PDA

View Full Version : Help: infected with Win32 Downloader



Infected_PC123
2008-12-11, 02:31
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:30 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ho1.anfcorp.com/iNotes6W.cab
O18 - Filter hijack: text/html - {6ea51d40-a334-423c-ae28-defa2ec77083} - C:\WINDOWS\system32\mst122.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O24 - Desktop Component 0: (no name) - http://images.kodakgallery.com/photos4068/3/1/22/57/61/5/561572201306_0_ALB.jpg
O24 - Desktop Component 1: (no name) - http://images.kodakgallery.com/photos4068/3/1/22/18/25/1/125182201306_0_ALB.jpg

--
End of file - 6699 bytes

Shaba
2008-12-14, 12:18
Hi Infected_PC123

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

After that, please post back a fresh HijackThis log, please :)

Infected_PC123
2008-12-15, 04:29
I currently run Onecare for my AV needs.

Please review the following logfile and let me know if you are able to detect any of the Win32 cohort of viruses. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:43 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ho1.anfcorp.com/iNotes6W.cab
O18 - Filter hijack: text/html - {6ea51d40-a334-423c-ae28-defa2ec77083} - C:\WINDOWS\system32\mst122.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6419 bytes

Shaba
2008-12-15, 11:42
Sorry, I missed that one :oops:

I'd like you to check a file for malware.

Go to VirusTotal (http://www.virustotal.com) or Jotti's (http://virusscan.jotti.org/)


C:\WINDOWS\system32\mst122.dll

Copy/Paste the first file on the list into the white Upload a file box.
Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
After a while, a window will open, with details of what the scans found.
Save the complete results in a Notepad/Word document on your desktop.
Post back results here, please.

Infected_PC123
2008-12-16, 03:09
Looks like they found a virus or two (specifically AVG, eSafe, & F-Prot):

Antivirus Version Last Update Result
AhnLab-V3 2008.12.16.0 2008.12.16 -
AntiVir 7.9.0.45 2008.12.15 -
Authentium 5.1.0.4 2008.12.16 -
Avast 4.8.1281.0 2008.12.15 -
AVG 8.0.0.199 2008.12.15 Downloader.Small.FAM
BitDefender 7.2 2008.12.16 -
CAT-QuickHeal 10.00 2008.12.15 -
ClamAV 0.94.1 2008.12.15 -
Comodo 760 2008.12.15 -
DrWeb 4.44.0.09170 2008.12.15 -
eSafe 7.0.17.0 2008.12.15 Suspicious File
eTrust-Vet 31.6.6261 2008.12.15 -
Ewido 4.0 2008.12.15 -
F-Prot 4.4.4.56 2008.12.14 W32/Downloader.AR.gen!Eldorado
F-Secure 8.0.14332.0 2008.12.15 -
Fortinet 3.117.0.0 2008.12.16 -
GData 19 2008.12.16 -
Ikarus T3.1.1.45.0 2008.12.15 -
K7AntiVirus 7.10.554 2008.12.15 -
Kaspersky 7.0.0.125 2008.12.16 -
McAfee 5465 2008.12.15 -
McAfee+Artemis 5465 2008.12.15 -
Microsoft 1.4205 2008.12.15 -
NOD32 3694 2008.12.15 -
Norman 5.80.02 2008.12.15 -
Panda 9.0.0.4 2008.12.15 -
PCTools 4.4.2.0 2008.12.15 -
Prevx1 V2 2008.12.16 -
Rising 21.08.02.00 2008.12.15 -
SecureWeb-Gateway 6.7.6 2008.12.15 -
Sophos 4.36.0 2008.12.16 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.16 -
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.15 -
VBA32 3.12.8.10 2008.12.15 -
ViRobot 2008.12.15.1518 2008.12.15 -
VirusBuster 4.5.11.0 2008.12.15 -

Additional information
File size: 8216 bytes
MD5...: 442272ce43236a7310eba74057b68cf8
SHA1..: 98e2969b8c80c4d9db4c2e6b2d83ff17aef086ab
SHA256: 6ea4281e1d5170adc1284166b2584eef8f759f1ff5a798464285a0405eac9220
SHA512: c1d2e73a4d85225535d8cb28a1971757d96ea7f4359d4c3e37c80ce5c62b3d48
1e7b60400cd682d04623a87675641e897508afb792ecd21d257e13a86af90e94

ssdeep: 192:4NUp5Y+tIkpkABskL350N650iGWH9rH65G9yWm:lp5YQReAB0N650VSaKyWm

PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10009460
timedatestamp.....: 0x49399669 (Fri Dec 05 21:00:25 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x7000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x8000 0x2000 0x1800 7.52 594eda2f84ee8ef17be6498675c24d9e
.rsrc 0xa000 0x1000 0x400 3.16 8ce2002e7e1598ce3eb847da43509c05

( 3 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
> USER32.dll: wsprintfA
> WININET.dll: InternetOpenA

( 1 exports )
DllCanUnloadNow

packers (F-Prot): UPX
packers (Kaspersky): PE_Patch.UPX, UPX

Shaba
2008-12-16, 16:00
Yes it looks like so.

Download suspicious file packer from here (http://www.safer-networking.org/files/sfp.zip)

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

C:\WINDOWS\system32\mst122.dll

Go to spykiller (http://www.thespykiller.co.uk/index.php?PHPSESSID=d65884362fbc872b70e1a9a9a7e13700&board=1.0)

Press new topic, make threads title "Files for Shaba"
Include to your message a link to here, then attach the cab/zip file to your message and post the topic
If you cant locate it through the browse button just copy/paste the filename and path.

After that, reply here and we will continue :)

Infected_PC123
2008-12-19, 02:08
Yes it looks like so.

Download suspicious file packer from here (http://www.safer-networking.org/files/sfp.zip)

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

C:\WINDOWS\system32\mst122.dll

Go to spykiller (http://www.thespykiller.co.uk/index.php?PHPSESSID=d65884362fbc872b70e1a9a9a7e13700&board=1.0)

Press new topic, make threads title "Files for Shaba"
Include to your message a link to here, then attach the cab/zip file to your message and post the topic
If you cant locate it through the browse button just copy/paste the filename and path.

After that, reply here and we will continue :)

OK, I followed the instructions above. Let me know if you receive the files.

Thanks.

Shaba
2008-12-19, 11:44
Yes, I did get them, thank you :)

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Infected_PC123
2008-12-20, 19:58
Yes, I did get them, thank you :)

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

OK, Great. Glad to see it reached you. I ran the RSIT, but unfortunately only received a log file and not the txt file. There was only one window. It is as follows:



Logfile of random's system information tool 1.05 (written by random/random)
Run by Michael Schnetzer at 2008-12-20 12:56:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 64 GB (84%) free of 76 GB
Total RAM: 510 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:21 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michael Schnetzer\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Michael Schnetzer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ho1.anfcorp.com/iNotes6W.cab
O18 - Filter hijack: text/html - {6ea51d40-a334-423c-ae28-defa2ec77083} - C:\WINDOWS\system32\mst122.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6104 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\MP Scheduled Quick Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2005-11-08 1164800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}]
Browser Helper Object - C:\Program Files\Common\helper.dll [2008-12-10 286732]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2005-11-08 1164800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2008-11-05 64880]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-23 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\WinssRec.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55633087-ec6b-11db-99af-0014a514b666}]
shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c60435b6-87cc-11da-9930-0014a514b666}]
shell\AutoRun\command - E:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-12-20 12:51:50 ----D---- C:\rsit
2008-12-17 20:24:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-10 20:06:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 20:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-10 20:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 20:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 20:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 19:28:08 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2008-12-20 12:54:48 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-12-20 12:53:53 ----D---- C:\WINDOWS\Temp
2008-12-20 12:53:53 ----D---- C:\WINDOWS
2008-12-20 11:54:38 ----D---- C:\WINDOWS\system32
2008-12-20 11:54:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-20 11:49:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-19 00:48:13 ----D---- C:\WINDOWS\Prefetch
2008-12-17 21:14:05 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-12-17 20:25:05 ----HD---- C:\WINDOWS\inf
2008-12-17 20:25:00 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-17 20:24:31 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-15 17:55:09 ----D---- C:\Program Files\STC
2008-12-12 12:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 20:57:19 ----D---- C:\WINDOWS\Debug
2008-12-10 20:05:51 ----HD---- C:\Config.Msi
2008-12-10 20:05:30 ----A---- C:\WINDOWS\win.ini
2008-12-10 20:05:21 ----SHD---- C:\WINDOWS\Installer
2008-12-10 19:28:08 ----RD---- C:\Program Files
2008-12-10 18:44:33 ----D---- C:\Program Files\Common
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-02 22:19:43 ----D---- C:\Program Files\Common Files
2008-11-22 21:16:00 ----D---- C:\WINDOWS\system32\wbem

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 MSFWHLPR;MSFWHLPR; C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys [2007-11-27 116416]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-03-22 13059]
R2 MSFWDrv;MSFWDrv; C:\WINDOWS\system32\DRIVERS\msfwdrv.sys [2007-11-27 91328]
R2 pciinfo;HP Pci Information; \??\C:\DOCUME~1\PAULSC~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-23 1273344]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-01-19 424320]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-03-15 37760]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-03-15 346496]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-03-22 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-04-04 160768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-22 703232]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-23 380928]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-02-22 38912]
R2 msfwsvc;OneCare Firewall; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 755264]
R2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
R2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2008-11-05 1132912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-03-04 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Shaba
2008-12-20, 20:04
Please check if there is info.txt in c:\rsit folder.

Infected_PC123
2008-12-20, 20:45
Please check if there is info.txt in c:\rsit folder.

Found it:

info.txt logfile of random's system information tool 1.05 2008-12-20 12:52:04

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant AC-Link Audio-->CIAunwdm.exe
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C\HXFSETUP.EXE -U -Icpl30855.inf
Dr Watson for Microsoft Windows OneCare Live v0.8.0794.48-->MsiExec.exe /I{C544F99D-39EF-4E6D-95BE-4E41C1D8C4CB}
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Pavillion zv6000 User Guides-->C:\PROGRA~1\HPQ\UNWISE.EXE C:\PROGRA~1\HPQ\INSTALL.LOG
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Protection Service-->MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Live OneCare Resources v2.5.2900.20-->MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus-->MsiExec.exe /I{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install-->MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Windows OneCare Live v2.5.2900.20-->MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
PX Engine-->MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
Quick Launch Buttons 5.10 B3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
STC Series 66 Q&&A Final Exam V3.7.8-->C:\PROGRA~1\STC\ILQA_6~1\UNWISE.EXE C:\PROGRA~1\STC\ILQA_6~1\INSTALL.LOG
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1} /l1033
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
UserGuides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02E22217-0E96-4C3F-B831-83AA942B7715}\setup.exe" -l0x9
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live OneCare-->"C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Zone Deluxe Games-->MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}

======Security center information======

AV: Windows Live OneCare
FW: Windows Live OneCare Firewall

System event log

Computer Name: PAUL
Event Code: 7035
Message: The HTTP SSL service was successfully sent a start control.

Record Number: 111625
Source Name: Service Control Manager
Time Written: 20081115111619.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: PAUL
Event Code: 7035
Message: The HTTP service was successfully sent a start control.

Record Number: 111624
Source Name: Service Control Manager
Time Written: 20081115111619.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: PAUL
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.

Record Number: 111623
Source Name: Service Control Manager
Time Written: 20081115111605.000000-300
Event Type: information
User:

Computer Name: PAUL
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.

Record Number: 111622
Source Name: Service Control Manager
Time Written: 20081115111605.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: PAUL
Event Code: 4201
Message: The system detected that network adapter Broadcom 802.11b/g WLAN - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 111621
Source Name: Tcpip
Time Written: 20081115111601.000000-300
Event Type: information
User:

Application event log

Computer Name: PAUL
Event Code: 1001
Message: Fault bucket 489072716.

Record Number: 2711
Source Name: Application Error
Time Written: 20071009225247.000000-240
Event Type: error
User:

Computer Name: PAUL
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module urlmon.dll, version 6.0.2900.3157, fault address 0x0003a186.

Record Number: 2710
Source Name: Application Error
Time Written: 20071009225237.000000-240
Event Type: error
User:

Computer Name: PAUL
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtmled.dll, version 6.0.2900.3157, fault address 0x00030d30.

Record Number: 2709
Source Name: Application Error
Time Written: 20071008220041.000000-240
Event Type: error
User:

Computer Name: PAUL
Event Code: 1001
Message: Fault bucket 489145209.

Record Number: 2708
Source Name: Application Error
Time Written: 20071008215608.000000-240
Event Type: error
User:

Computer Name: PAUL
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtmled.dll, version 6.0.2900.3157, fault address 0x00030d30.

Record Number: 2707
Source Name: Application Error
Time Written: 20071008215602.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

Shaba
2008-12-20, 20:50
Please download the OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe).

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



:files
C:\WINDOWS\system32\mst122.dll

:commands
[EmptyTemp]
[reboot]


Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run rsit.

Post:

- otmoveit3 log
- rsit log (only log.txt will appear)

Infected_PC123
2008-12-20, 23:01
========== FILES ==========
File/Folder C:\WINDOWS\system32\mst122.dll not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\fla1D.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_784.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12202008_155046




Logfile of random's system information tool 1.05 (written by random/random)
Run by at 2008-12-20 16:00:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 64 GB (84%) free of 76 GB
Total RAM: 510 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:22 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michael Schnetzer\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Michael Schnetzer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ho1.anfcorp.com/iNotes6W.cab
O18 - Filter hijack: text/html - {6ea51d40-a334-423c-ae28-defa2ec77083} - C:\WINDOWS\system32\mst122.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6160 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\MP Scheduled Quick Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2005-11-08 1164800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}]
Browser Helper Object - C:\Program Files\Common\helper.dll [2008-12-10 286732]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2005-11-08 1164800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2008-11-05 64880]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-23 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\WinssRec.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55633087-ec6b-11db-99af-0014a514b666}]
shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c60435b6-87cc-11da-9930-0014a514b666}]
shell\AutoRun\command - E:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-12-20 15:49:05 ----D---- C:\_OTMoveIt
2008-12-20 12:51:50 ----D---- C:\rsit
2008-12-17 20:24:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-10 20:06:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 20:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-10 20:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 20:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 20:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 19:28:08 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2008-12-20 15:57:20 ----D---- C:\WINDOWS\system32
2008-12-20 15:57:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-20 15:55:26 ----D---- C:\WINDOWS\Temp
2008-12-20 15:53:57 ----D---- C:\WINDOWS
2008-12-20 15:53:11 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-20 15:51:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-20 13:54:49 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-12-20 13:05:55 ----D---- C:\WINDOWS\Prefetch
2008-12-17 20:25:05 ----HD---- C:\WINDOWS\inf
2008-12-17 20:25:00 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-17 20:24:31 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-15 17:55:09 ----D---- C:\Program Files\STC
2008-12-12 12:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 20:57:19 ----D---- C:\WINDOWS\Debug
2008-12-10 20:05:51 ----HD---- C:\Config.Msi
2008-12-10 20:05:30 ----A---- C:\WINDOWS\win.ini
2008-12-10 20:05:21 ----SHD---- C:\WINDOWS\Installer
2008-12-10 19:28:08 ----RD---- C:\Program Files
2008-12-10 18:44:33 ----D---- C:\Program Files\Common
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-02 22:19:43 ----D---- C:\Program Files\Common Files
2008-11-22 21:16:00 ----D---- C:\WINDOWS\system32\wbem

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 MSFWHLPR;MSFWHLPR; C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys [2007-11-27 116416]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-03-22 13059]
R2 MSFWDrv;MSFWDrv; C:\WINDOWS\system32\DRIVERS\msfwdrv.sys [2007-11-27 91328]
R2 pciinfo;HP Pci Information; \??\C:\DOCUME~1\PAULSC~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-23 1273344]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-01-19 424320]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-03-15 37760]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-03-15 346496]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-03-22 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-04-04 160768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-22 703232]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-23 380928]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-02-22 38912]
R2 msfwsvc;OneCare Firewall; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 755264]
R2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
R2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2008-11-05 1132912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-03-04 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Infected_PC123
2008-12-20, 23:33
By the way, I don't know what just happened in the last 15 minutes but my Firewall is going crazy blocking programs and my AV is asking me to delete all types of files.

I didn't have this problem before. Are one of the files you asked me to download infected with something? All systems are going haywire at this point and I'm getting pop-ups galore and being re-routed on webpages. Before I had mild suspicion I might have a virus, I am now positive.

Please advise if a complete system wipe is advisable. Something is really wrong and happened to coincide with me downloading OTMoveIt.

Win32/Matcash is one I've removed 3 times in the past 10 minutes.

Infected_PC123
2008-12-20, 23:34
Also, WIN32/Vundo.gen!C has been removed repeatedly in the past 5 minutes

Shaba
2008-12-21, 11:58
No, those downloads won't affect on that; there must be a downloader in your computer.

Please post a fresh RSIT log next.

Infected_PC123
2008-12-23, 07:49
Logfile of random's system information tool 1.05 (written by random/random)
Run by at 2008-12-23 00:46:39
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 64 GB (84%) free of 76 GB
Total RAM: 510 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:49 AM, on 12/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\prunnet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ho1.anfcorp.com/iNotes6W.cab
O18 - Filter hijack: text/html - {6ea51d40-a334-423c-ae28-defa2ec77083} - C:\WINDOWS\system32\mst122.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6268 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\MP Scheduled Quick Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2005-11-08 1164800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}]
Browser Helper Object - C:\Program Files\Common\helper.dll [2008-12-10 286732]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2005-11-08 1164800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2008-11-05 64880]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"prunnet"=C:\WINDOWS\system32\prunnet.exe [2008-12-20 70656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"prunnet"=C:\WINDOWS\system32\prunnet.exe [2008-12-20 70656]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-23 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\WinssRec.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55633087-ec6b-11db-99af-0014a514b666}]
shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c60435b6-87cc-11da-9930-0014a514b666}]
shell\AutoRun\command - E:\setupSNK.exe


======List of files/folders created in the last 3 months======

2008-12-20 16:33:37 ----A---- C:\WINDOWS\system32.exe
2008-12-20 16:33:37 ----A---- C:\WINDOWS\kernel32.exe
2008-12-20 16:18:20 ----A---- C:\WINDOWS\system32\prunnet.exe
2008-12-20 15:49:05 ----D---- C:\_OTMoveIt
2008-12-20 12:51:50 ----D---- C:\rsit
2008-12-17 20:24:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-10 20:06:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 20:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-10 20:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 20:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 20:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 19:28:08 ----D---- C:\Program Files\Trend Micro
2008-11-13 22:34:52 ----D---- C:\Program Files\CCleaner
2008-10-26 10:28:44 ----D---- C:\Program Files\SP36691
2008-10-26 10:21:49 ----D---- C:\Program Files\CONEXANT
2008-10-26 10:21:23 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2008-10-26 10:21:22 ----A---- C:\WINDOWS\system32\hsfci012.dll
2008-10-25 08:56:16 ----D---- C:\Documents and Settings\\Application Data\Windows Search
2008-10-25 08:52:35 ----D---- C:\Program Files\Windows Desktop Search
2008-10-25 08:52:34 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-10-23 21:43:16 ----D---- C:\Program Files\Common
2008-10-18 22:17:54 ----D---- C:\Documents and Settings\\Application Data\InterVideo
2008-10-18 22:08:21 ----D---- C:\Documents and Settings\\Application Data\muvee Technologies
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-29 22:03:12 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-09-29 22:03:10 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-09-29 22:02:01 ----D---- C:\Program Files\Windows Media Connect 2
2008-09-29 22:01:33 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-09-29 21:59:52 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-09-29 21:58:46 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$

======List of files/folders modified in the last 3 months======

2008-12-23 00:45:50 ----D---- C:\WINDOWS\Temp
2008-12-22 23:24:20 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-12-22 23:20:59 ----D---- C:\WINDOWS
2008-12-22 23:06:45 ----SHD---- C:\System Volume Information
2008-12-22 23:06:45 ----D---- C:\WINDOWS\system32\Restore
2008-12-20 19:10:03 ----D---- C:\WINDOWS\Prefetch
2008-12-20 16:34:03 ----D---- C:\WINDOWS\system32
2008-12-20 15:57:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-20 15:53:11 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-20 15:51:57 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-12-17 20:25:05 ----HD---- C:\WINDOWS\inf
2008-12-17 20:25:00 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-17 20:24:31 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-15 17:55:09 ----D---- C:\Program Files\STC
2008-12-12 12:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 20:57:19 ----D---- C:\WINDOWS\Debug
2008-12-10 20:05:51 ----HD---- C:\Config.Msi
2008-12-10 20:05:30 ----A---- C:\WINDOWS\win.ini
2008-12-10 20:05:21 ----SHD---- C:\WINDOWS\Installer
2008-12-10 19:28:08 ----RD---- C:\Program Files
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-02 22:19:43 ----D---- C:\Program Files\Common Files
2008-11-22 21:16:00 ----D---- C:\WINDOWS\system32\wbem
2008-11-13 17:35:01 ----D---- C:\WINDOWS\Help
2008-11-12 20:03:59 ----D---- C:\WINDOWS\system32\drivers
2008-11-12 20:00:49 ----D---- C:\WINDOWS\WinSxS
2008-11-08 10:52:46 ----AC---- C:\WINDOWS\muveeapp.INI
2008-10-26 10:29:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-26 10:27:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-26 10:27:02 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-26 10:25:51 ----D---- C:\Program Files\ATI Technologies
2008-10-26 10:25:09 ----D---- C:\SWSETUP
2008-10-25 09:03:21 ----D---- C:\WINDOWS\system32\en-us
2008-10-25 09:01:46 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 20:00:11 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-15 20:00:11 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-15 20:00:10 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-11 21:55:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-03 05:02:42 ----A---- C:\WINDOWS\system32\strmdll.dll
2008-10-02 19:02:11 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-29 22:02:00 ----D---- C:\Program Files\Windows Media Player
2008-09-29 21:58:55 ----D---- C:\WINDOWS\system32\LogFiles
2008-09-29 21:34:11 ----SD---- C:\Documents and Settings\\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 MSFWHLPR;MSFWHLPR; C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys [2007-11-27 116416]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-03-22 13059]
R2 MSFWDrv;MSFWDrv; C:\WINDOWS\system32\DRIVERS\msfwdrv.sys [2007-11-27 91328]
R2 pciinfo;HP Pci Information; \??\C:\DOCUME~1\PAULSC~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-23 1273344]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-01-19 424320]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-03-15 37760]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-03-15 346496]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-03-22 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-04-04 160768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-22 703232]
R4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-23 380928]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-02-22 38912]
R2 msfwsvc;OneCare Firewall; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 755264]
R2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
R2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2008-11-05 1132912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-03-04 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Shaba
2008-12-23, 12:20
We will begin with ComboFix.

Please download ComboFix from one of these locations:

Link 1 (http://subs.geekstogo.com/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Infected_PC123
2008-12-24, 03:17
ComboFix 08-12-23.01 - 2008-12-23 18:25:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.180 [GMT -5:00]
Running from: c:\documents and settings\\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\program files\Common\helper.dll
c:\program files\Common\helper.sig
c:\program files\stc
c:\program files\stc\iLQA_66_07\INSTALL.LOG
c:\program files\stc\iLQA_66_07\UNWISE.EXE
c:\program files\stc\iLQA_66_07\wwwroot\cbt.exe
c:\program files\stc\iLQA_66_07\wwwroot\com\inet\tds\SqlFunctions.class
c:\program files\stc\iLQA_66_07\wwwroot\com\inet\tds\TdsConnection.class
c:\program files\stc\iLQA_66_07\wwwroot\com\inet\tds\TdsDatabaseMetaData.class
c:\program files\stc\iLQA_66_07\wwwroot\com\inet\tds\TdsDriver.class
c:\program files\stc\iLQA_66_07\wwwroot\com\inet\tds\TdsResultSet.class
c:\program files\stc\iLQA_66_07\wwwroot\com\inet\tds\TdsResultSetMetaData.class
c:\program files\stc\iLQA_66_07\wwwroot\com\inet\tds\TdsStatement.class
c:\program files\stc\iLQA_66_07\wwwroot\com\inet\tds\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\category\exam1.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\category\exam10.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\category\exam11.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\category\exam2.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\category\exam3.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\category\exam4.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\category\exam5.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\category\exam6.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\category\exam7.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\category\exam8.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\category\exam9.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\category\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\exam1.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\exam2.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\exam3.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\exam4.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\exam5.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\exam6.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\exam7.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\open\exam1.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\open\exam2.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\open\exam3.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\open\exam4.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\open\exam5.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\open\exam6.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\open\exam7.htm
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\open\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\Courses\iLQA_66_07\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\Data.mdb
c:\program files\stc\iLQA_66_07\wwwroot\default.htm
c:\program files\stc\iLQA_66_07\wwwroot\images\650150A.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\650150B.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\6502104A.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\6502104B.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\6502104c.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\6502104d.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\6503112.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\650327.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\650372.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\650380A.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\650380B.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\650433.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\650495.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\650505a.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\650505b.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\650505c.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\650505d.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\650505e.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\650505f.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\650505g.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\650517.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\6P0221.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\6P0616.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buildings1.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buildings2.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buildings3.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buttonDownloadOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buttonDownloadON.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buttonForgetPassword.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buttonLoginAssistance.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buttonLoginSubmit.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buttonLoginSubmit2.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buttonNewUserHere.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buttonnext.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buttonPassword.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buttonprevious.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buttonQuizCenterOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buttonQuizCenterON.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buttonStcHomeOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\buttonStcHomeON.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\clickToContinue.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\clickToContinue2.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\clickToLogin.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\forgotpasswd.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\headerBottom.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\headerLogo.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\headerPrintArea.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\headerQuizCenter.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\headerSpacer.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\headerTop.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\imageChess.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\imageCity1.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\imageCity2.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\leftbottom.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\Lefttop.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\loginBox1.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\loginBox2.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\loginBox3.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\loginBox4.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\NASD-Button_01.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\NASD-Button_04.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\NASD-Button_05.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\NASD-passwd.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\NASD-Step-1-Button_01.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\NASD-Step-2-Button_01.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\NASD-Step-3-Button_01.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\NASD-Step-3-Button_02.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\NASD-username.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\NASD Sidebar.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\NASD Title AML course.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\needMicrosoft.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\needNetscape.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\needUpgrade.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\answerA.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\answerB.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\answerC.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\answerD.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\BottomBarLine.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\BottomLeftCurve.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\BottomRightCurve.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonGradeQuiz.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonNoPause.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonPause.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonPopUp.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonPressToContinue.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonRetakeExam.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\buttonRetakeQuiz.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonReturntoExam.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonReviewAll.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonReviewAllQuestions.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonReviewHistory.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonReviewIncorrect.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonReviewNoIncorrect.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonReviewOnlyIncorrect.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonReviewQuestionsMarked.GIF
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonReviewSelected.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ButtonReviewSelectedOld.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\Choose1.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\ChooseOne.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\Copy of BottomBarLine.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\Copy of ButtonPause.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\FirstNO.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\FirstOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\FirstON.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\Go.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\Header.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\Header2.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\HeaderBookmark.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\HeaderContents.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\HeaderContents2.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\HeaderExit.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\HeaderExit2.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\HeaderNew.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\HeaderNew2.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\HeaderPlain.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\Jumpto.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\LastNO.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\LastOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\LastON.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\LayoutExamFinished.JPG
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\LayoutExamPaused.JPG
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\NextNO.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\NextOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\NextON.GIF
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\PopUpCancel.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\PopUpSubmit1.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\PopUpSubmit2.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\PreviousNO.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\PreviousOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\PreviousON.GIF
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\Ref.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\SidePanelAOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\SidePanelAON.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\SidePanelAYES.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\SidePanelBOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\SidePanelBON.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\SidePanelBYES.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\SidePanelCOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\SidePanelCON.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\SidePanelCYES.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\SidePanelDOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\SidePanelDON.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\SidePanelDYES.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\spacer.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\TopCurveBottomLine.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\TopLeftCurve.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\TopRightCurve.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\quiz\images\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\images\redflag.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\Right.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\sortasc.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\sortdesc.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\under.gif
c:\program files\stc\iLQA_66_07\wwwroot\images\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\JavaQuiz.class
c:\program files\stc\iLQA_66_07\wwwroot\JavaQuizAnswer.class
c:\program files\stc\iLQA_66_07\wwwroot\JavaQuizInterface.class
c:\program files\stc\iLQA_66_07\wwwroot\JavaQuizQuestion.class
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\ActPanel.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\agent.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\awt.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\beans.ocx
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\classic\jvm.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\classic\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\classic\Xusage.txt
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\cmm.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\dcpr.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\fontmanager.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\hpi.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\hprof.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\ioser12.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\java.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\java.exe
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\javaw.exe
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\jawt.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\jcov.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\JdbcOdbc.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\jpeg.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\jsound.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\keytool.exe
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\msvcrt.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\net.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\npjava11.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\npjava12.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\npjava32.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\packager.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\plugincpl.cpl
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\policytool.exe
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\rmid.exe
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\rmiregistry.exe
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\tnameserv.exe
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\verify.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\jre\bin\zip.dll
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\content-types.properties
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\flavormap.properties
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\font.properties
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\font.properties.ar
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\font.properties.iw
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\font.properties.ja
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\font.properties.ko
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\font.properties.ru
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\font.properties.th
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\font.properties.zh
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\font.properties.zh.NT4.0
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\font.properties.zh_TW
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\i18n.jar
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\jaws.jar
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\jawt.lib
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\jvm.cfg
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\jvm.hprof.txt
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\jvm.jcov.txt
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\rt.jar
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\security\cacerts
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\security\java.policy
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\security\java.security
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\security\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\sunrsasign.jar
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\tzmappings
c:\program files\stc\iLQA_66_07\wwwroot\jre\lib\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\jre\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\jre\Welcome.html
c:\program files\stc\iLQA_66_07\wwwroot\kobixx\cgi\TemplateHook.class
c:\program files\stc\iLQA_66_07\wwwroot\kobixx\cgi\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\KoTemplateBuilder.class
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\Adobe.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\blank.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buildings1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buildings2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buildings3.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonAddcourseOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonAddCourseON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonArrowBlank.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonArrowOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonArrowON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonBack.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonBackOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonBackON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonBacktostcOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonBackToStcON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonBookmarkOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonBookmarkON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonBoxBack.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonBoxSubmit2OFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonBoxSubmitOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonBoxSubmitON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonBugOff.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonBugON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonCalendarOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonCalendarON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonCancelOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonCancelON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonContentsOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonContentsON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonContinue.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonContinueSmall.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonCourseBackOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonCourseBackON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonDownloadOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonDownloadON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonEnrollOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonEnrollON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonForgetPassword.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonForgotPassword.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonGetResults89.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonGetResultsOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonGetResultsON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonGlossaryOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonGlossaryON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonHelpOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonHelpON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonHistoryOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonHistoryON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonHomeroomOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonHomeroomON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonInfoOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonInfoON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonLessonBackOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonLessonBackON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonLessonNextOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonLessonNextON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonLogin.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonLoginAgain.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonLoginAssistance.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonLoginBackOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonLoginBackON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonLoginGoOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonLoginGoON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonNewUser.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonNewUserHere.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonnext.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonOkOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonOkON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonPassword.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonprevious.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonQSubmitOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonQSubmitON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonQuizCenterOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonQuizCenterON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\ButtonReset.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonResetOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonResetON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonReviewOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonReviewON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonSearchOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonSearchON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonStartOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonStartON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonStc2HomeOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonStc2HomeON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonStudentProfile.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonSubmit.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonSubmit89.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonSubmitOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonSubmitON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonSubmitProfile.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonTophelpOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonTophelpON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonTryAgain.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonUploadOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\buttonUploadON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\ButtonViewCalendar.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\CalendarHeading.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\check.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\checkBoxOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\checkBoxON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\checkMark.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\checkMarkOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\checkMarkON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\ChooseStartDate.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\city3.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\clear.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\clickToContinue.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\flat.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\grade.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\header2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerAdmin.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerAdmin2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerAssistance.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerBoxHelp.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\HeaderCalendar.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerCompliance.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerConfirmation.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerCourseEnrollment.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerCourseinfo.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerCourseinfo2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerDemoroom.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerForgetPassword.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerHelp.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerHistory.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerHomeroom.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerIncorrectName.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerLogin-old.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerLogin.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerLogo.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerNavigation.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerOrientation.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerPrintArea.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerQuestion.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerQuizCenter.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerReview-o.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerReview.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerSidebar.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerSidebar1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerSidebar2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerSpacer.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerSpacer2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerStatusReports.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerStatusReports.jpg
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerStep1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerStep2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerStudentProfile.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerSurvey.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerThisIsDemoRoom.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerThisIsHomeRoom.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\headerWelcome.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\helpBack.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\helpNext.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\helpQuestion.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\helpSidebar.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\homeroomArrow.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\imageChess.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\imageCity1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\imageCity2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\imageClockChess.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\labelResults.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\LeftArrow.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\loginBox1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\loginBox2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\loginBox3.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\loginBox4.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\mark.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\minus.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\next.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\next_year.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\nheaderConfirmation.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\nheaderOrientation.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\nheaderWelcome.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\plus.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\popCity.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\popCloseOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\popCloseON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\popGetResults.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\popGlossary.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\popHelp.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\popQuestion.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\popSidebar.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\popSubmitOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\popSubmitON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\prev_year.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\previous.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\question.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\questionOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\questionON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\reviewOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\reviewON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\RightArrow.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\rptArrowOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\rptArrowOn.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\sampleform.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\sidebar-90.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\sidebar.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\sidebarOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\sidebarON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\sortasc.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\sortdesc.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\spacer.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\startQuiz.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\Stccorp.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tabCurrentCourses.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tabFutureCourses.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tabPastCourses.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\accountHeader.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\Bar.jpg
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\bgPopup.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\blank.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\buttonActivate.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\buttonBack.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\ButtonBackNew.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\buttonClose.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\buttonDeactivate.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\buttonDefault.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\buttonDelete.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\buttonEdit.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\ButtonExport.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\ButtonExportAscii.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\buttonPassword.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\ButtonPrint.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\buttonRunReport.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\buttonSaveReport.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\buttonSubmit.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\buttonView.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\buttonViewCourses.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\centralHeader.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\centralHomeHeader.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\centralItem1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\centralItem2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\centralItem3.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\centralItem4.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\ChartbarRC.jpg
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\classClear.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\classDate.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\classHeader1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\classHeader2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\classSelect.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\classSubmit.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\courseDetailKey.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\courseHeader1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\courseHeader2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\editHeader1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\editHeader2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\editHeader3.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\editHeader4.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\editHeader5.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\editHeader6.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\editHeader7.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\greenArrow.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\headerActivate.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\headerChangeDueDate.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\headerDeactivate.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\headerDeleteRpt.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\headerSaveReport.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\icon1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\icon2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\icon3.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\icon4.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\iconC.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\iconE.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\iconI.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\infoHeader1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\infoItem1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\infoItem2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\infoItem3.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\nreportCourseHeader.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\popupClear.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\popupHeader.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\popupSubmit.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\print.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\profileHeader.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\reportArrow.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\reportBuild.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\reportClose.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\reportCourseHeader.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\reportHeader.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\reportHeader2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\reportHeader3.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\reportItem1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\reportItem2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\reportItem3.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\reportResultsHeader.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\reportStudentHeader.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\stdrptHeader1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\stdrptHeader2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\stdrptHeader3.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\stdrptHeader4.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\studentHeader1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\studentHeader2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\studentSearch.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tabCourseEnrollment.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tabUnits.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpAccount.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpAccountON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpArrow.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpBar.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpBlock.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpCornerLeft.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpCornerRight.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpGrand.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpGrandON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpHeader.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpHelp.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpHome.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpHomeON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpImage1.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpImage2.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpImage3.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpImage4.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpImage5.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpInfo.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpInfoON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpLogo.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpProfile.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpProfileON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpReport.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpReportON.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpStation.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpSTCHome.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpSTCIcons.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpSTCInteractive.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\tmpTFEN.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tc\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\Tips.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\tools.png
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\topbar.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\X1navY.gif
c:\program files\stc\iLQA_66_07\wwwroot\kotrain\images\stc2\yourcomments.gif
c:\program files\stc\iLQA_66_07\wwwroot\MessageHandler.class
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\adobe.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonBack.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonBookmarkOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonBookmarkON.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonContentsOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonContentsON.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonContinue.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonForgotPassword.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonHelpOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonHelpON.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonHistoryOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonHistoryON.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonHomeroomOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonHomeroomON.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonLessonBackOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonLessonBackON.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonLessonNextOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonLessonNextON.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonLogin.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonLoginAgain.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonNewUser.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonStartOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonStartON.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonStudentProfile.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonSubmit.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonSubmitProfile.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonTopHelpOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonTopHelpON.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\buttonTryAgain.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\checkBoxOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\checkBoxON.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\checkMarkOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\checkMarkON.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\header.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\headerCourseinfo2.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\headerForgetPassword.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\headerHomeroom.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\headerIncorrectName.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\headerLogin.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\headerNavigation.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\headerReview.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\headerSpacer2.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\headerStep1.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\headerStep2.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\headerThisIsHomeroom.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\homeroomArrow.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\NASD-Button_01.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\NASD-Button_04.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\NASD-Button_05.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\NASD-passwd.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\NASD-Step-1-Button_01.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\NASD-Step-2-Button_01.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\NASD-Step-3-Button_01.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\NASD-Step-3-Button_02.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\NASD-Title-AML-course.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\NASD-username.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\nasd_logo.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\nheaderConfirmation.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\nheaderOrientation.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\NheaderWelcome.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\question.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\questionoff.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\questionON.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\reviewOFF.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\reviewON.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\tabCurrentCourses.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\tabPastCourses.gif
c:\program files\stc\iLQA_66_07\wwwroot\Nasd\images\vssver.scc

Infected_PC123
2008-12-24, 03:18
*******************CONTINUED**********************


c:\program files\stc\iLQA_66_07\wwwroot\savant\STCAccountHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCActivateHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCActivateSaveHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCAddAdminHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCAddStudentHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCAgreementHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCAMContentsHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCAMCourseHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCAnswerHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCBeforeQuizStartHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCBookmarkHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCBugreportHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCCalendarHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCCalendarViewHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCCategoryHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCCEQuestionObject.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCClassesHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCClassinfoHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCClasslistHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCCompleteHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCConfirmHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCCourselistHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCCoursesHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCDateHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCDateSaveHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCDebug.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCDeleteRptHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCDemoConfirmHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCDownloadHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCEditHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCEnrollCatHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCEnrollSaveHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCExamModeHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCExamModuleHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\stcException.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCGlossaryHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCGradeHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCHistoryHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCHomeroomHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCIdentityHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCIEOrientHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCInsuranceOptionsHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCLEQuizObject.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCModuleHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCNavHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCNavMenuHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCNewProfileHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCNewUserHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCOptionsHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCOrientHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCPasswordHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCPrivacyHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCProfileGetHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCProfileSetHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCPurgeHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCQuestionHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCQuestionObject.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCQuizCenterHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCReadProfileHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCReminderChkHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCReminderGetHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCReportContainer.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCReportlistHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCReviewHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCRunCEQuizHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCRunCourseHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCRunExamHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCRunexReportHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCRunQuizHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCRunReportHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCRunStudentHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCRunSurveyReportHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCSaveOptionsHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCSaveReportHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCSeriesExamHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCSeriesHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCSeriesQuizHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCSeriesTOCHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCStatReportDetailHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCStudentBoxHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCStudentInfoHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCStudentlistHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCSummaryHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCSurveyHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCSurveyReportDetailHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCSurveyReportOptionHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCTopMenuHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCTrackingHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCUpdateProfileHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCUpdateQuizHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCUploadHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\STCUtil.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\toolBugReportUpdateHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\toolGlossaryContentHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\toolGlossaryLoadHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\toolUpdateCELessonHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\toolUpdateCEQuizHook.class
c:\program files\stc\iLQA_66_07\wwwroot\savant\toolUpdateLEAnswerKeyHook.class
c:\program files\stc\iLQA_66_07\wwwroot\scripts\loadimg.js
c:\program files\stc\iLQA_66_07\wwwroot\scripts\logincommon.js
c:\program files\stc\iLQA_66_07\wwwroot\scripts\main.js
c:\program files\stc\iLQA_66_07\wwwroot\scripts\menu631.js
c:\program files\stc\iLQA_66_07\wwwroot\scripts\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\Shelexec.exe
c:\program files\stc\iLQA_66_07\wwwroot\stcException.class
c:\program files\stc\iLQA_66_07\wwwroot\stctrain.class
c:\program files\stc\iLQA_66_07\wwwroot\TemplateBuilder.class
c:\program files\stc\iLQA_66_07\wwwroot\templates\Addstudent.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Agreement.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\AgreementEnd.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\BugReport.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\CEQuizDetail.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\ConfirmLogin.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\CourseEnd.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Demo.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Digest.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\DigestHelp.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\DigestHistory.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\DigestPopHelp.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\disclaimer.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Download.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\EndSurvey.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\EndSurveyProcess.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\EnrollBox.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\EnrollCatBox.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\EnrollSaveBox.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\evaluation.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Exam.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\ExamCalendar.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\ExamCalendarView.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\ExamHelp.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\ExamHistory.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\ExamPopHelp.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\GetResults.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\GetResultsConfirm.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\GetResultsError.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Glossary.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\greenLightInstruction.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\HomeRoom.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\IEOrientation.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\javaquiz.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Lesson.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\LessonExam.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\LessonExamTop.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\lessonNASD.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\LessonSeries.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\LessonSeriesExam.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\LessonSeriesIntro.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Login.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\LoginHelp.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\menu.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Module.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\ModuleHelp.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\ModuleHistory.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\ModulePopHelp.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\NewUser.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\OnLineTools.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Orientation.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\pause.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Privacy.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Profile.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\ProfileConfirm.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\PurgeCourse.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\QuestionBox.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\QuestionConfirm.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\QuizCenter.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Reminder.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\ReminderAnswer.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\ReminderPhrase.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\ReviewAnswers.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Series.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\SeriesHistory.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\SeriesPopHelp.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\STCExamMode.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\StudentProfile.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\StudentProfileConfirm.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Survey.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCAccount.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCActivateBox.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCActivateBoxSave.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCAdminProfile.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCBox.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCBoxCategories.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCBoxSave.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCBoxStudents.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCCategory.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCClass.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCClasses.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCClassinfo.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCCourse.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCCourses.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCCustom.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCDateBox.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCDateBoxSave.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCDeleteBox.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCDeleteBoxSave.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCDetail1.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCDetail2.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCDetail3.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCDetailExam1.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCDetailExam2.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCInfo.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCInsuranceOptions.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCMain.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCOptions.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCProfile.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCReport.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCReportInsuranceOptions.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCReportOptions.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCReportSurveyOptions.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCRun.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCRunex.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCRunexParas.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCSaveRptBox.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCSaveRptSubmit.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCSearch.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCSearchResults.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCStandard.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCStatisticResult.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCStatisticRun.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCStudent.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCSurveyResult.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\TCSurveyRun.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\toolBugReportUpdate.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\toolGlossary.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\toolGlossaryContent.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\toolGlossaryLoad.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\toolUpdateCEAnswerKey.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\toolUpdateCEQuiz.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\toolUpdateLEAnswerKey.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\toolUpdateLessonContent.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\updatequiz.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\Upload.htm
c:\program files\stc\iLQA_66_07\wwwroot\templates\vssver.scc
c:\program files\stc\iLQA_66_07\wwwroot\UserGuide.htm
c:\program files\stc\iLQA_66_07\wwwroot\vssver.scc
c:\windows\kernel32.exe
c:\windows\system32.exe
c:\windows\system32\prunnet.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-20 15:49 . 2008-12-20 15:49 <DIR> d-------- C:\_OTMoveIt
2008-12-20 12:51 . 2008-12-20 12:52 <DIR> d-------- C:\rsit
2008-12-10 19:28 . 2008-12-10 19:28 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 23:25 --------- d-----w c:\program files\Common
2008-12-23 23:14 --------- d-----w c:\program files\Microsoft Windows OneCare Live
2008-12-12 17:01 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll
2008-11-14 03:34 --------- d-----w c:\program files\CCleaner
2008-10-26 15:28 --------- d-----w c:\program files\SP36691
2008-10-26 15:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-26 15:25 --------- d-----w c:\program files\ATI Technologies
2008-10-26 15:21 --------- d-----w c:\program files\CONEXANT
2008-10-25 14:03 --------- d-----w c:\program files\Windows Desktop Search
2008-10-25 13:56 --------- d-----w c:\documents and settings\\Application Data\Windows Search
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-16 01:00 666,112 ------w c:\windows\system32\dllcache\wininet.dll
2008-10-16 01:00 619,520 ------w c:\windows\system32\dllcache\urlmon.dll
2008-10-16 01:00 1,499,136 ------w c:\windows\system32\dllcache\shdocvw.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-11-05 64880]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"33184:TCP"= 33184:TCP:PORT_33184
"16610:TCP"= 16610:TCP:PORT_16610
"56230:TCP"= 56230:TCP:PORT_56230
"56465:TCP"= 56465:TCP:PORT_56465

R2 OcHealthMon;Windows Live OneCare Health Monitor;"c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe" [2008-11-05 25968]
R2 pciinfo;HP Pci Information;\??\c:\docume~1\PAULSC~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys []
R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2008-10-26 200192]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\WinssRec.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55633087-ec6b-11db-99af-0014a514b666}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c60435b6-87cc-11da-9930-0014a514b666}]
\Shell\AutoRun\command - E:\setupSNK.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2006-03-16 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 13:04]

2007-06-14 c:\windows\Tasks\MP Scheduled Quick Scan.job
- c:\program files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe [2008-07-09 16:05]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-prunnet - c:\windows\system32\prunnet.exe
HKLM-Run-prunnet - c:\windows\system32\prunnet.exe


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-23 18:36:51
ComboFix-quarantined-files.txt 2008-12-23 23:36:49

Pre-Run: 67,220,701,184 bytes free
Post-Run: 67,417,157,632 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

1053 --- E O F --- 2008-12-18 01:25:06

Infected_PC123
2008-12-24, 03:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:25 PM, on 12/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ho1.anfcorp.com/iNotes6W.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 5844 bytes

Shaba
2008-12-24, 11:50
Yes ComboFix found a bunch of baddies.

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

Shaba
2008-12-28, 12:22
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.