D8E27}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{16D1F422-44A7-455B-AD31-4D3FB76D8E27}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{34B6BF54-825F-45FA-8175-992303857759}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{34B6BF54-825F-45FA-8175-992303857759}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{490E2FC0-A0F7-43C2-BC67-46A7A65022FE}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{490E2FC0-A0F7-43C2-BC67-46A7A65022FE}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{4A6110F1-F1F3-4C2B-9441-C61F7C69C3E2}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{4A6110F1-F1F3-4C2B-9441-C61F7C69C3E2}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{572FE0C9-9E2F-47CF-8348-52914A9E1EAC}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{572FE0C9-9E2F-47CF-8348-52914A9E1EAC}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{582C4C14-0F08-4DBB-AFF2-1E2DD701C90B}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{582C4C14-0F08-4DBB-AFF2-1E2DD701C90B}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{630BE3D7-8CF5-429C-9AAA-517DD27806D3}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{630BE3D7-8CF5-429C-9AAA-517DD27806D3}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{83480312-0C9D-4523-9F9D-2DBCDBAA0E08}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{83480312-0C9D-4523-9F9D-2DBCDBAA0E08}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{9A57AC91-9B05-48FE-9268-314E8633C4EC}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{9A57AC91-9B05-48FE-9268-314E8633C4EC}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{9D198ECE-8FCD-4AB3-8E97-19832B141325}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{9D198ECE-8FCD-4AB3-8E97-19832B141325}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{ACF1EE5E-71A8-4CC9-9C70-E402610C72B1}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{ACF1EE5E-71A8-4CC9-9C70-E402610C72B1}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{B28D050D-95AC-4359-9ADA-DB5AB5D19C24}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{B28D050D-95AC-4359-9ADA-DB5AB5D19C24}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{B3BBE654-BBAF-4557-81C3-D37CA784429C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{B3BBE654-BBAF-4557-81C3-D37CA784429C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{BE7CEA5C-D8DD-456F-8DED-7A359D893057}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{BE7CEA5C-D8DD-456F-8DED-7A359D893057}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{C0414606-EAC4-406C-BF37-1C104C875A73}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{C0414606-EAC4-406C-BF37-1C104C875A73}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{C4C81736-9577-4513-B197-51BCE563EF20}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{C4C81736-9577-4513-B197-51BCE563EF20}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{E5F023A5-AD2B-43DA-B142-40A9905B3006}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{E5F023A5-AD2B-43DA-B142-40A9905B3006}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{F962321A-8827-47DE-A49D-1B07CE31F820}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E26BF99C-1C52-447B-9764-90497F56911E}\{F962321A-8827-47DE-A49D-1B07CE31F820}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{275C1B20-A7B7-418F-8825-4C958C4AF093}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{275C1B20-A7B7-418F-8825-4C958C4AF093}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{60FAC3C4-2958-4BB4-B0A2-DAB5B6E5B966}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{60FAC3C4-2958-4BB4-B0A2-DAB5B6E5B966}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{65954DD2-092F-4D56-8815-518C3AD4184C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{65954DD2-092F-4D56-8815-518C3AD4184C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{7DFBAFEF-1688-443F-A9D8-6E7758426AB1}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{7DFBAFEF-1688-443F-A9D8-6E7758426AB1}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{9FE83AC4-5A36-44E0-84C0-32810E40A3F9}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{9FE83AC4-5A36-44E0-84C0-32810E40A3F9}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{A140E7A0-DF41-4534-BD14-1EDDB4CAA4D0}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{A140E7A0-DF41-4534-BD14-1EDDB4CAA4D0}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{A6F53B15-3859-4819-A8DF-F52E10E1B001}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{A6F53B15-3859-4819-A8DF-F52E10E1B001}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{AEEF92C4-7D6B-4630-8381-D5B265E08EF3}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{AEEF92C4-7D6B-4630-8381-D5B265E08EF3}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{B4043666-692A-4F71-9F0C-EC7B06FC2C3D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{B4043666-692A-4F71-9F0C-EC7B06FC2C3D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{C2FC762C-B7EB-4824-9767-266F4E769052}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{C2FC762C-B7EB-4824-9767-266F4E769052}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{CDE751A5-0E64-42AC-993F-64A133173305}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{CDE751A5-0E64-42AC-993F-64A133173305}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{CF8D3E10-E0B4-46E5-B859-C8A7AE7F713F}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{CF8D3E10-E0B4-46E5-B859-C8A7AE7F713F}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{D8F3F793-F941-4B18-89FB-D077C753AA75}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{D8F3F793-F941-4B18-89FB-D077C753AA75}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{DF2EED8B-EA0B-452F-8924-ADCCA07A8E04}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{DF2EED8B-EA0B-452F-8924-ADCCA07A8E04}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{EDBB9FCC-CC02-48F8-A563-E73E23C8A6D1}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{EDBB9FCC-CC02-48F8-A563-E73E23C8A6D1}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{F16F969B-B5C8-47BD-B155-A621E6334966}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{E8DD753F-5381-4E01-8CA3-1DC9D1307C01}\{F16F969B-B5C8-47BD-B155-A621E6334966}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{03F1058A-4E3F-432D-80A7-12EE2C28E3B5}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{03F1058A-4E3F-432D-80A7-12EE2C28E3B5}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{16C4917C-850C-46E0-A6BE-571A4313877C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{16C4917C-850C-46E0-A6BE-571A4313877C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{26868A1E-06B5-4FFA-99CF-E68B9313E556}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{26868A1E-06B5-4FFA-99CF-E68B9313E556}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{39CD1D42-5371-4D19-9542-CB7FB97B9188}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{39CD1D42-5371-4D19-9542-CB7FB97B9188}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{58A8C142-A911-416E-A856-D0A22358A3A0}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{58A8C142-A911-416E-A856-D0A22358A3A0}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{7A80AAA8-2D34-4F1F-BD8B-5F2DFAB4B037}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{7A80AAA8-2D34-4F1F-BD8B-5F2DFAB4B037}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{A7BF861D-9F02-4475-AAFD-1E9D0D0265C9}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{A7BF861D-9F02-4475-AAFD-1E9D0D0265C9}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{A906F1C2-6FAA-4EEA-8E2D-86F64B4643D3}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{A906F1C2-6FAA-4EEA-8E2D-86F64B4643D3}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{D554032E-8C95-47E8-86D3-C4B82F7EDA9B}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{D554032E-8C95-47E8-86D3-C4B82F7EDA9B}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{D87ABB1B-4429-49C1-AB8B-2427216523CF}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{D87ABB1B-4429-49C1-AB8B-2427216523CF}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{DCDD2DEB-D092-4BC7-B027-29A34AEAAA41}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{DCDD2DEB-D092-4BC7-B027-29A34AEAAA41}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{E2A37CA1-5BFE-4AA7-9823-70393BD102C1}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{E2A37CA1-5BFE-4AA7-9823-70393BD102C1}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{F0F57A56-6B3C-4864-89B6-A2D18C277AD7}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{EDBB7AFA-4C1F-4DED-833C-B1997126996D}\{F0F57A56-6B3C-4864-89B6-A2D18C277AD7}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{01AAE72D-3451-4F2C-A6E4-756D11A27DED}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{01AAE72D-3451-4F2C-A6E4-756D11A27DED}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{097672F1-9604-4DC6-9091-BBE3A7AEBC1A}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{097672F1-9604-4DC6-9091-BBE3A7AEBC1A}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{263D9CBD-B988-4E86-BA02-51B6D5623BE3}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{263D9CBD-B988-4E86-BA02-51B6D5623BE3}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{3142D273-7465-4E7D-B29F-9FD84AC4A721}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{3142D273-7465-4E7D-B29F-9FD84AC4A721}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{54BFC75D-7CF7-4432-8950-B8755D918006}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{54BFC75D-7CF7-4432-8950-B8755D918006}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{6C472B00-33DB-4DC8-8B4C-D5A16685C915}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{6C472B00-33DB-4DC8-8B4C-D5A16685C915}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{70CD609A-2107-46D8-9AFC-E4EEF12609D7}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{70CD609A-2107-46D8-9AFC-E4EEF12609D7}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{9B972EED-2B78-4FE4-8605-76775584EED5}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{9B972EED-2B78-4FE4-8605-76775584EED5}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{A7CC55C3-83B7-4298-B51C-767D509F15EC}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{A7CC55C3-83B7-4298-B51C-767D509F15EC}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{AC844201-3BEA-4197-8715-C7D0ABC03738}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{AC844201-3BEA-4197-8715-C7D0ABC03738}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{C7696FE7-432D-4895-9E9B-EF298D8DC07D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{C7696FE7-432D-4895-9E9B-EF298D8DC07D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{CAA56ED4-63DD-45C7-9D82-3D4AD615F765}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{CAA56ED4-63DD-45C7-9D82-3D4AD615F765}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{CB0796A8-920B-4D90-93D1-40EDA93D08DF}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{CB0796A8-920B-4D90-93D1-40EDA93D08DF}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{CEAB90BA-5816-4166-9A53-0AEE7F30C493}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{CEAB90BA-5816-4166-9A53-0AEE7F30C493}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{D01056D9-2E91-44C1-8DAD-B8ED4C53750B}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{D01056D9-2E91-44C1-8DAD-B8ED4C53750B}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{D06D89A2-9AB1-402A-85D9-BABCE86F346F}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{D06D89A2-9AB1-402A-85D9-BABCE86F346F}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{F1C2B4DB-0EBF-4B5A-8A11-CA9572ED6840}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{F1C2B4DB-0EBF-4B5A-8A11-CA9572ED6840}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{F234C933-8387-42B3-88F4-31076B3034CC}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F806F730-DCA4-43BB-A637-E4F484DA640A}\{F234C933-8387-42B3-88F4-31076B3034CC}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{083C13A3-322D-4D29-9E02-27F94A55C574}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{083C13A3-322D-4D29-9E02-27F94A55C574}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{10921495-06D9-466A-8DBD-4C3F6E31FBAA}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{10921495-06D9-466A-8DBD-4C3F6E31FBAA}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{15CB58E5-7738-45B1-A3BA-37B6E4D74CE8}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{15CB58E5-7738-45B1-A3BA-37B6E4D74CE8}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{162A77B0-B30F-43ED-85E3-39398CE4ED41}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{162A77B0-B30F-43ED-85E3-39398CE4ED41}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{1758C228-BDEC-4FDB-9323-BD9D8DF49A03}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{1758C228-BDEC-4FDB-9323-BD9D8DF49A03}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{198BC8DD-B19D-47D5-9E7D-3224FA6D2E7B}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{198BC8DD-B19D-47D5-9E7D-3224FA6D2E7B}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{1BF6463B-372F-4CA4-8385-67B4BCDA8055}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{1BF6463B-372F-4CA4-8385-67B4BCDA8055}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{227FE411-D0EC-48DF-A096-F9FC0D65BE1D}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{227FE411-D0EC-48DF-A096-F9FC0D65BE1D}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{27969697-1F92-4EDD-91F7-43F1053B8F0C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{27969697-1F92-4EDD-91F7-43F1053B8F0C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{2E968D2D-631F-4C97-A0FC-61039A3896FF}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{2E968D2D-631F-4C97-A0FC-61039A3896FF}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{2F1AEEDA-6F43-4879-955D-993C9839AC67}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{2F1AEEDA-6F43-4879-955D-993C9839AC67}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{3ABED8F8-331E-4DAF-9214-150A847638E7}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{3ABED8F8-331E-4DAF-9214-150A847638E7}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{3C8CA35E-E31D-4EAE-BDBA-BBF9AFA70768}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{3C8CA35E-E31D-4EAE-BDBA-BBF9AFA70768}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{3D78EBD3-C46D-4DAF-8A03-82B5725A5D57}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{3D78EBD3-C46D-4DAF-8A03-82B5725A5D57}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{45E141AC-F931-4C1E-AC7E-729CD74A33EC}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{45E141AC-F931-4C1E-AC7E-729CD74A33EC}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{4C91500D-B46E-4120-B00D-590154A45174}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{4C91500D-B46E-4120-B00D-590154A45174}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{649F3B65-F529-4A3A-A457-636EDE40214C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{649F3B65-F529-4A3A-A457-636EDE40214C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{6905E7D8-DB16-4897-A47A-AE65457116C2}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{6905E7D8-DB16-4897-A47A-AE65457116C2}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{6954D3E8-A5FF-4A3F-9C09-A7B1801D5EB1}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{6954D3E8-A5FF-4A3F-9C09-A7B1801D5EB1}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{71EC3C10-6D4D-43EF-8A2F-EDFE63D180DF}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{71EC3C10-6D4D-43EF-8A2F-EDFE63D180DF}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{781C3868-9A8B-41CE-B60A-7B41E9C3995A}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{781C3868-9A8B-41CE-B60A-7B41E9C3995A}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{7E0DAD97-60E4-4041-8E0B-1A4FEFAD5B81}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{7E0DAD97-60E4-4041-8E0B-1A4FEFAD5B81}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{7E745E11-D082-4F21-BF1F-DEE42F8BC1DC}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{7E745E11-D082-4F21-BF1F-DEE42F8BC1DC}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{92C677D5-7347-4734-B95C-29A80E81AC11}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{92C677D5-7347-4734-B95C-29A80E81AC11}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{A8CC530C-8734-4C6F-9CEE-FC30AA2BA512}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{A8CC530C-8734-4C6F-9CEE-FC30AA2BA512}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{BD80A053-A7B3-45F8-8FB0-90FC73413AE4}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{BD80A053-A7B3-45F8-8FB0-90FC73413AE4}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{C15983F9-8ABA-4F2A-93E7-2C15653AA125}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{C15983F9-8ABA-4F2A-93E7-2C15653AA125}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{C3EE522F-39E8-4EFB-B935-F779A2F265AF}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{C3EE522F-39E8-4EFB-B935-F779A2F265AF}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{C5CB7BD6-4D0C-41D2-93C7-F59CF515455F}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{C5CB7BD6-4D0C-41D2-93C7-F59CF515455F}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{CB06C378-A44C-444B-87C3-5BFEA40C422A}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{CB06C378-A44C-444B-87C3-5BFEA40C422A}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{D082F7A3-A7AC-4576-8334-83AB9AAB9665}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{D082F7A3-A7AC-4576-8334-83AB9AAB9665}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{D7406113-53B3-476A-AED1-B237753C44EA}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{D7406113-53B3-476A-AED1-B237753C44EA}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{D913F8BF-8D0C-40C3-A1C5-C00AACF69A88}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{D913F8BF-8D0C-40C3-A1C5-C00AACF69A88}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{D9D418BB-F32C-4A9C-AE9B-3A97E7D55D3C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{D9D418BB-F32C-4A9C-AE9B-3A97E7D55D3C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{E54B02F0-0667-4BDD-9D69-F1ED64153170}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{E54B02F0-0667-4BDD-9D69-F1ED64153170}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{E76AE599-6D90-4262-9E7E-D51B1EBF87A4}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{E76AE599-6D90-4262-9E7E-D51B1EBF87A4}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{E779127C-78DC-4D88-8BE8-886E5259564C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{E779127C-78DC-4D88-8BE8-886E5259564C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{E906B4E2-F0A8-4402-9C11-BE7CD7CAB863}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{E906B4E2-F0A8-4402-9C11-BE7CD7CAB863}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{E908AE72-0C5B-4C2D-989C-9AB46F5084A9}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{E908AE72-0C5B-4C2D-989C-9AB46F5084A9}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{EE7E554E-9E44-4AC8-A19E-42BB9A6253BD}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{EE7E554E-9E44-4AC8-A19E-42BB9A6253BD}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{F2250B25-E45B-4A6A-97AD-BD7C1B362A62}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{F2250B25-E45B-4A6A-97AD-BD7C1B362A62}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{F8B1523C-C1E4-4DD4-8A10-D2DD0A6A91E2}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{F8B1523C-C1E4-4DD4-8A10-D2DD0A6A91E2}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{FC54D3F3-AA8E-4709-8717-8221F3D164E7}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{F9FC8E0A-7DB9-42CD-A898-6346F04E3020}\{FC54D3F3-AA8E-4709-8717-8221F3D164E7}.qbi
c:\documents and settings\All Users\Application Data\Viewpoint
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.htm
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.html
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
c:\program files\Common Files\Symantec Shared\SPManifests\symcleng.grd
c:\program files\Common Files\Symantec Shared\SPManifests\symcleng.sig
c:\program files\Common Files\Symantec Shared\SPManifests\symcleng.spm
.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.
2008-11-28 13:31 . 2005-11-14 19:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-11-28 13:31 . 2005-11-14 18:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\toshiba
2008-11-28 13:31 . 2005-11-14 18:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intuit
2008-11-28 13:31 . 2005-11-14 19:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InterVideo
2008-11-28 13:31 . 2007-01-15 19:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL
2008-11-28 13:31 . 2008-11-28 13:31 <DIR> d-------- c:\documents and settings\Administrator
2008-11-28 10:29 . 2008-11-28 13:39 2,542 --a------ c:\windows\system32\tmp.reg
2008-11-28 09:56 . 2008-11-28 09:56 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 13:04 . 2008-11-28 17:46 <DIR> d-------- c:\program files\Common
2008-11-24 17:10 . 2008-11-24 17:10 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-24 17:10 . 2008-11-24 17:10 1,409 --a------ c:\windows\QTFont.for
2008-11-16 19:17 . 2008-11-16 19:17 <DIR> d-------- c:\documents and settings\Doug\Application Data\Amazon
2008-11-16 19:16 . 2008-11-16 19:16 <DIR> d-------- c:\program files\Amazon
2008-11-12 07:41 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 07:41 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 01:01 --------- d-----w c:\program files\QuickTime
2008-11-29 01:01 --------- d-----w c:\program files\Apoint2K
2008-11-28 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-28 19:39 --------- d-----w c:\program files\Google
2008-11-28 19:22 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-21 14:16 --------- d-----w c:\program files\FastStone Image Viewer
2008-11-06 13:21 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-10-30 12:08 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-01 11:46 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-06-05 03:21 94 ----a-w c:\documents and settings\Doug\Application Data\wklnhst.dat
2006-11-03 20:57 0 ----a-w c:\documents and settings\Doug\remote.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-28_17.53.18.94 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-03-01 08:43:22 245,760 ----a-w c:\windows\system32\00THotkey.exe
- 2008-04-14 00:12:16 15,360 ----a-w c:\windows\system32\ctfmon.exe
+ 2004-08-04 12:00:00 15,360 ----a-w c:\windows\system32\ctfmon.exe
+ 2005-05-31 13:33:00 122,941 ----a-w c:\windows\system32\dla\tfswctrl.exe
+ 2004-08-04 12:00:00 15,360 -c--a-w c:\windows\system32\dllcache\ctfmon.exe
+ 2005-06-08 18:59:06 77,824 ----a-w c:\windows\system32\hkcmd.exe
+ 2005-06-08 19:03:08 114,688 ----a-w c:\windows\system32\igfxpers.exe
+ 2005-06-08 19:02:22 94,208 ----a-w c:\windows\system32\igfxtray.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Wise-FTP Scheduler"="c:\program files\AceBIT\WISE-FTP\WF_Scheduler.exe" [2003-08-29 1246720]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 206184]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]
"000StTHK"="000StTHK.exe" [2001-06-23 06:28 24576 c:\windows\system32\000StTHK.exe]
"TPSMain"="TPSMain.exe" [2005-08-09 c:\windows\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2005-08-09 c:\windows\system32\TPSODDCtl.exe]
"TFNF5"="TFNF5.exe" [2004-12-15 c:\windows\system32\TFNF5.exe]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 c:\windows\agrsmmsg.exe]
c:\documents and settings\Doug\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-11 59080]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-04-21 344064]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2006-03-20 36864]
Hawking Wireless Utility.lnk - c:\program files\Hawking\HWU8DD\HWU8DD.exe [2007-08-24 483328]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2006-03-20 36864]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-14 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-04-08 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-04-08 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-04-08 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-04-08 231704]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\mrtRate.sys [2006-03-20 34916]
R3 NWADI;NWADI Bus Enumerator;c:\windows\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\BRGSp50.sys [2007-08-24 20608]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\NSNDIS5.SYS [2004-03-23 17280]
S3 otcsercb;Ositech Windows 2000 Modem Driver;c:\windows\system32\DRIVERS\otcserrt.sys [2006-03-22 60170]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\system32\DRIVERS\zd1211Bu.sys [2007-08-24 402432]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dae2d08d-fa75-11dc-8ce0-0011f5e4e045}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-yapuhayuyu - c:\windows\system32\balayenu.dll
HKLM-Run-686f8e8b - c:\windows\system32\tohuzeno.dll
HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
HKLM-Run-Wise-FTP Scheduler - (no file)
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 19:04:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-28 19:05:35
ComboFix-quarantined-files.txt 2008-11-29 01:04:57
ComboFix2.txt 2008-11-28 23:55:02
Pre-Run: 11,406,192,640 bytes free
Post-Run: 11,400,482,816 bytes free
792 --- E O F --- 2008-11-12 20:21:43
Malwarebytes' Anti-Malware 1.30
Database version: 1433
Windows 5.1.2600 Service Pack 3
11/28/2008 8:01:59 PM
mbam-log-2008-11-28 (20-01-59).txt
Scan type: Full Scan (C:\|)
Objects scanned: 127151
Time elapsed: 42 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\neyivobu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rukamuwe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vekesuwo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE985A4-18FE-45CD-99B6-E96BB339CE4C}\RP896\A0072484.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE985A4-18FE-45CD-99B6-E96BB339CE4C}\RP896\A0072486.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:42, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\srvdpi.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wise-FTP Scheduler] C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - S-1-5-18 Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: DPI Assistant Service (srvdpi) - Ositech Communiction, Inc. - C:\WINDOWS\system32\srvdpi.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
--
End of file - 7960 bytes
Uninstalled Spybot, downloaded latest version, searched for and downloaded updates, and checked for problems. Spybot still detects Virtumonde although all other symptoms are gone.
pskelley
2008-11-29, 13:23
In the combofix log, all of the items like this:
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{0414B424-D23C-4D55-850C-4C2ADD37FEA8}\{19967128-02CD-4234-B504-C4BACD1946B1}.qbd
Are some kind of backups created by Symantec, perhaps Quarantine Backups (QBackup) you will have to ask Symantec what they are and what to do with them, I do not run their software.
http://www.symantec.com/enterprise/support/index.jsp
http://www.google.com/search?hl=en&q=.qbi+file&btnG=Google+Search&aq=f&oq=
http://www.google.com/search?hl=en&q=.qbd+file&btnG=Search
Appears to have something to do with Quicken and Quickbooks? I have not seen those before and have no idea why Symantec is quarantining them.
It does create a mess on your computer.
Did you make sure to immunize Spybot S&D before you ran it? I may be Spybot S&D is seeing stuff in combofix quarantine or even infected System Restore files, let's do this:
Remove combofix from the computer like this:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Clean the System Restore files like this:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
Update AVG 8 and scan the system, to be sure it is running right and scanning clean. Some good information for you:
FAQ: http://www.avg.com/faq
AVG Free Forum: http://freeforum.avg.com/
Restart the computer, open Spybot S&D and update then make sure to totally immunized. Post anything Spybot S&D finds.
Thanks
I followed all of your instructions in your last post. MBAM produced a clean scan. AVG found about 20 tracking cookies which it cleaned up. Spybot found only a Right Media tracking cookie. No sign of Virtumonde.
I want to thank you again for all your help. I don't know what I would have done without it.
Two possible problems remain. My flash memory stick may be infected. And my wife's computer won't bring up Internet Explorer. Should I create a new thread for each of these two problems?
pskelley
2008-11-29, 22:02
Thanks for the feedback, if you want control of those tracking cooking, this information will help.
http://www.mvps.org/winhelp2002/cookies.htm
http://www.microsoft.com/windows/ie/using/howto/privacy/config.mspx
My flash memory stick may be infected
Download this removal tool to your desktop:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
If you have any flashdrives being used previously, since this is a flashdrive infection, insert your flashdrive as well, because above tool will disinfect it as well.
Then doubleclick the Flash_Disinfector.exe to run the tool.
Your desktop and icons will disappear afterwards. This is normal.
When the tool has finished, reboot your computer.
For your wife's computer, make sure you read and follow the "Before you Post" directions first, then start a new topic by posting the required HijackThis log to start.
I'll close this topic in a day or two.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
http://users.telenet.be/bluepatchy/miekiemoes/Links.html
Thanks for the links to all the good information. I consider myself an average computer user in terms of being aware of and understanding the issues involved in protecting my computer from viruses, malware, etc. But I am overwhelmed by the amount of effort one must exert and the knowledge one must have to stay on top of this problem.
Other than the anti-virus program that came with their new computer, I would guess that most computer users know little or nothing about keeping their various programs up-to-date and all the tools available to help them keep evil stuff out of their computer. I sure learned a lot during this session.