help with log please

not2brightblonde · Oct 29, 2008

Hi, Have a few things I cant get rid of with Spybot-
ezula, funweb products, huntbar, mymyweb search,coolwwwsearch, etc.
Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:11 AM, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {41987358-FF78-2F11-FF4A-259601DF8EA1} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} - http://www.ultimateplugin.com/tl7000.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://www104.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05A1C1AC-BD54-4631-A16F-0D38205A5D3A}: NameServer = 205.152.37.23 205.152.132.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{05A1C1AC-BD54-4631-A16F-0D38205A5D3A}: NameServer = 205.152.37.23 205.152.132.23
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Workstation NetLogon Service (%AFå¤¶À¨) - Unknown owner - C:\WINDOWS\system32\atllz32.exe (file missing)

--
End of file - 7036 bytes

ken545 · Oct 29, 2008

Hello not2brightblonde

Welcome to Safer Networking.

Please read Before You Post
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your personal data before starting any clean up procedure.

You do have some nasty stuff on this system. If there is any part of the instructions you do not understand, do not proceed, post back and let me know.

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it to your desktop, make sure the file type is All Files and name it FixServices.bat

Code:

@echo off
sc stop "Workstation NetLogon Service"
sc delete "Workstation NetLogon Service"
exit

Double click FixServices.bat. A window will open and close. This is normal.

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

O2 - BHO: (no name) - {41987358-FF78-2F11-FF4A-259601DF8EA1} - (no file)

O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} - http://www.ultimateplugin.com/tl7000.dll
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://www104.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/p...im/install.cab

O23 - Service: Workstation NetLogon Service (%AFå¤¶À¨) - Unknown owner - C:\WINDOWS\system32\atllz32.exe (file missing)

Please download ATF Cleaner by Atribune to your desktop.

This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply along with a New Hijackthis log.

not2brightblonde · Oct 29, 2008

When I tried to open Hijack this-a small box comes up and says "Hijack this is already running"
I have no idea why it says that or what to do.

ken545 · Oct 29, 2008

Close it out, reboot your computer and try it again

Ken

not2brightblonde · Oct 29, 2008

Okay, here is the logs-and just wanted to mention,MBAM never did ask me to restart, so I didnt,maybe I should? Thanks

Malwarebytes' Anti-Malware 1.30
Database version: 1337
Windows 5.1.2600 Service Pack 2

10/29/2008 1:32:59 PM
mbam-log-2008-10-29 (13-32-59).txt

Scan type: Quick Scan
Objects scanned: 48600
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{aaf6bd55-8ae9-15d5-7597-d5feccfdf542} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinTools (Trojan.WinTools) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinTools (Trojan.WinTools) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinTools\Update (Trojan.WinTools) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\SrchAstt\Cache\23AE52A8 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\Cache\23AE6A85 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:54 PM, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [2131743181] D:\UReg\Pentax_Win_GM_10042005.exe /r "D:\UReg\Pentax_Win_GM_10042005.rpd"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05A1C1AC-BD54-4631-A16F-0D38205A5D3A}: NameServer = 205.152.37.23 205.152.132.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{05A1C1AC-BD54-4631-A16F-0D38205A5D3A}: NameServer = 205.152.37.23 205.152.132.23
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Workstation NetLogon Service (%AFå¤¶À¨) - Unknown owner - C:\WINDOWS\system32\atllz32.exe (file missing)

--
End of file - 6303 bytes

ken545 · Oct 29, 2008

Hi,

Workstation NetLogon Service <-- Did you run the Script I wrote for this???

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

not2brightblonde · Oct 29, 2008

Hi,

{Workstation NetLogon Service <-- Did you run the Script I wrote for this???}

Yes I copied all that was in the blue box in your post-
@echo off
sc stop "Workstation NetLogon Service"
sc delete "Workstation NetLogon Service"
exit
I put that on my desktop and clicked on it and like you said a window opened and closed. Was I supposed to do something else with it?
I'll ask this before I do the combofix. Thanks

ken545 · Oct 29, 2008

It didn't take, we can worry about that in a bit, go ahead and run Combofix

not2brightblonde · Oct 29, 2008

Just got in, and now that i thought about it, I know I did it the first time but then the HIjackthis didnt work and that all freaked me out so I may have forgotten the 2nd time after I restarted my computer.
So sorry about that!
I will just go ahead and do the combofix now.

ken545 · Oct 29, 2008

not2brightblonde <<-- Wrong name, your doing fine

not2brightblonde · Oct 29, 2008

Ha! we're not done yet

okay here is the log from combofix-
(and just a side note, this computer hadn't been connected to the internet for almost 4 yrs.)
dont know if that is something you made need to know or not. Thank you!

ComboFix 08-10-29.07 - Kristin Faith 2008-10-29 17:13:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.312 [GMT -5:00]
Running from: C:\Documents and Settings\Kristin Faith\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\agqtq.dat
C:\WINDOWS\akwel.dat
C:\WINDOWS\auuyc.dat
C:\WINDOWS\baxmo.dat
C:\WINDOWS\beqpm.dat
C:\WINDOWS\bidss.dat
C:\WINDOWS\bpgbt.dat
C:\WINDOWS\bwoqv.dat
C:\WINDOWS\cidlb.dat
C:\WINDOWS\cnyyt.dat
C:\WINDOWS\csiun.dat
C:\WINDOWS\dodhd.dat
C:\WINDOWS\dypnp.dat
C:\WINDOWS\eldpn.dat
C:\WINDOWS\fqobi.dat
C:\WINDOWS\fwogt.dat
C:\WINDOWS\fxlil.dat
C:\WINDOWS\gmhoh.dat
C:\WINDOWS\gspym.dat
C:\WINDOWS\guwsl.dat
C:\WINDOWS\gvijz.dat
C:\WINDOWS\hcpjx.dat
C:\WINDOWS\hjmjz.dat
C:\WINDOWS\hrera.dat
C:\WINDOWS\hsszd.dat
C:\WINDOWS\iasyj.dat
C:\WINDOWS\ickwu.dat
C:\WINDOWS\ivizs.dat
C:\WINDOWS\iwlkx.dat
C:\WINDOWS\jcdwq.dat
C:\WINDOWS\jiiml.dat
C:\WINDOWS\jsgsq.dat
C:\WINDOWS\kevjo.dat
C:\WINDOWS\kheqg.dat
C:\WINDOWS\ksjys.dat
C:\WINDOWS\ksltq.dat
C:\WINDOWS\kwuww.dat
C:\WINDOWS\kxnld.dat
C:\WINDOWS\kxubb.dat
C:\WINDOWS\kyznd.dat
C:\WINDOWS\lagcy.dat
C:\WINDOWS\lhpfo.dat
C:\WINDOWS\llmqo.dat
C:\WINDOWS\lpvff.dat
C:\WINDOWS\mcpjq.dat
C:\WINDOWS\mnzrf.dat
C:\WINDOWS\mxquc.dat
C:\WINDOWS\nbkpb.dat
C:\WINDOWS\njezk.dat
C:\WINDOWS\nxhce.dat
C:\WINDOWS\obxoe.dat
C:\WINDOWS\omypt.dat
C:\WINDOWS\otmau.dat
C:\WINDOWS\owojc.dat
C:\WINDOWS\pgoso.dat
C:\WINDOWS\pjflz.dat
C:\WINDOWS\pkpwe.dat
C:\WINDOWS\qofmf.dat
C:\WINDOWS\qxwmu.dat
C:\WINDOWS\railg.dat
C:\WINDOWS\raoim.dat
C:\WINDOWS\rhnfn.dat
C:\WINDOWS\rqmcr.dat
C:\WINDOWS\rstgp.dat
C:\WINDOWS\ryvpr.dat
C:\WINDOWS\salvy.dat
C:\WINDOWS\snlmc.dat
C:\WINDOWS\sourm.dat
C:\WINDOWS\svkby.dat
C:\WINDOWS\sxecc.dat
C:\WINDOWS\system32\bbrwp.dat
C:\WINDOWS\system32\bdqqd.dat
C:\WINDOWS\system32\bfyud.dat
C:\WINDOWS\system32\bpnxj.dat
C:\WINDOWS\system32\bqmvh.dat
C:\WINDOWS\system32\btrvj.dat
C:\WINDOWS\system32\bxikz.dat
C:\WINDOWS\system32\cdrmt.dat
C:\WINDOWS\system32\clqip.dat
C:\WINDOWS\system32\cywlz.dat
C:\WINDOWS\system32\dmcii.dat
C:\WINDOWS\system32\dsvis.dat
C:\WINDOWS\system32\dxtrv.dat
C:\WINDOWS\system32\ewvol.dat
C:\WINDOWS\system32\fnaed.dat
C:\WINDOWS\system32\fqdtw.dat
C:\WINDOWS\system32\fvhuy.dat
C:\WINDOWS\system32\gfpzp.dat
C:\WINDOWS\system32\gmrtl.dat
C:\WINDOWS\system32\gxefa.dat
C:\WINDOWS\system32\hevzy.dat
C:\WINDOWS\system32\hfned.dat
C:\WINDOWS\system32\hjvfj.dat
C:\WINDOWS\system32\hyiaf.dat
C:\WINDOWS\system32\idkzu.dat
C:\WINDOWS\system32\iemui.dat
C:\WINDOWS\system32\ikdrq.dat
C:\WINDOWS\system32\ilnqr.dat
C:\WINDOWS\system32\inkon.dat
C:\WINDOWS\system32\irnhs.dat
C:\WINDOWS\system32\iwzzp.dat
C:\WINDOWS\system32\jagpd.dat
C:\WINDOWS\system32\jgrad.dat
C:\WINDOWS\system32\kaxhl.dat
C:\WINDOWS\system32\kejcq.dat
C:\WINDOWS\system32\kmdzw.dat
C:\WINDOWS\system32\kmjum.dat
C:\WINDOWS\system32\ksoyg.dat
C:\WINDOWS\system32\kvrkn.dat
C:\WINDOWS\system32\kzipr.dat
C:\WINDOWS\system32\lawqe.dat
C:\WINDOWS\system32\llcjk.dat
C:\WINDOWS\system32\mejpk.dat
C:\WINDOWS\system32\mgflx.dat
C:\WINDOWS\system32\msst.exe
C:\WINDOWS\system32\mysmp.dat
C:\WINDOWS\system32\mzmsf.dat
C:\WINDOWS\system32\ndoho.dat
C:\WINDOWS\system32\njtxk.dat
C:\WINDOWS\system32\nmozx.dat
C:\WINDOWS\system32\nraag.dat
C:\WINDOWS\system32\oedxd.dat
C:\WINDOWS\system32\ojciy.dat
C:\WINDOWS\system32\oohvx.dat
C:\WINDOWS\system32\opsuu.dat
C:\WINDOWS\system32\prged.dat
C:\WINDOWS\system32\qgvyz.dat
C:\WINDOWS\system32\qhxgl.dat
C:\WINDOWS\system32\qicne.dat
C:\WINDOWS\system32\rccji.dat
C:\WINDOWS\system32\retco.dat
C:\WINDOWS\system32\rmctv.dat
C:\WINDOWS\system32\rnzci.dat
C:\WINDOWS\system32\rtnzi.dat
C:\WINDOWS\system32\rwgjc.dat
C:\WINDOWS\system32\sbzlg.dat
C:\WINDOWS\system32\scnut.dat
C:\WINDOWS\system32\sctmn.dat
C:\WINDOWS\system32\sczir.dat
C:\WINDOWS\system32\sicca.dat
C:\WINDOWS\system32\snewr.dat
C:\WINDOWS\system32\srcan.dat
C:\WINDOWS\system32\sxiai.dat
C:\WINDOWS\system32\tfdrs.dat
C:\WINDOWS\system32\tftal.dat
C:\WINDOWS\system32\tgkpi.dat
C:\WINDOWS\system32\tidni.dat
C:\WINDOWS\system32\tiugy.dat
C:\WINDOWS\system32\tpkps.dat
C:\WINDOWS\system32\tqxgf.dat
C:\WINDOWS\system32\trfan.dat
C:\WINDOWS\system32\upuna.dat
C:\WINDOWS\system32\uxkzj.dat
C:\WINDOWS\system32\vecwl.dat
C:\WINDOWS\system32\vyjak.dat
C:\WINDOWS\system32\vymmo.dat
C:\WINDOWS\system32\vzsau.dat
C:\WINDOWS\system32\wdlps.dat
C:\WINDOWS\system32\whnso.dat
C:\WINDOWS\system32\xgspg.dat
C:\WINDOWS\system32\xpxru.dat
C:\WINDOWS\system32\xsskd.dat
C:\WINDOWS\system32\xuvuj.dat
C:\WINDOWS\system32\yargs.dat
C:\WINDOWS\system32\yrbyl.dat
C:\WINDOWS\system32\yusmf.dat
C:\WINDOWS\system32\zdhpz.dat
C:\WINDOWS\system32\zukjg.dat
C:\WINDOWS\system32\zzlcw.dat
C:\WINDOWS\tevvu.dat
C:\WINDOWS\tioyh.dat
C:\WINDOWS\tivmq.dat
C:\WINDOWS\tsrem.dat
C:\WINDOWS\twfrt.dat
C:\WINDOWS\ujglu.dat
C:\WINDOWS\uoyej.dat
C:\WINDOWS\uwkkz.dat
C:\WINDOWS\vgnri.dat
C:\WINDOWS\vpbff.dat
C:\WINDOWS\vtanq.dat
C:\WINDOWS\vwnle.dat
C:\WINDOWS\wnppi.dat
C:\WINDOWS\wnwpf.dat
C:\WINDOWS\wskbo.dat
C:\WINDOWS\xdpzj.dat
C:\WINDOWS\xiixo.dat
C:\WINDOWS\xupur.dat
C:\WINDOWS\yevey.dat
C:\WINDOWS\yknfc.dat
C:\WINDOWS\ymdbb.dat
C:\WINDOWS\yzjzy.dat

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-29 )))))))))))))))))))))))))))))))
.

2008-10-29 13:17 . 2008-10-29 13:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 13:17 . 2008-10-29 13:17 <DIR> d-------- C:\Documents and Settings\Kristin Faith\Application Data\Malwarebytes
2008-10-29 13:17 . 2008-10-29 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-29 13:17 . 2008-10-22 16:28 38,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-29 13:17 . 2008-10-22 16:28 15,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-10-29 11:27 . 2008-10-29 11:27 <DIR> d-------- C:\Documents and Settings\Kristin Faith\Application Data\AdobeUM
2008-10-29 10:51 . 2008-10-29 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-29 10:11 . 2008-10-29 10:11 <DIR> d-------- C:\Documents and Settings\Kristin Faith\Application Data\ACD Systems
2008-10-29 10:02 . 2008-10-29 10:54 <DIR> d-------- C:\Program Files\Optio E10 Digital Camera
2008-10-29 10:02 . 2004-07-12 10:48 16,896 --a------ C:\WINDOWS\SYSTEM32\CoachDlg.dll
2008-10-29 10:01 . 2008-10-29 10:01 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-10-29 10:01 . 2008-10-29 10:01 <DIR> d-------- C:\Program Files\ACD Systems
2008-10-29 10:01 . 2008-10-29 10:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-10-29 10:00 . 2008-10-29 10:00 9,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys
2008-10-29 09:59 . 2008-10-29 09:59 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-10-29 08:47 . 2008-10-29 09:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-10-28 23:09 . 2008-10-28 23:15 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-28 23:08 . 2008-10-28 23:08 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-10-28 22:57 . 2008-10-28 22:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-28 22:54 . 2008-08-14 05:00 2,180,352 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-28 22:54 . 2008-08-14 04:58 2,136,064 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-28 22:54 . 2008-08-14 04:22 2,057,728 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-28 22:54 . 2008-08-14 04:22 2,015,744 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-28 22:39 . 2008-09-15 06:57 1,846,016 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-10-28 22:15 . 2008-08-28 05:04 333,056 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
2008-10-28 22:09 . 2008-04-11 13:50 683,520 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2008-10-28 21:47 . 2008-05-08 07:28 202,752 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-10-28 21:12 . 2008-10-28 21:12 <DIR> d-------- C:\Program Files\CCleaner
2008-10-28 14:40 . 2008-10-28 14:41 432 --a------ C:\WINDOWS\wininit.ini
2008-10-28 13:19 . 2008-10-28 13:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-28 13:19 . 2008-10-28 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-28 05:29 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-10-27 21:26 . 2008-08-14 04:51 138,368 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-10-27 20:51 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
2008-10-27 14:31 . 2008-10-27 14:31 410,976 --a------ C:\WINDOWS\SYSTEM32\deploytk.dll
2008-10-27 14:31 . 2008-10-27 14:31 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-10-27 05:59 . 2008-10-15 11:57 332,800 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-27 05:23 . 2008-10-28 10:00 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-27 05:10 . 2008-10-27 05:10 76,040 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-10-27 05:10 . 2008-10-27 05:10 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-10-27 05:09 . 2008-10-29 09:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-10-27 05:09 . 2008-10-27 05:09 <DIR> d-------- C:\Program Files\AVG
2008-10-27 05:09 . 2008-10-27 05:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-27 05:09 . 2008-10-27 05:09 97,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-10-26 22:34 . 2008-10-26 22:35 6 --a------ C:\WINDOWS\msoffice.ini
2008-10-26 20:11 . 2001-08-17 22:36 171,008 --a------ C:\WINDOWS\SYSTEM32\LXADSUI.DLL
2008-10-01 09:51 . 2008-10-01 09:51 3,063 --ahs---- C:\WINDOWS\sthcl.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 04:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-28 19:42 --------- d-----w C:\Program Files\eZula
2008-10-27 19:31 --------- d-----w C:\Program Files\Java
2008-10-27 14:30 --------- d-----w C:\Program Files\SBITPlugin
2008-10-27 14:02 --------- d-----w C:\Documents and Settings\Kristin Faith\Application Data\sysjt
2008-10-27 10:44 --------- d-----w C:\Program Files\Common Files\AOL
2008-10-27 10:41 --------- d-----w C:\Program Files\Toolbar
2008-10-27 03:37 --------- d-----w C:\Program Files\Hasbro Interactive
2008-10-27 03:35 --------- d-----w C:\Program Files\Common Files\aolshare
2008-10-27 03:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-10-27 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-01 11:51 116,384 ----a-w C:\WINDOWS\submit2.exe
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-19 09:30 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2004-06-09 23:21 110,592 ----a-w C:\Program Files\Common Files\submit2.exe
2004-08-15 18:43 11,591 --sha-w C:\WINDOWS\acpbr.dat
2004-08-01 02:07 3,063 --sha-w C:\WINDOWS\adxbd.dat
2004-08-06 02:31 3,063 --sha-w C:\WINDOWS\aeyxd.dat
2004-07-25 19:38 11,591 --sha-w C:\WINDOWS\afkuk.dat
2004-08-08 12:40 3,063 --sha-w C:\WINDOWS\atpqn.dat
2005-01-22 02:19 11,592 --sha-w C:\WINDOWS\axnca.dat
2004-08-03 12:03 3,063 --sha-w C:\WINDOWS\betdd.dat
2004-09-03 12:34 11,591 --sha-w C:\WINDOWS\bluhe.dat
2004-07-19 01:23 3,063 --sha-w C:\WINDOWS\bmusf.dat
2004-08-01 21:43 11,591 --sha-w C:\WINDOWS\bofpj.dat
2004-08-22 01:07 11,591 --sha-w C:\WINDOWS\bpjka.dat
2004-08-06 18:07 3,063 --sha-w C:\WINDOWS\btffy.dat
2004-07-31 23:51 3,063 --sha-w C:\WINDOWS\bvoqs.dat
2004-07-14 12:57 3,063 --sha-w C:\WINDOWS\bwivf.dat
2004-07-23 14:19 3,063 --sha-w C:\WINDOWS\bwrcz.dat
2004-07-15 22:02 11,591 --sha-w C:\WINDOWS\cbbjj.dat
2004-07-30 05:46 3,063 --sha-w C:\WINDOWS\cevvj.dat
2004-07-25 05:11 3,063 --sha-w C:\WINDOWS\cgsbj.dat
2004-12-03 03:28 11,591 --sha-w C:\WINDOWS\cshqp.dat
2004-07-17 06:36 11,591 --sha-w C:\WINDOWS\csklt.dat
2004-07-21 10:34 3,063 --sha-w C:\WINDOWS\cstlr.dat
2004-09-06 20:45 11,591 --sha-w C:\WINDOWS\dmjbs.dat
2004-08-10 21:01 3,063 --sha-w C:\WINDOWS\dogsl.dat
2004-07-28 09:44 11,591 --sha-w C:\WINDOWS\dtipq.dat
2004-08-11 19:09 11,591 --sha-w C:\WINDOWS\dvuwo.dat
2004-08-01 22:09 11,591 --sha-w C:\WINDOWS\ebpzk.dat
2004-11-02 19:18 11,591 --sha-w C:\WINDOWS\ecbro.dat
2004-07-28 22:34 3,063 --sha-w C:\WINDOWS\edqxj.dat
2004-07-15 04:39 3,063 --sha-w C:\WINDOWS\eejqq.dat
2004-08-05 05:50 11,591 --sha-w C:\WINDOWS\efmvf.dat
2004-07-27 06:19 11,591 --sha-w C:\WINDOWS\ejaoo.dat
2004-07-19 10:34 3,063 --sha-w C:\WINDOWS\esdlm.dat
2004-07-24 06:32 11,591 --sha-w C:\WINDOWS\etfvy.dat
2004-07-26 20:09 3,063 --sha-w C:\WINDOWS\eyjlt.dat
2004-07-28 21:24 11,591 --sha-w C:\WINDOWS\fgwht.dat
2004-07-29 17:48 11,591 --sha-w C:\WINDOWS\fhdsq.dat
2004-07-27 07:45 3,063 --sha-w C:\WINDOWS\fjuhl.dat
2004-08-07 14:47 11,591 --sha-w C:\WINDOWS\fkdpv.dat
2004-08-11 12:15 11,591 --sha-w C:\WINDOWS\fqrcj.dat
2004-10-25 00:35 0 --sha-w C:\WINDOWS\gczvs.dll
2004-07-28 12:25 3,063 --sha-w C:\WINDOWS\gejdf.dat
2004-08-04 19:41 11,591 --sha-w C:\WINDOWS\ggfba.dat
2004-08-08 15:12 3,063 --sha-w C:\WINDOWS\ghopi.dat
2004-07-28 15:08 11,591 --sha-w C:\WINDOWS\gmdxz.dat
2004-08-01 18:53 3,063 --sha-w C:\WINDOWS\gqeem.dat
2004-08-05 09:50 3,063 --sha-w C:\WINDOWS\grtwx.dat
2004-07-27 21:12 11,591 --sha-w C:\WINDOWS\gvkry.dat
2004-07-23 19:49 11,591 --sha-w C:\WINDOWS\gvvfr.dat
2005-01-12 21:00 3,347 --sha-w C:\WINDOWS\gwbnr.dat
2004-08-11 09:09 3,063 --sha-w C:\WINDOWS\gzedw.dat
2004-09-08 05:42 11,591 --sha-w C:\WINDOWS\heaky.dat
2004-07-30 23:41 11,591 --sha-w C:\WINDOWS\hutbs.dat
2004-11-06 14:46 11,591 --sha-w C:\WINDOWS\hutxg.dat
2004-07-29 02:26 11,591 --sha-w C:\WINDOWS\hvhpb.dat
2004-12-30 16:24 3,063 --sha-w C:\WINDOWS\isppn.dat
2004-09-29 03:16 3,063 --sha-w C:\WINDOWS\jaacl.dat
2004-08-07 04:49 11,591 --sha-w C:\WINDOWS\jaiyq.dat
2004-07-30 16:38 3,063 --sha-w C:\WINDOWS\jjgbn.dat
2004-08-18 12:53 3,063 --sha-w C:\WINDOWS\jlgsc.dat
2004-07-29 22:53 3,063 --sha-w C:\WINDOWS\jmuvj.dat
2004-08-06 00:42 3,063 --sha-w C:\WINDOWS\jokdo.dat
2004-10-04 04:50 3,063 --sha-w C:\WINDOWS\jsums.dat
2004-11-24 19:02 11,591 --sha-w C:\WINDOWS\jwwje.dat
2004-08-05 01:51 11,591 --sha-w C:\WINDOWS\kdvzk.dat
2004-07-20 08:29 11,591 --sha-w C:\WINDOWS\kesui.dat
2004-08-07 02:22 3,063 --sha-w C:\WINDOWS\krwfj.dat
2004-07-31 14:32 3,063 --sha-w C:\WINDOWS\kveyt.dat
2004-08-01 10:52 3,063 --sha-w C:\WINDOWS\kvxih.dat
2004-08-11 21:03 3,063 --sha-w C:\WINDOWS\kvxwm.dat
2004-08-08 18:08 11,591 --sha-w C:\WINDOWS\kwtgd.dat
2004-10-03 21:12 3,063 --sha-w C:\WINDOWS\lfeeg.dat
2004-07-21 09:25 11,591 --sha-w C:\WINDOWS\lpzpb.dat
2004-07-21 17:18 11,591 --sha-w C:\WINDOWS\lyejt.dat
2004-10-24 17:41 11,591 --sha-w C:\WINDOWS\lynal.dat
2004-09-29 07:19 11,591 --sha-w C:\WINDOWS\lynsq.dat
2004-08-09 22:55 11,591 --sha-w C:\WINDOWS\mazsx.dat
2004-08-05 09:43 3,063 --sha-w C:\WINDOWS\misie.dat
2004-09-10 18:58 11,591 --sha-w C:\WINDOWS\mpsgr.dat
2004-08-02 15:40 3,063 --sha-w C:\WINDOWS\myeuc.dat
2004-07-28 05:42 11,591 --sha-w C:\WINDOWS\ndbjk.dat
2004-07-20 05:01 2,569 --sha-w C:\WINDOWS\ndfwo.dat
2004-09-22 10:12 3,063 --sha-w C:\WINDOWS\ndjpz.dat
2004-08-04 00:06 3,063 --sha-w C:\WINDOWS\ndlwy.dat
2004-09-21 09:29 3,063 --sha-w C:\WINDOWS\nfprq.dat
2004-10-25 18:46 11,591 --sha-w C:\WINDOWS\nfzwj.dat
2004-07-31 18:32 3,063 --sha-w C:\WINDOWS\nijbw.dat
2004-08-04 18:10 11,591 --sha-w C:\WINDOWS\njjsq.dat
2004-10-13 14:47 11,591 --sha-w C:\WINDOWS\njlat.dat
2004-08-03 13:28 3,063 --sha-w C:\WINDOWS\nprzv.dat
2004-08-10 20:43 11,591 --sha-w C:\WINDOWS\nqmxq.dat
2004-08-12 02:28 11,591 --sha-w C:\WINDOWS\nrmuh.dat
2004-07-16 07:39 11,591 --sha-w C:\WINDOWS\nuedz.dat
2004-10-02 19:13 3,362 --sha-w C:\WINDOWS\nvwyv.dat
2004-12-29 16:43 3,063 --sha-w C:\WINDOWS\nwrns.dat
2004-07-19 09:37 11,591 --sha-w C:\WINDOWS\nzelh.dat
2004-07-29 00:21 3,063 --sha-w C:\WINDOWS\nzqyq.dat
2004-11-04 13:53 0 -csha-w C:\WINDOWS\n_sdhgps.dat
2004-08-26 05:49 0 --sha-w C:\WINDOWS\n_vrpxfx.dat
2004-11-06 12:19 0 -csha-w C:\WINDOWS\n_xeqiur.dat
2004-08-12 17:05 11,591 --sha-w C:\WINDOWS\obput.dat
2004-08-09 21:27 3,063 --sha-w C:\WINDOWS\oezbw.dat
2005-01-09 09:45 11,591 --sha-w C:\WINDOWS\ogczs.dat
2004-08-08 06:59 11,591 --sha-w C:\WINDOWS\ogdyi.dat
2004-07-20 16:06 3,063 --sha-w C:\WINDOWS\ogxsg.dat
2004-08-05 21:30 11,591 --sha-w C:\WINDOWS\oindw.dat
2004-07-19 20:35 11,591 --sha-w C:\WINDOWS\ojabj.dat
2004-08-05 20:21 11,591 --sha-w C:\WINDOWS\oktfy.dat
2004-08-01 20:34 3,063 --sha-w C:\WINDOWS\oqsmx.dat
2004-08-09 03:50 11,591 --sha-w C:\WINDOWS\orolk.dat
2004-08-02 16:15 11,591 --sha-w C:\WINDOWS\otajm.dat
2005-01-08 12:46 11,591 --sha-w C:\WINDOWS\ouign.dat
2005-01-03 02:22 3,063 --sha-w C:\WINDOWS\ovnaz.dat
2004-07-21 03:28 3,063 --sha-w C:\WINDOWS\owcot.dat
2005-01-08 12:46 3,063 --sha-w C:\WINDOWS\owdsp.dat
2004-08-22 01:26 11,591 --sha-w C:\WINDOWS\owkbh.dat
2004-08-09 14:19 11,591 --sha-w C:\WINDOWS\oxmxe.dat
2004-08-08 14:59 11,591 --sha-w C:\WINDOWS\oxzql.dat
2005-01-03 02:22 3,063 --sha-w C:\WINDOWS\oztga.dat
2004-08-11 22:46 11,591 --sha-w C:\WINDOWS\pbdpr.dat
2004-09-29 08:35 3,063 --sha-w C:\WINDOWS\piina.dat
2004-10-06 15:51 11,591 --sha-w C:\WINDOWS\pjdlo.dat
2004-08-24 03:09 3,063 --sha-w C:\WINDOWS\pmjnv.dat
2004-08-12 02:00 3,063 --sha-w C:\WINDOWS\pnbgw.dat
2004-08-13 16:54 11,591 --sha-w C:\WINDOWS\pnnbs.dat
2004-12-22 07:04 11,591 --sha-w C:\WINDOWS\pydeu.dat
2004-08-04 15:31 3,063 --sha-w C:\WINDOWS\pzire.dat
2004-08-01 16:34 11,591 --sha-w C:\WINDOWS\pzuea.dat
2004-10-15 14:54 11,591 --sha-w C:\WINDOWS\qagxk.dat
2004-11-05 21:36 3,347 --sha-w C:\WINDOWS\qaypk.dat
2004-08-03 19:11 11,591 --sha-w C:\WINDOWS\qevbx.dat
2004-07-22 18:13 3,063 --sha-w C:\WINDOWS\qjyei.dat
2004-07-30 01:28 11,591 --sha-w C:\WINDOWS\qltcw.dat
2004-10-26 08:37 3,063 --sha-w C:\WINDOWS\qpywd.dat
2004-07-23 12:42 3,063 --sha-w C:\WINDOWS\qvxee.dat
2004-08-30 07:34 11,591 --sha-w C:\WINDOWS\qzqhd.dat
2005-10-21 17:52 11,591 --sha-w C:\WINDOWS\rftnj.dat
2004-09-15 22:43 11,591 --sha-w C:\WINDOWS\rhhrr.dat
2004-08-15 16:52 3,063 --sha-w C:\WINDOWS\rjnbk.dat
2004-08-12 19:58 11,591 --sha-w C:\WINDOWS\rljfo.dat
2004-07-28 16:05 11,591 --sha-w C:\WINDOWS\rsisp.dat
2004-09-08 19:33 3,063 --sha-w C:\WINDOWS\rvrlw.dat
2004-07-20 23:42 3,063 --sha-w C:\WINDOWS\rwypo.dat
2004-09-11 02:50 11,591 --sha-w C:\WINDOWS\rzvze.dat
2004-08-11 21:44 3,063 --sha-w C:\WINDOWS\shqsy.dat
2005-01-16 19:49 3,063 --sha-w C:\WINDOWS\sjlsz.dat
2004-07-23 22:24 11,591 --sha-w C:\WINDOWS\slaig.dat
2004-08-13 05:40 3,063 --sha-w C:\WINDOWS\snjsz.dat
2004-09-05 08:33 11,591 --sha-w C:\WINDOWS\svcaz.dat
2004-08-05 01:58 11,591 --sha-w C:\WINDOWS\szfca.dat
2004-11-24 19:49 3,063 --sha-w C:\WINDOWS\szqvg.dat
2004-07-23 19:28 11,591 --sha-w C:\WINDOWS\takpi.dat
2004-07-24 07:43 3,063 --sha-w C:\WINDOWS\tczen.dat
2004-08-14 17:52 3,063 --sha-w C:\WINDOWS\tonme.dat
2004-10-17 02:45 3,362 --sha-w C:\WINDOWS\ttezl.dat
2004-09-08 23:43 11,591 --sha-w C:\WINDOWS\ttkap.dat
2004-11-16 22:24 11,591 --sha-w C:\WINDOWS\tzffe.dat
2004-07-17 07:37 3,063 --sha-w C:\WINDOWS\uiibd.dat
2004-08-14 23:44 11,591 --sha-w C:\WINDOWS\ukbcr.dat
2005-10-15 20:30 11,591 --sha-w C:\WINDOWS\uohgw.dat
2004-11-25 12:19 11,591 --sha-w C:\WINDOWS\uqdiw.dat
2004-10-24 14:54 11,591 --sha-w C:\WINDOWS\uunnf.dat
2004-08-02 07:37 3,063 --sha-w C:\WINDOWS\uwhnv.dat
2004-08-07 23:05 11,591 --sha-w C:\WINDOWS\uynzk.dat
2004-07-13 23:18 3,063 --sha-w C:\WINDOWS\vefou.dat
2004-08-05 07:36 11,591 --sha-w C:\WINDOWS\vjmwl.dat
2004-07-21 02:28 3,063 --sha-w C:\WINDOWS\vjnrv.dat
2004-10-22 10:24 11,591 --sha-w C:\WINDOWS\vjpkn.dat
2004-09-22 13:39 11,591 --sha-w C:\WINDOWS\vlmbx.dat
2004-08-06 00:34 11,591 --sha-w C:\WINDOWS\vymlo.dat
2004-07-22 13:29 3,063 --sha-w C:\WINDOWS\vzctz.dat
2004-07-20 19:35 11,591 --sha-w C:\WINDOWS\wjpge.dat
2005-10-15 20:30 11,591 --sha-w C:\WINDOWS\wmyvd.dat
2005-10-15 20:30 3,063 --sha-w C:\WINDOWS\woggi.dat
2004-08-10 10:17 3,063 --sha-w C:\WINDOWS\wpwls.dat
2004-07-18 21:43 11,591 --sha-w C:\WINDOWS\wrsjn.dat
2004-07-14 09:28 11,591 --sha-w C:\WINDOWS\wtdtx.dat
2004-08-05 17:29 11,591 --sha-w C:\WINDOWS\xadjo.dat
2004-07-24 21:21 11,591 --sha-w C:\WINDOWS\xajtt.dat
2004-07-21 20:52 11,591 --sha-w C:\WINDOWS\xckqh.dat
2004-07-27 21:44 3,063 --sha-w C:\WINDOWS\xfaga.dat
2004-08-04 13:49 11,591 --sha-w C:\WINDOWS\xfmpq.dat
2004-11-10 12:16 3,063 --sha-w C:\WINDOWS\xknkd.dat
2004-07-29 14:22 11,591 --sha-w C:\WINDOWS\xmjir.dat
2004-10-13 06:10 3,362 --sha-w C:\WINDOWS\xmzdy.dat
2004-10-11 12:46 3,063 --sha-w C:\WINDOWS\xqovx.dat
2004-08-05 01:32 11,591 --sha-w C:\WINDOWS\xuqyo.dat
2004-08-01 19:18 11,591 --sha-w C:\WINDOWS\xvlfl.dat
2004-07-28 21:17 3,063 --sha-w C:\WINDOWS\xwdst.dat
2004-07-18 06:40 11,591 --sha-w C:\WINDOWS\xxgel.dat
2004-08-05 04:33 11,591 --sha-w C:\WINDOWS\xyzqo.dat
2004-07-21 07:53 3,063 --sha-w C:\WINDOWS\ykizd.dat
2004-10-24 04:55 11,591 --sha-w C:\WINDOWS\ytzvb.dat
2004-10-19 10:35 11,591 --sha-w C:\WINDOWS\yznyh.dat
2004-10-11 12:46 3,063 --sha-w C:\WINDOWS\yzyhx.dat
2004-10-25 14:06 3,362 --sha-w C:\WINDOWS\yzzba.dat
2004-10-11 12:46 3,063 --sha-w C:\WINDOWS\zexiz.dat
2004-07-20 10:13 11,591 --sha-w C:\WINDOWS\zgtgv.dat
2004-07-29 08:29 11,591 --sha-w C:\WINDOWS\zhvlq.dat
2004-08-06 18:41 3,063 --sha-w C:\WINDOWS\zogde.dat
2004-07-20 08:00 3,063 --sha-w C:\WINDOWS\ztdqe.dat
2004-08-04 19:28 3,063 --sha-w C:\WINDOWS\zxznu.dat
2004-09-11 16:35 56,832 --sha-w C:\WINDOWS\SYSTEM32\artoy.dll
2004-08-06 17:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\aycog.dat
2004-08-03 17:43 11,591 --sha-w C:\WINDOWS\SYSTEM32\bbrkw.dat
2004-07-22 07:37 11,591 --sha-w C:\WINDOWS\SYSTEM32\bcefl.dat
2004-08-15 12:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\bjdzk.dat
2004-07-24 20:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\blptf.dat
2004-07-30 08:51 3,063 --sha-w C:\WINDOWS\SYSTEM32\bodau.dat
2004-07-25 10:05 3,063 --sha-w C:\WINDOWS\SYSTEM32\bswam.dat
2004-08-06 16:13 11,591 --sha-w C:\WINDOWS\SYSTEM32\bxyuj.dat
2004-08-02 07:51 3,063 --sha-w C:\WINDOWS\SYSTEM32\capkn.dat
2004-08-06 16:40 3,063 --sha-w C:\WINDOWS\SYSTEM32\cbefv.dat
2004-08-11 11:22 3,063 --sha-w C:\WINDOWS\SYSTEM32\cemrs.dat
2004-07-29 21:19 3,063 --sha-w C:\WINDOWS\SYSTEM32\cevrv.dat
2004-08-03 05:43 3,063 --sha-w C:\WINDOWS\SYSTEM32\cnyci.dat
2004-07-25 10:44 3,063 --sha-w C:\WINDOWS\SYSTEM32\cqklv.dat
2004-08-06 12:45 3,063 --sha-w C:\WINDOWS\SYSTEM32\czpuf.dat
2004-07-21 03:27 3,063 --sha-w C:\WINDOWS\SYSTEM32\dbteq.dat
2004-10-04 10:23 3,063 --sha-w C:\WINDOWS\SYSTEM32\ddeli.dat
2004-07-13 02:25 11,591 --sha-w C:\WINDOWS\SYSTEM32\dibfo.dat
2004-07-22 23:20 3,063 --sha-w C:\WINDOWS\SYSTEM32\dklng.dat
2004-07-30 21:33 11,591 --sha-w C:\WINDOWS\SYSTEM32\dnrul.dat
2004-07-24 11:54 11,591 --sha-w C:\WINDOWS\SYSTEM32\dnvhr.dat
2004-07-30 04:29 11,591 --sha-w C:\WINDOWS\SYSTEM32\dtamz.dat
2004-07-28 09:14 11,591 --sha-w C:\WINDOWS\SYSTEM32\dvsnb.dat
2004-08-06 11:49 11,591 --sha-w C:\WINDOWS\SYSTEM32\ebied.dat
2004-07-18 16:08 11,591 --sha-w C:\WINDOWS\SYSTEM32\ebkdr.dat
2004-09-13 21:56 3,063 --sha-w C:\WINDOWS\SYSTEM32\ecbfh.dat
2004-07-14 14:02 3,063 --sha-w C:\WINDOWS\SYSTEM32\eczje.dat
2004-07-19 08:05 3,063 --sha-w C:\WINDOWS\SYSTEM32\edjxl.dat
2004-10-13 20:59 3,063 --sha-w C:\WINDOWS\SYSTEM32\egbev.dat
2004-07-24 16:34 11,591 --sha-w C:\WINDOWS\SYSTEM32\enfko.dat
2004-10-21 04:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\eqwdj.dat
2004-08-06 19:43 11,591 --sha-w C:\WINDOWS\SYSTEM32\fegzd.dat
2004-08-01 02:45 11,591 --sha-w C:\WINDOWS\SYSTEM32\ffjcn.dat
2004-08-02 15:23 3,063 --sha-w C:\WINDOWS\SYSTEM32\ffvtg.dat
2004-08-10 02:22 11,591 --sha-w C:\WINDOWS\SYSTEM32\fnelk.dat
2004-08-04 05:59 3,063 --sha-w C:\WINDOWS\SYSTEM32\fueav.dat
2004-08-31 20:30 11,591 --sha-w C:\WINDOWS\SYSTEM32\fwawd.dat
2004-08-02 15:07 11,591 --sha-w C:\WINDOWS\SYSTEM32\fyqgn.dat
2004-08-01 17:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\gbcfr.dat
2004-08-09 17:26 3,063 --sha-w C:\WINDOWS\SYSTEM32\gkkfb.dat
2004-08-10 16:23 11,591 --sha-w C:\WINDOWS\SYSTEM32\gmcxg.dat
2004-08-11 19:20 3,063 --sha-w C:\WINDOWS\SYSTEM32\grtxf.dat
2004-07-15 20:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\gtnlk.dat
2004-07-29 14:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\gyrfb.dat
2004-07-21 20:17 3,063 --sha-w C:\WINDOWS\SYSTEM32\hdsau.dat
2004-07-30 20:53 3,063 --sha-w C:\WINDOWS\SYSTEM32\hiawa.dat
2004-07-22 03:21 11,591 --sha-w C:\WINDOWS\SYSTEM32\hjidg.dat
2004-07-19 12:49 11,591 --sha-w C:\WINDOWS\SYSTEM32\hnbdg.dat
2004-08-06 09:06 3,063 --sha-w C:\WINDOWS\SYSTEM32\hpljt.dat
2004-07-30 01:13 11,591 --sha-w C:\WINDOWS\SYSTEM32\hvgbo.dat
2004-07-23 09:41 11,591 --sha-w C:\WINDOWS\SYSTEM32\ibzlo.dat
2004-07-15 23:47 11,591 --sha-w C:\WINDOWS\SYSTEM32\ilckq.dat
2004-07-31 13:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\iyeqi.dat
2004-08-04 11:41 3,063 --sha-w C:\WINDOWS\SYSTEM32\jceuy.dat
2004-08-18 18:51 11,591 --sha-w C:\WINDOWS\SYSTEM32\jesmj.dat
2004-07-24 13:22 11,591 --sha-w C:\WINDOWS\SYSTEM32\jeuue.dat
2004-07-25 18:39 3,063 --sha-w C:\WINDOWS\SYSTEM32\jfwty.dat
2004-08-10 19:18 11,591 --sha-w C:\WINDOWS\SYSTEM32\jgpbr.dat
2004-07-25 16:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\jijsu.dat
2004-07-21 10:32 11,591 --sha-w C:\WINDOWS\SYSTEM32\jkiwh.dat
2004-08-02 01:54 11,591 --sha-w C:\WINDOWS\SYSTEM32\jorrt.dat
2004-08-01 23:30 11,591 --sha-w C:\WINDOWS\SYSTEM32\jsfqh.dat
2004-07-23 04:28 11,591 --sha-w C:\WINDOWS\SYSTEM32\jvlzm.dat
2004-07-16 03:01 3,063 --sha-w C:\WINDOWS\SYSTEM32\jxawo.dat
2004-07-27 07:24 3,063 --sha-w C:\WINDOWS\SYSTEM32\jxbak.dat
2004-07-13 14:43 11,591 --sha-w C:\WINDOWS\SYSTEM32\kbeon.dat
2004-07-27 18:11 11,591 --sha-w C:\WINDOWS\SYSTEM32\kbuzm.dat
2004-07-31 05:42 11,591 --sha-w C:\WINDOWS\SYSTEM32\kdadr.dat
2004-07-23 03:52 3,063 --sha-w C:\WINDOWS\SYSTEM32\kgxfv.dat
2004-08-09 21:38 3,063 --sha-w C:\WINDOWS\SYSTEM32\kkibi.dat
2004-07-27 23:48 3,063 --sha-w C:\WINDOWS\SYSTEM32\kmpuf.dat
2004-08-13 09:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\knxtq.dat
2004-07-27 14:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\kxwqq.dat
2004-08-02 11:49 3,063 --sha-w C:\WINDOWS\SYSTEM32\lcpus.dat
2004-08-13 17:27 11,591 --sha-w C:\WINDOWS\SYSTEM32\ljjwe.dat
2004-08-03 07:25 11,591 --sha-w C:\WINDOWS\SYSTEM32\lmlwn.dat
2004-08-05 14:37 3,063 --sha-w C:\WINDOWS\SYSTEM32\lvwzp.dat
2004-07-14 02:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\lwsxl.dat
2004-07-30 07:04 430 --sha-w C:\WINDOWS\SYSTEM32\mfcic32.dll
2004-07-27 13:38 3,063 --sha-w C:\WINDOWS\SYSTEM32\mfekj.dat
2004-10-21 18:48 3,362 --sha-w C:\WINDOWS\SYSTEM32\mhlaw.dat
2004-08-01 08:05 3,063 --sha-w C:\WINDOWS\SYSTEM32\mntmc.dat
2004-07-31 15:49 3,063 --sha-w C:\WINDOWS\SYSTEM32\morbp.dat
2004-08-07 22:02 11,591 --sha-w C:\WINDOWS\SYSTEM32\mrxnp.dat
2004-08-12 16:05 11,591 --sha-w C:\WINDOWS\SYSTEM32\mshcw.dat
2004-07-21 10:47 3,063 --sha-w C:\WINDOWS\SYSTEM32\mxlcb.dat
2004-08-08 15:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\mxokx.dat
2004-10-16 12:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\njnmf.dat
2004-10-18 14:17 3,063 --sha-w C:\WINDOWS\SYSTEM32\nlaxa.dat
2004-09-26 01:42 11,591 --sha-w C:\WINDOWS\SYSTEM32\nnvvn.dat
2004-07-19 03:10 11,591 --sha-w C:\WINDOWS\SYSTEM32\nqkcl.dat
2004-07-15 07:58 3,063 --sha-w C:\WINDOWS\SYSTEM32\nvmoj.dat
2004-07-22 15:13 11,591 --sha-w C:\WINDOWS\SYSTEM32\nximf.dat
2004-07-16 08:28 11,591 --sha-w C:\WINDOWS\SYSTEM32\obfsp.dat
2004-07-13 17:09 3,063 --sha-w C:\WINDOWS\SYSTEM32\obqyc.dat
2004-08-03 23:55 11,591 --sha-w C:\WINDOWS\SYSTEM32\ocwol.dat
2004-08-02 00:51 11,591 --sha-w C:\WINDOWS\SYSTEM32\ojigs.dat
2004-08-01 02:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\okutl.dat
2004-08-11 19:09 11,591 --sha-w C:\WINDOWS\SYSTEM32\oqdor.dat
2004-08-11 07:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\payse.dat
2004-07-11 00:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\petdc.dat
2004-07-09 17:13 0 -csha-w C:\WINDOWS\SYSTEM32\pfvqa.dll
2004-07-20 14:20 11,591 --sha-w C:\WINDOWS\SYSTEM32\pgdbn.dat
2004-10-07 05:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\pgziy.dat
2004-07-25 07:08 11,591 --sha-w C:\WINDOWS\SYSTEM32\phqdl.dat
2004-10-27 07:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\poixd.dat
2004-07-27 20:52 3,063 --sha-w C:\WINDOWS\SYSTEM32\pszct.dat
2004-07-21 05:39 3,063 --sha-w C:\WINDOWS\SYSTEM32\ptpbi.dat
2004-08-09 14:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\pvrdh.dat
2004-10-12 04:18 11,591 --sha-w C:\WINDOWS\SYSTEM32\pvuzh.dat
2004-08-20 11:02 3,063 --sha-w C:\WINDOWS\SYSTEM32\qfvhg.dat
2004-07-17 01:40 11,591 --sha-w C:\WINDOWS\SYSTEM32\qghsd.dat
2004-08-05 11:24 3,063 --sha-w C:\WINDOWS\SYSTEM32\qhzhh.dat
2004-07-19 15:45 3,063 --sha-w C:\WINDOWS\SYSTEM32\qllrv.dat
2004-07-22 19:49 11,591 --sha-w C:\WINDOWS\SYSTEM32\qmuuh.dat
2004-08-07 03:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\qsntd.dat
2004-09-30 06:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\qsovv.dat
2004-09-23 19:40 11,591 --sha-w C:\WINDOWS\SYSTEM32\qujur.dat
2004-07-15 13:18 3,063 --sha-w C:\WINDOWS\SYSTEM32\qvaod.dat
2004-08-05 14:29 3,063 --sha-w C:\WINDOWS\SYSTEM32\qwlas.dat
2004-09-22 02:56 0 -csha-w C:\WINDOWS\SYSTEM32\qxphf.dll
2004-08-09 07:01 3,063 --sha-w C:\WINDOWS\SYSTEM32\rafbx.dat
2004-10-07 05:08 3,362 --sha-w C:\WINDOWS\SYSTEM32\rbsiq.dat
2004-08-23 19:04 11,591 --sha-w C:\WINDOWS\SYSTEM32\rdlxt.dat
2004-09-08 15:28 3,063 --sha-w C:\WINDOWS\SYSTEM32\rfmtd.dat
2004-09-30 13:52 0 -csha-w C:\WINDOWS\SYSTEM32\rownh.dll
2004-07-22 04:10 3,063 --sha-w C:\WINDOWS\SYSTEM32\rqinq.dat
2004-07-18 16:39 11,591 --sha-w C:\WINDOWS\SYSTEM32\rurag.dat
2004-08-07 07:10 0 -csha-w C:\WINDOWS\SYSTEM32\rvgoz.dat
2004-08-04 13:07 3,063 --sha-w C:\WINDOWS\SYSTEM32\rxjgc.dat
2004-07-29 02:08 11,591 --sha-w C:\WINDOWS\SYSTEM32\rzeey.dat
2004-07-13 13:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\scpak.dat
2004-07-25 17:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\sdbwv.dat
2004-07-29 07:55 3,063 --sha-w C:\WINDOWS\SYSTEM32\sdcgr.dat
2004-08-05 15:10 11,591 --sha-w C:\WINDOWS\SYSTEM32\snxef.dat
2004-07-30 12:10 3,063 --sha-w C:\WINDOWS\SYSTEM32\sobhe.dat
2004-07-21 11:34 3,063 --sha-w C:\WINDOWS\SYSTEM32\soogr.dat
2004-07-14 09:22 11,591 --sha-w C:\WINDOWS\SYSTEM32\sxblt.dat
2004-08-06 19:25 11,591 --sha-w C:\WINDOWS\SYSTEM32\syxfz.dat
2004-07-17 13:35 3,063 --sha-w C:\WINDOWS\SYSTEM32\tbuvk.dat
2004-07-22 05:30 11,591 --sha-w C:\WINDOWS\SYSTEM32\thbdw.dat
2004-10-27 17:59 11,591 --sha-w C:\WINDOWS\SYSTEM32\thlwb.dat
2004-07-30 05:25 3,063 --sha-w C:\WINDOWS\SYSTEM32\tjeru.dat
2004-08-02 01:03 3,063 --sha-w C:\WINDOWS\SYSTEM32\totuq.dat
2004-07-29 10:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\tvdhe.dat
2004-07-14 22:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\tygej.dat
2004-07-19 21:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\udhls.dat
2004-08-13 15:00 3,063 --sha-w C:\WINDOWS\SYSTEM32\uiulx.dat
2004-07-27 11:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\vcsbs.dat
2004-07-20 19:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\vdisz.dat
2004-07-17 04:38 3,063 --sha-w C:\WINDOWS\SYSTEM32\veriw.dat
2004-10-28 14:00 11,591 --sha-w C:\WINDOWS\SYSTEM32\vhyao.dat
2004-08-14 16:01 11,591 --sha-w C:\WINDOWS\SYSTEM32\viout.dat
2004-07-30 13:19 3,063 --sha-w C:\WINDOWS\SYSTEM32\vipaa.dat
2004-07-13 18:43 0 -csha-w C:\WINDOWS\SYSTEM32\vkars.dll
2004-07-16 23:28 11,591 --sha-w C:\WINDOWS\SYSTEM32\vkrfz.dat
2004-07-16 06:42 3,063 --sha-w C:\WINDOWS\SYSTEM32\vkspx.dat
2004-08-07 01:09 3,063 --sha-w C:\WINDOWS\SYSTEM32\vnbmi.dat
2004-09-30 17:40 3,063 --sha-w C:\WINDOWS\SYSTEM32\vrlbr.dat
2005-01-16 18:51 0 -csha-w C:\WINDOWS\SYSTEM32\vsnne.dll
2004-08-07 08:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\vytvg.dat
2004-07-21 00:24 11,591 --sha-w C:\WINDOWS\SYSTEM32\wdtwy.dat
2004-09-14 06:11 11,591 --sha-w C:\WINDOWS\SYSTEM32\wfkqw.dat
2004-07-21 16:17 11,591 --sha-w C:\WINDOWS\SYSTEM32\wmeiw.dat
2004-07-13 18:35 3,063 --sha-w C:\WINDOWS\SYSTEM32\wplos.dat
2004-07-22 10:18 11,591 --sha-w C:\WINDOWS\SYSTEM32\wpvtn.dat
2004-07-21 01:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\wqgnf.dat
2004-10-16 04:48 3,362 --sha-w C:\WINDOWS\SYSTEM32\wvkme.dat
2004-07-29 15:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\wyluv.dat
2004-08-09 21:28 3,063 --sha-w C:\WINDOWS\SYSTEM32\xaruh.dat
2004-07-23 23:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\xswhq.dat
2004-07-26 10:41 3,063 --sha-w C:\WINDOWS\SYSTEM32\xvfdf.dat
2004-08-06 00:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\xwslt.dat
2004-11-16 14:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\xyjrl.dat
2004-07-26 06:53 11,591 --sha-w C:\WINDOWS\SYSTEM32\yfode.dat
2004-08-09 16:17 3,063 --sha-w C:\WINDOWS\SYSTEM32\yhikc.dat
2004-07-26 23:01 11,591 --sha-w C:\WINDOWS\SYSTEM32\ynhpr.dat
2004-08-11 15:02 11,591 --sha-w C:\WINDOWS\SYSTEM32\yqbmr.dat
2004-10-12 15:17 3,362 --sha-w C:\WINDOWS\SYSTEM32\yrsli.dat
2004-11-04 13:51 0 -csha-w C:\WINDOWS\SYSTEM32\ywfgj.dll
2004-08-13 09:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\yzhky.dat
2004-08-07 21:51 3,063 --sha-w C:\WINDOWS\SYSTEM32\zhggo.dat
2004-10-31 18:31 11,591 --sha-w C:\WINDOWS\SYSTEM32\zlfvi.dat
2004-08-11 21:54 3,063 --sha-w C:\WINDOWS\SYSTEM32\znrdw.dat
2004-07-24 07:05 11,591 --sha-w C:\WINDOWS\SYSTEM32\zpbrk.dat
2004-07-27 10:52 11,591 --sha-w C:\WINDOWS\SYSTEM32\zspjc.dat
2004-08-28 08:09 3,063 --sha-w C:\WINDOWS\SYSTEM32\zyomv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-12-08 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-12-08 151597]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 323584]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-27 1234712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-27 136600]
"Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [2004-09-02 221184]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 C:\WINDOWS\BCMSMMSG.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= jpegCode.dll
"VIDC.MJPG"= jpegCode.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-27 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-27 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-27 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-27 76040]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-27 152984]
S3 PentaxUsb;PENTAX Optio E10 on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976]
S3 PentaxVc;PENTAX Optio E10 Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2004-11-24 44256]

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-2131743181 - D:\UReg\Pentax_Win_GM_10042005.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Kristin Faith\Application Data\Mozilla\Firefox\Profiles\v68ettuz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 17:15:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = C:\Program Files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x???????????????????????????x??????????????w????????????j??w????x???x??????????????

scanning hidden files ...

C:\WINDOWS\zexiz.dat:spsyt 56832 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-10-29 17:18:30
ComboFix-quarantined-files.txt 2008-10-29 22:18:22

Pre-Run: 32,372,797,440 bytes free
Post-Run: 32,358,969,344 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

738 --- E O F --- 2008-10-29 10:52:50

ken545 · Oct 29, 2008

Hi,

You have an infection on this system that has not been around for awhile so I can believe you have not had this computer online. I had to search for the tool to remove this as it is not used to much anymore so my instructions may be a bit different . Just download the tool to your desktop, boot to safemode and run it.

Download CWShredder to your desktop.

Open CWShredder
Check for Updates
Close out the program. <-- Dont run it yet

Boot your computer into Safemode
- Go to Start> Shut Off your Computer> Restart
- As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly.
- This will bring up a menu.
- Use the Up and Down Arrow Keys to scroll up to SAFEMODE
- Then press the Enter on your Keyboard
Tutorial if you need it How to boot into Safemode

Open CWShredder
Double-click on CWShredder.exe.
Click Fix and click OK at the prompt.
CWShredder will scan and clean your system of CWS files.
Click Next and then Exit .

Reboot normally.

This program should produce a log, post it please

not2brightblonde · Oct 30, 2008

Okay, when I checked for updates it said "could not check for updates"
So I ran it and heres the log.
It did say at the end that it removed- cws homesearch,
I so appreciate you helping me!

**** Run Keys ****

RUN: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
RUN: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
RUN: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RUN: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
RUN: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
RUN: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
RUN: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
RUN: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
RUN: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
RUN: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: [AVG Safe Search] C:\Program Files\AVG\AVG8\avgssie.dll
BHO: [Spybot-S&D IE Protection] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: [Java(tm) Plug-In SSV Helper] C:\Program Files\Java\jre6\bin\ssv.dll
BHO: [Java(tm) Plug-In 2 SSV Helper] C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO: [JQSIEStartDetectorImpl Class] C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

**** IE Toolbars ****

TOOLBAR: []

**** IE Extensions ****

IEExt: []
IEExt: [Real.com]
IEExt: [Real.com]
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe

**** Hosts File Entries ****

**** IE Settings ****

Default Page: http://go.microsoft.com/fwlink/?LinkId=69157
Default Search: http://go.microsoft.com/fwlink/?LinkId=54896
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

**** IE Context Menu (Right click) ****

**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F3162BA-20E3-41BE-95FD-1835E937ACD9}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F3162BA-20E3-41BE-95FD-1835E937ACD9}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{71BE967A-7457-46D1-A4C4-6DC41117DDAA}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{71BE967A-7457-46D1-A4C4-6DC41117DDAA}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{89DF9ED9-876F-42C2-BB50-BFFED77E83D5}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{89DF9ED9-876F-42C2-BB50-BFFED77E83D5}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05A1C1AC-BD54-4631-A16F-0D38205A5D3A}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05A1C1AC-BD54-4631-A16F-0D38205A5D3A}] DATAGRAM 4

**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No

**** Downloaded Program Files ****

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab]
{72770C4F-967D-4517-982B-92D6B9015649} [http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0] C:\WINDOWS\Downloaded Program Files\DigWebX.dll
{89D75D39-5531-47BA-9E4F-B346BA9C362C} [http://www.callwave.com/include/cab/CWDL_DownLoad.CAB]
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab]
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab]
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} [http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab]

**** Windows Services ****

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[avg8emc] C:\PROGRA~1\AVG\AVG8\avgemc.exe
[avg8wd] C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
[BITS] %SystemRoot%\system32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\system32\svchost.exe -k netsvcs
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[Fax] %systemroot%\system32\fxssvc.exe
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[IDriverT] "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
[ImapiService] %systemroot%\system32\imapi.exe
[JavaQuickStarterService] "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
[lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] %systemroot%\system32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\system32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[NetSvc] C:\Program Files\Intel\NCS\Sync\NetSvc.exe
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\system32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[w32time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs

**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.msn.com/
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [AddToFavoritesExpanded]
IEOPT: [NotifyDownloadComplete] no
IEOPT: [Use Search Asst] no
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [Use FormSuggest] no
IEOPT: [AutoSearch]
IEOPT: [RunOnceHasShown]
IEOPT: [RunOnceComplete]
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.msn.com/
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Use Search Asst] no
IEOPT: [CustomizeSearch] no
IEOPT: [IEWatsonEnabled]
IEOPT: [Default_Page_URL] http://go.microsoft.com/fwlink/?LinkId=69157
IEOPT: [Default_Search_URL] http://go.microsoft.com/fwlink/?LinkId=54896
IEOPT: [Search Page] http://go.microsoft.com/fwlink/?LinkId=54896

ken545 · Oct 30, 2008

Hi,

What I would like you to do is to drag Combofix to the trash and grab a fresh copy as its updated on a regular basis and run it again, post both the NEW Combofix log and a NEW hijackthis log

Download Combofix from any of the links below, and save it to your desktop. <-- Important
Link 1
Link 2
Link 3

not2brightblonde · Oct 30, 2008

Here are the 2 logs-

ComboFix 08-10-30.04 - Kristin Faith 2008-10-29 22:05:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.371 [GMT -5:00]
Running from: C:\Documents and Settings\Kristin Faith\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.

2008-10-29 13:17 . 2008-10-29 13:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 13:17 . 2008-10-29 13:17 <DIR> d-------- C:\Documents and Settings\Kristin Faith\Application Data\Malwarebytes
2008-10-29 13:17 . 2008-10-29 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-29 13:17 . 2008-10-22 16:28 38,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-29 13:17 . 2008-10-22 16:28 15,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-10-29 11:27 . 2008-10-29 11:27 <DIR> d-------- C:\Documents and Settings\Kristin Faith\Application Data\AdobeUM
2008-10-29 10:51 . 2008-10-29 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-29 10:11 . 2008-10-29 10:11 <DIR> d-------- C:\Documents and Settings\Kristin Faith\Application Data\ACD Systems
2008-10-29 10:02 . 2008-10-29 10:54 <DIR> d-------- C:\Program Files\Optio E10 Digital Camera
2008-10-29 10:02 . 2004-07-12 10:48 16,896 --a------ C:\WINDOWS\SYSTEM32\CoachDlg.dll
2008-10-29 10:01 . 2008-10-29 10:01 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-10-29 10:01 . 2008-10-29 10:01 <DIR> d-------- C:\Program Files\ACD Systems
2008-10-29 10:01 . 2008-10-29 10:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-10-29 10:00 . 2008-10-29 10:00 9,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys
2008-10-29 09:59 . 2008-10-29 09:59 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-10-29 08:47 . 2008-10-29 09:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-10-28 23:09 . 2008-10-28 23:15 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-28 23:08 . 2008-10-28 23:08 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-10-28 22:57 . 2008-10-28 22:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-28 22:54 . 2008-08-14 05:00 2,180,352 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-28 22:54 . 2008-08-14 04:58 2,136,064 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-28 22:54 . 2008-08-14 04:22 2,057,728 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-28 22:54 . 2008-08-14 04:22 2,015,744 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-28 22:39 . 2008-09-15 06:57 1,846,016 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-10-28 22:15 . 2008-08-28 05:04 333,056 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
2008-10-28 22:09 . 2008-04-11 13:50 683,520 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2008-10-28 21:47 . 2008-05-08 07:28 202,752 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-10-28 21:12 . 2008-10-28 21:12 <DIR> d-------- C:\Program Files\CCleaner
2008-10-28 14:40 . 2008-10-28 14:41 432 --a------ C:\WINDOWS\wininit.ini
2008-10-28 13:19 . 2008-10-28 13:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-28 13:19 . 2008-10-28 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-28 05:29 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-10-27 21:26 . 2008-08-14 04:51 138,368 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-10-27 20:51 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
2008-10-27 14:31 . 2008-10-27 14:31 410,976 --a------ C:\WINDOWS\SYSTEM32\deploytk.dll
2008-10-27 14:31 . 2008-10-27 14:31 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-10-27 05:59 . 2008-10-15 11:57 332,800 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-27 05:23 . 2008-10-28 10:00 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-27 05:10 . 2008-10-27 05:10 76,040 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-10-27 05:10 . 2008-10-27 05:10 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-10-27 05:09 . 2008-10-29 09:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-10-27 05:09 . 2008-10-27 05:09 <DIR> d-------- C:\Program Files\AVG
2008-10-27 05:09 . 2008-10-27 05:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-27 05:09 . 2008-10-27 05:09 97,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-10-26 22:34 . 2008-10-26 22:35 6 --a------ C:\WINDOWS\msoffice.ini
2008-10-26 20:11 . 2001-08-17 22:36 171,008 --a------ C:\WINDOWS\SYSTEM32\LXADSUI.DLL
2008-10-01 09:51 . 2008-10-01 09:51 3,063 --ahs---- C:\WINDOWS\sthcl.dat
2008-09-01 06:51 . 2008-09-01 06:51 116,384 --a------ C:\WINDOWS\submit2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 04:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-28 19:42 --------- d-----w C:\Program Files\eZula
2008-10-27 19:31 --------- d-----w C:\Program Files\Java
2008-10-27 14:30 --------- d-----w C:\Program Files\SBITPlugin
2008-10-27 14:02 --------- d-----w C:\Documents and Settings\Kristin Faith\Application Data\sysjt
2008-10-27 10:44 --------- d-----w C:\Program Files\Common Files\AOL
2008-10-27 10:41 --------- d-----w C:\Program Files\Toolbar
2008-10-27 03:37 --------- d-----w C:\Program Files\Hasbro Interactive
2008-10-27 03:35 --------- d-----w C:\Program Files\Common Files\aolshare
2008-10-27 03:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-10-27 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-19 09:30 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-07-18 16:01 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-07-18 16:01 50,688 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\twain_32.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2004-06-09 23:21 110,592 ----a-w C:\Program Files\Common Files\submit2.exe
2004-08-15 18:43 11,591 --sha-w C:\WINDOWS\acpbr.dat
2004-08-01 02:07 3,063 --sha-w C:\WINDOWS\adxbd.dat
2004-08-06 02:31 3,063 --sha-w C:\WINDOWS\aeyxd.dat
2004-07-25 19:38 11,591 --sha-w C:\WINDOWS\afkuk.dat
2004-08-08 12:40 3,063 --sha-w C:\WINDOWS\atpqn.dat
2005-01-22 02:19 11,592 --sha-w C:\WINDOWS\axnca.dat
2004-08-03 12:03 3,063 --sha-w C:\WINDOWS\betdd.dat
2004-09-03 12:34 11,591 --sha-w C:\WINDOWS\bluhe.dat
2004-07-19 01:23 3,063 --sha-w C:\WINDOWS\bmusf.dat
2004-08-01 21:43 11,591 --sha-w C:\WINDOWS\bofpj.dat
2004-08-22 01:07 11,591 --sha-w C:\WINDOWS\bpjka.dat
2004-08-06 18:07 3,063 --sha-w C:\WINDOWS\btffy.dat
2004-07-31 23:51 3,063 --sha-w C:\WINDOWS\bvoqs.dat
2004-07-14 12:57 3,063 --sha-w C:\WINDOWS\bwivf.dat
2004-07-23 14:19 3,063 --sha-w C:\WINDOWS\bwrcz.dat
2004-07-15 22:02 11,591 --sha-w C:\WINDOWS\cbbjj.dat
2004-07-30 05:46 3,063 --sha-w C:\WINDOWS\cevvj.dat
2004-07-25 05:11 3,063 --sha-w C:\WINDOWS\cgsbj.dat
2004-12-03 03:28 11,591 --sha-w C:\WINDOWS\cshqp.dat
2004-07-17 06:36 11,591 --sha-w C:\WINDOWS\csklt.dat
2004-07-21 10:34 3,063 --sha-w C:\WINDOWS\cstlr.dat
2004-09-06 20:45 11,591 --sha-w C:\WINDOWS\dmjbs.dat
2004-08-10 21:01 3,063 --sha-w C:\WINDOWS\dogsl.dat
2004-07-28 09:44 11,591 --sha-w C:\WINDOWS\dtipq.dat
2004-08-11 19:09 11,591 --sha-w C:\WINDOWS\dvuwo.dat
2004-08-01 22:09 11,591 --sha-w C:\WINDOWS\ebpzk.dat
2004-11-02 19:18 11,591 --sha-w C:\WINDOWS\ecbro.dat
2004-07-28 22:34 3,063 --sha-w C:\WINDOWS\edqxj.dat
2004-07-15 04:39 3,063 --sha-w C:\WINDOWS\eejqq.dat
2004-08-05 05:50 11,591 --sha-w C:\WINDOWS\efmvf.dat
2004-07-27 06:19 11,591 --sha-w C:\WINDOWS\ejaoo.dat
2004-07-19 10:34 3,063 --sha-w C:\WINDOWS\esdlm.dat
2004-07-24 06:32 11,591 --sha-w C:\WINDOWS\etfvy.dat
2004-07-26 20:09 3,063 --sha-w C:\WINDOWS\eyjlt.dat
2004-07-28 21:24 11,591 --sha-w C:\WINDOWS\fgwht.dat
2004-07-29 17:48 11,591 --sha-w C:\WINDOWS\fhdsq.dat
2004-07-27 07:45 3,063 --sha-w C:\WINDOWS\fjuhl.dat
2004-08-07 14:47 11,591 --sha-w C:\WINDOWS\fkdpv.dat
2004-08-11 12:15 11,591 --sha-w C:\WINDOWS\fqrcj.dat
2004-10-25 00:35 0 --sha-w C:\WINDOWS\gczvs.dll
2004-07-28 12:25 3,063 --sha-w C:\WINDOWS\gejdf.dat
2004-08-04 19:41 11,591 --sha-w C:\WINDOWS\ggfba.dat
2004-08-08 15:12 3,063 --sha-w C:\WINDOWS\ghopi.dat
2004-07-28 15:08 11,591 --sha-w C:\WINDOWS\gmdxz.dat
2004-08-01 18:53 3,063 --sha-w C:\WINDOWS\gqeem.dat
2004-08-05 09:50 3,063 --sha-w C:\WINDOWS\grtwx.dat
2004-07-27 21:12 11,591 --sha-w C:\WINDOWS\gvkry.dat
2004-07-23 19:49 11,591 --sha-w C:\WINDOWS\gvvfr.dat
2005-01-12 21:00 3,347 --sha-w C:\WINDOWS\gwbnr.dat
2004-08-11 09:09 3,063 --sha-w C:\WINDOWS\gzedw.dat
2004-09-08 05:42 11,591 --sha-w C:\WINDOWS\heaky.dat
2004-07-30 23:41 11,591 --sha-w C:\WINDOWS\hutbs.dat
2004-11-06 14:46 11,591 --sha-w C:\WINDOWS\hutxg.dat
2004-07-29 02:26 11,591 --sha-w C:\WINDOWS\hvhpb.dat
2004-12-30 16:24 3,063 --sha-w C:\WINDOWS\isppn.dat
2004-09-29 03:16 3,063 --sha-w C:\WINDOWS\jaacl.dat
2004-08-07 04:49 11,591 --sha-w C:\WINDOWS\jaiyq.dat
2004-07-30 16:38 3,063 --sha-w C:\WINDOWS\jjgbn.dat
2004-08-18 12:53 3,063 --sha-w C:\WINDOWS\jlgsc.dat
2004-07-29 22:53 3,063 --sha-w C:\WINDOWS\jmuvj.dat
2004-08-06 00:42 3,063 --sha-w C:\WINDOWS\jokdo.dat
2004-10-04 04:50 3,063 --sha-w C:\WINDOWS\jsums.dat
2004-11-24 19:02 11,591 --sha-w C:\WINDOWS\jwwje.dat
2004-08-05 01:51 11,591 --sha-w C:\WINDOWS\kdvzk.dat
2004-07-20 08:29 11,591 --sha-w C:\WINDOWS\kesui.dat
2004-08-07 02:22 3,063 --sha-w C:\WINDOWS\krwfj.dat
2004-07-31 14:32 3,063 --sha-w C:\WINDOWS\kveyt.dat
2004-08-01 10:52 3,063 --sha-w C:\WINDOWS\kvxih.dat
2004-08-11 21:03 3,063 --sha-w C:\WINDOWS\kvxwm.dat
2004-08-08 18:08 11,591 --sha-w C:\WINDOWS\kwtgd.dat
2004-10-03 21:12 3,063 --sha-w C:\WINDOWS\lfeeg.dat
2004-07-21 09:25 11,591 --sha-w C:\WINDOWS\lpzpb.dat
2004-07-21 17:18 11,591 --sha-w C:\WINDOWS\lyejt.dat
2004-10-24 17:41 11,591 --sha-w C:\WINDOWS\lynal.dat
2004-09-29 07:19 11,591 --sha-w C:\WINDOWS\lynsq.dat
2004-08-09 22:55 11,591 --sha-w C:\WINDOWS\mazsx.dat
2004-08-05 09:43 3,063 --sha-w C:\WINDOWS\misie.dat
2004-09-10 18:58 11,591 --sha-w C:\WINDOWS\mpsgr.dat
2004-08-02 15:40 3,063 --sha-w C:\WINDOWS\myeuc.dat
2004-07-28 05:42 11,591 --sha-w C:\WINDOWS\ndbjk.dat
2004-07-20 05:01 2,569 --sha-w C:\WINDOWS\ndfwo.dat
2004-09-22 10:12 3,063 --sha-w C:\WINDOWS\ndjpz.dat
2004-08-04 00:06 3,063 --sha-w C:\WINDOWS\ndlwy.dat
2004-09-21 09:29 3,063 --sha-w C:\WINDOWS\nfprq.dat
2004-10-25 18:46 11,591 --sha-w C:\WINDOWS\nfzwj.dat
2004-07-31 18:32 3,063 --sha-w C:\WINDOWS\nijbw.dat
2004-08-04 18:10 11,591 --sha-w C:\WINDOWS\njjsq.dat
2004-10-13 14:47 11,591 --sha-w C:\WINDOWS\njlat.dat
2004-08-03 13:28 3,063 --sha-w C:\WINDOWS\nprzv.dat
2004-08-10 20:43 11,591 --sha-w C:\WINDOWS\nqmxq.dat
2004-08-12 02:28 11,591 --sha-w C:\WINDOWS\nrmuh.dat
2004-07-16 07:39 11,591 --sha-w C:\WINDOWS\nuedz.dat
2004-10-02 19:13 3,362 --sha-w C:\WINDOWS\nvwyv.dat
2004-12-29 16:43 3,063 --sha-w C:\WINDOWS\nwrns.dat
2004-07-19 09:37 11,591 --sha-w C:\WINDOWS\nzelh.dat
2004-07-29 00:21 3,063 --sha-w C:\WINDOWS\nzqyq.dat
2004-11-04 13:53 0 -csha-w C:\WINDOWS\n_sdhgps.dat
2004-08-26 05:49 0 --sha-w C:\WINDOWS\n_vrpxfx.dat
2004-11-06 12:19 0 -csha-w C:\WINDOWS\n_xeqiur.dat
2004-08-12 17:05 11,591 --sha-w C:\WINDOWS\obput.dat
2004-08-09 21:27 3,063 --sha-w C:\WINDOWS\oezbw.dat
2005-01-09 09:45 11,591 --sha-w C:\WINDOWS\ogczs.dat
2004-08-08 06:59 11,591 --sha-w C:\WINDOWS\ogdyi.dat
2004-07-20 16:06 3,063 --sha-w C:\WINDOWS\ogxsg.dat
2004-08-05 21:30 11,591 --sha-w C:\WINDOWS\oindw.dat
2004-07-19 20:35 11,591 --sha-w C:\WINDOWS\ojabj.dat
2004-08-05 20:21 11,591 --sha-w C:\WINDOWS\oktfy.dat
2004-08-01 20:34 3,063 --sha-w C:\WINDOWS\oqsmx.dat
2004-08-09 03:50 11,591 --sha-w C:\WINDOWS\orolk.dat
2004-08-02 16:15 11,591 --sha-w C:\WINDOWS\otajm.dat
2005-01-08 12:46 11,591 --sha-w C:\WINDOWS\ouign.dat
2005-01-03 02:22 3,063 --sha-w C:\WINDOWS\ovnaz.dat
2004-07-21 03:28 3,063 --sha-w C:\WINDOWS\owcot.dat
2005-01-08 12:46 3,063 --sha-w C:\WINDOWS\owdsp.dat
2004-08-22 01:26 11,591 --sha-w C:\WINDOWS\owkbh.dat
2004-08-09 14:19 11,591 --sha-w C:\WINDOWS\oxmxe.dat
2004-08-08 14:59 11,591 --sha-w C:\WINDOWS\oxzql.dat
2005-01-03 02:22 3,063 --sha-w C:\WINDOWS\oztga.dat
2004-08-11 22:46 11,591 --sha-w C:\WINDOWS\pbdpr.dat
2004-09-29 08:35 3,063 --sha-w C:\WINDOWS\piina.dat
2004-10-06 15:51 11,591 --sha-w C:\WINDOWS\pjdlo.dat
2004-08-24 03:09 3,063 --sha-w C:\WINDOWS\pmjnv.dat
2004-08-12 02:00 3,063 --sha-w C:\WINDOWS\pnbgw.dat
2004-08-13 16:54 11,591 --sha-w C:\WINDOWS\pnnbs.dat
2004-12-22 07:04 11,591 --sha-w C:\WINDOWS\pydeu.dat
2004-08-04 15:31 3,063 --sha-w C:\WINDOWS\pzire.dat
2004-08-01 16:34 11,591 --sha-w C:\WINDOWS\pzuea.dat
2004-10-15 14:54 11,591 --sha-w C:\WINDOWS\qagxk.dat
2004-11-05 21:36 3,347 --sha-w C:\WINDOWS\qaypk.dat
2004-08-03 19:11 11,591 --sha-w C:\WINDOWS\qevbx.dat
2004-07-22 18:13 3,063 --sha-w C:\WINDOWS\qjyei.dat
2004-07-30 01:28 11,591 --sha-w C:\WINDOWS\qltcw.dat
2004-10-26 08:37 3,063 --sha-w C:\WINDOWS\qpywd.dat
2004-07-23 12:42 3,063 --sha-w C:\WINDOWS\qvxee.dat
2004-08-30 07:34 11,591 --sha-w C:\WINDOWS\qzqhd.dat
2005-10-21 17:52 11,591 --sha-w C:\WINDOWS\rftnj.dat
2004-09-15 22:43 11,591 --sha-w C:\WINDOWS\rhhrr.dat
2004-08-15 16:52 3,063 --sha-w C:\WINDOWS\rjnbk.dat
2004-08-12 19:58 11,591 --sha-w C:\WINDOWS\rljfo.dat
2004-07-28 16:05 11,591 --sha-w C:\WINDOWS\rsisp.dat
2004-09-08 19:33 3,063 --sha-w C:\WINDOWS\rvrlw.dat
2004-07-20 23:42 3,063 --sha-w C:\WINDOWS\rwypo.dat
2004-09-11 02:50 11,591 --sha-w C:\WINDOWS\rzvze.dat
2004-08-11 21:44 3,063 --sha-w C:\WINDOWS\shqsy.dat
2005-01-16 19:49 3,063 --sha-w C:\WINDOWS\sjlsz.dat
2004-07-23 22:24 11,591 --sha-w C:\WINDOWS\slaig.dat
2004-08-13 05:40 3,063 --sha-w C:\WINDOWS\snjsz.dat
2004-09-05 08:33 11,591 --sha-w C:\WINDOWS\svcaz.dat
2004-08-05 01:58 11,591 --sha-w C:\WINDOWS\szfca.dat
2004-11-24 19:49 3,063 --sha-w C:\WINDOWS\szqvg.dat
2004-07-23 19:28 11,591 --sha-w C:\WINDOWS\takpi.dat
2004-07-24 07:43 3,063 --sha-w C:\WINDOWS\tczen.dat
2004-08-14 17:52 3,063 --sha-w C:\WINDOWS\tonme.dat
2004-10-17 02:45 3,362 --sha-w C:\WINDOWS\ttezl.dat
2004-09-08 23:43 11,591 --sha-w C:\WINDOWS\ttkap.dat
2004-11-16 22:24 11,591 --sha-w C:\WINDOWS\tzffe.dat
2004-07-17 07:37 3,063 --sha-w C:\WINDOWS\uiibd.dat
2004-08-14 23:44 11,591 --sha-w C:\WINDOWS\ukbcr.dat
2005-10-15 20:30 11,591 --sha-w C:\WINDOWS\uohgw.dat
2004-11-25 12:19 11,591 --sha-w C:\WINDOWS\uqdiw.dat
2004-10-24 14:54 11,591 --sha-w C:\WINDOWS\uunnf.dat
2004-08-02 07:37 3,063 --sha-w C:\WINDOWS\uwhnv.dat
2004-08-07 23:05 11,591 --sha-w C:\WINDOWS\uynzk.dat
2004-07-13 23:18 3,063 --sha-w C:\WINDOWS\vefou.dat
2004-08-05 07:36 11,591 --sha-w C:\WINDOWS\vjmwl.dat
2004-07-21 02:28 3,063 --sha-w C:\WINDOWS\vjnrv.dat
2004-10-22 10:24 11,591 --sha-w C:\WINDOWS\vjpkn.dat
2004-09-22 13:39 11,591 --sha-w C:\WINDOWS\vlmbx.dat
2004-08-06 00:34 11,591 --sha-w C:\WINDOWS\vymlo.dat
2004-07-22 13:29 3,063 --sha-w C:\WINDOWS\vzctz.dat
2004-07-20 19:35 11,591 --sha-w C:\WINDOWS\wjpge.dat
2005-10-15 20:30 11,591 --sha-w C:\WINDOWS\wmyvd.dat
2005-10-15 20:30 3,063 --sha-w C:\WINDOWS\woggi.dat
2004-08-10 10:17 3,063 --sha-w C:\WINDOWS\wpwls.dat
2004-07-18 21:43 11,591 --sha-w C:\WINDOWS\wrsjn.dat
2004-07-14 09:28 11,591 --sha-w C:\WINDOWS\wtdtx.dat
2004-08-05 17:29 11,591 --sha-w C:\WINDOWS\xadjo.dat
2004-07-24 21:21 11,591 --sha-w C:\WINDOWS\xajtt.dat
2004-07-21 20:52 11,591 --sha-w C:\WINDOWS\xckqh.dat
2004-07-27 21:44 3,063 --sha-w C:\WINDOWS\xfaga.dat
2004-08-04 13:49 11,591 --sha-w C:\WINDOWS\xfmpq.dat
2004-11-10 12:16 3,063 --sha-w C:\WINDOWS\xknkd.dat
2004-07-29 14:22 11,591 --sha-w C:\WINDOWS\xmjir.dat
2004-10-13 06:10 3,362 --sha-w C:\WINDOWS\xmzdy.dat
2004-10-11 12:46 3,063 --sha-w C:\WINDOWS\xqovx.dat
2004-08-05 01:32 11,591 --sha-w C:\WINDOWS\xuqyo.dat
2004-08-01 19:18 11,591 --sha-w C:\WINDOWS\xvlfl.dat
2004-07-28 21:17 3,063 --sha-w C:\WINDOWS\xwdst.dat
2004-07-18 06:40 11,591 --sha-w C:\WINDOWS\xxgel.dat
2004-08-05 04:33 11,591 --sha-w C:\WINDOWS\xyzqo.dat
2004-07-21 07:53 3,063 --sha-w C:\WINDOWS\ykizd.dat
2004-10-24 04:55 11,591 --sha-w C:\WINDOWS\ytzvb.dat
2004-10-19 10:35 11,591 --sha-w C:\WINDOWS\yznyh.dat
2004-10-11 12:46 3,063 --sha-w C:\WINDOWS\yzyhx.dat
2004-10-25 14:06 3,362 --sha-w C:\WINDOWS\yzzba.dat
2004-10-11 12:46 3,063 --sha-w C:\WINDOWS\zexiz.dat
2004-07-20 10:13 11,591 --sha-w C:\WINDOWS\zgtgv.dat
2004-07-29 08:29 11,591 --sha-w C:\WINDOWS\zhvlq.dat
2004-08-06 18:41 3,063 --sha-w C:\WINDOWS\zogde.dat
2004-07-20 08:00 3,063 --sha-w C:\WINDOWS\ztdqe.dat
2004-08-04 19:28 3,063 --sha-w C:\WINDOWS\zxznu.dat
2004-09-11 16:35 56,832 --sha-w C:\WINDOWS\SYSTEM32\artoy.dll
2004-08-06 17:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\aycog.dat
2004-08-03 17:43 11,591 --sha-w C:\WINDOWS\SYSTEM32\bbrkw.dat
2004-07-22 07:37 11,591 --sha-w C:\WINDOWS\SYSTEM32\bcefl.dat
2004-08-15 12:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\bjdzk.dat
2004-07-24 20:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\blptf.dat
2004-07-30 08:51 3,063 --sha-w C:\WINDOWS\SYSTEM32\bodau.dat
2004-07-25 10:05 3,063 --sha-w C:\WINDOWS\SYSTEM32\bswam.dat
2004-08-06 16:13 11,591 --sha-w C:\WINDOWS\SYSTEM32\bxyuj.dat
2004-08-02 07:51 3,063 --sha-w C:\WINDOWS\SYSTEM32\capkn.dat
2004-08-06 16:40 3,063 --sha-w C:\WINDOWS\SYSTEM32\cbefv.dat
2004-08-11 11:22 3,063 --sha-w C:\WINDOWS\SYSTEM32\cemrs.dat
2004-07-29 21:19 3,063 --sha-w C:\WINDOWS\SYSTEM32\cevrv.dat
2004-08-03 05:43 3,063 --sha-w C:\WINDOWS\SYSTEM32\cnyci.dat
2004-07-25 10:44 3,063 --sha-w C:\WINDOWS\SYSTEM32\cqklv.dat
2004-08-06 12:45 3,063 --sha-w C:\WINDOWS\SYSTEM32\czpuf.dat
2004-07-21 03:27 3,063 --sha-w C:\WINDOWS\SYSTEM32\dbteq.dat
2004-10-04 10:23 3,063 --sha-w C:\WINDOWS\SYSTEM32\ddeli.dat
2004-07-13 02:25 11,591 --sha-w C:\WINDOWS\SYSTEM32\dibfo.dat
2004-07-22 23:20 3,063 --sha-w C:\WINDOWS\SYSTEM32\dklng.dat
2004-07-30 21:33 11,591 --sha-w C:\WINDOWS\SYSTEM32\dnrul.dat
2004-07-24 11:54 11,591 --sha-w C:\WINDOWS\SYSTEM32\dnvhr.dat
2004-07-30 04:29 11,591 --sha-w C:\WINDOWS\SYSTEM32\dtamz.dat
2004-07-28 09:14 11,591 --sha-w C:\WINDOWS\SYSTEM32\dvsnb.dat
2004-08-06 11:49 11,591 --sha-w C:\WINDOWS\SYSTEM32\ebied.dat
2004-07-18 16:08 11,591 --sha-w C:\WINDOWS\SYSTEM32\ebkdr.dat
2004-09-13 21:56 3,063 --sha-w C:\WINDOWS\SYSTEM32\ecbfh.dat
2004-07-14 14:02 3,063 --sha-w C:\WINDOWS\SYSTEM32\eczje.dat
2004-07-19 08:05 3,063 --sha-w C:\WINDOWS\SYSTEM32\edjxl.dat
2004-10-13 20:59 3,063 --sha-w C:\WINDOWS\SYSTEM32\egbev.dat
2004-07-24 16:34 11,591 --sha-w C:\WINDOWS\SYSTEM32\enfko.dat
2004-10-21 04:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\eqwdj.dat
2004-08-06 19:43 11,591 --sha-w C:\WINDOWS\SYSTEM32\fegzd.dat
2004-08-01 02:45 11,591 --sha-w C:\WINDOWS\SYSTEM32\ffjcn.dat
2004-08-02 15:23 3,063 --sha-w C:\WINDOWS\SYSTEM32\ffvtg.dat
2004-08-10 02:22 11,591 --sha-w C:\WINDOWS\SYSTEM32\fnelk.dat
2004-08-04 05:59 3,063 --sha-w C:\WINDOWS\SYSTEM32\fueav.dat
2004-08-31 20:30 11,591 --sha-w C:\WINDOWS\SYSTEM32\fwawd.dat
2004-08-02 15:07 11,591 --sha-w C:\WINDOWS\SYSTEM32\fyqgn.dat
2004-08-01 17:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\gbcfr.dat
2004-08-09 17:26 3,063 --sha-w C:\WINDOWS\SYSTEM32\gkkfb.dat
2004-08-10 16:23 11,591 --sha-w C:\WINDOWS\SYSTEM32\gmcxg.dat
2004-08-11 19:20 3,063 --sha-w C:\WINDOWS\SYSTEM32\grtxf.dat
2004-07-15 20:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\gtnlk.dat
2004-07-29 14:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\gyrfb.dat
2004-07-21 20:17 3,063 --sha-w C:\WINDOWS\SYSTEM32\hdsau.dat
2004-07-30 20:53 3,063 --sha-w C:\WINDOWS\SYSTEM32\hiawa.dat
2004-07-22 03:21 11,591 --sha-w C:\WINDOWS\SYSTEM32\hjidg.dat
2004-07-19 12:49 11,591 --sha-w C:\WINDOWS\SYSTEM32\hnbdg.dat
2004-08-06 09:06 3,063 --sha-w C:\WINDOWS\SYSTEM32\hpljt.dat
2004-07-30 01:13 11,591 --sha-w C:\WINDOWS\SYSTEM32\hvgbo.dat
2004-07-23 09:41 11,591 --sha-w C:\WINDOWS\SYSTEM32\ibzlo.dat
2004-07-15 23:47 11,591 --sha-w C:\WINDOWS\SYSTEM32\ilckq.dat
2004-07-31 13:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\iyeqi.dat
2004-08-04 11:41 3,063 --sha-w C:\WINDOWS\SYSTEM32\jceuy.dat
2004-08-18 18:51 11,591 --sha-w C:\WINDOWS\SYSTEM32\jesmj.dat
2004-07-24 13:22 11,591 --sha-w C:\WINDOWS\SYSTEM32\jeuue.dat
2004-07-25 18:39 3,063 --sha-w C:\WINDOWS\SYSTEM32\jfwty.dat
2004-08-10 19:18 11,591 --sha-w C:\WINDOWS\SYSTEM32\jgpbr.dat
2004-07-25 16:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\jijsu.dat
2004-07-21 10:32 11,591 --sha-w C:\WINDOWS\SYSTEM32\jkiwh.dat
2004-08-02 01:54 11,591 --sha-w C:\WINDOWS\SYSTEM32\jorrt.dat
2004-08-01 23:30 11,591 --sha-w C:\WINDOWS\SYSTEM32\jsfqh.dat
2004-07-23 04:28 11,591 --sha-w C:\WINDOWS\SYSTEM32\jvlzm.dat
2004-07-16 03:01 3,063 --sha-w C:\WINDOWS\SYSTEM32\jxawo.dat
2004-07-27 07:24 3,063 --sha-w C:\WINDOWS\SYSTEM32\jxbak.dat
2004-07-13 14:43 11,591 --sha-w C:\WINDOWS\SYSTEM32\kbeon.dat
2004-07-27 18:11 11,591 --sha-w C:\WINDOWS\SYSTEM32\kbuzm.dat
2004-07-31 05:42 11,591 --sha-w C:\WINDOWS\SYSTEM32\kdadr.dat
2004-07-23 03:52 3,063 --sha-w C:\WINDOWS\SYSTEM32\kgxfv.dat
2004-08-09 21:38 3,063 --sha-w C:\WINDOWS\SYSTEM32\kkibi.dat
2004-07-27 23:48 3,063 --sha-w C:\WINDOWS\SYSTEM32\kmpuf.dat
2004-08-13 09:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\knxtq.dat
2004-07-27 14:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\kxwqq.dat
2004-08-02 11:49 3,063 --sha-w C:\WINDOWS\SYSTEM32\lcpus.dat
2004-08-13 17:27 11,591 --sha-w C:\WINDOWS\SYSTEM32\ljjwe.dat
2004-08-03 07:25 11,591 --sha-w C:\WINDOWS\SYSTEM32\lmlwn.dat
2004-08-05 14:37 3,063 --sha-w C:\WINDOWS\SYSTEM32\lvwzp.dat
2004-07-14 02:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\lwsxl.dat
2004-07-30 07:04 430 --sha-w C:\WINDOWS\SYSTEM32\mfcic32.dll
2004-07-27 13:38 3,063 --sha-w C:\WINDOWS\SYSTEM32\mfekj.dat
2004-10-21 18:48 3,362 --sha-w C:\WINDOWS\SYSTEM32\mhlaw.dat
2004-08-01 08:05 3,063 --sha-w C:\WINDOWS\SYSTEM32\mntmc.dat
2004-07-31 15:49 3,063 --sha-w C:\WINDOWS\SYSTEM32\morbp.dat
2004-08-07 22:02 11,591 --sha-w C:\WINDOWS\SYSTEM32\mrxnp.dat
2004-08-12 16:05 11,591 --sha-w C:\WINDOWS\SYSTEM32\mshcw.dat
2004-07-21 10:47 3,063 --sha-w C:\WINDOWS\SYSTEM32\mxlcb.dat
2004-08-08 15:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\mxokx.dat
2004-10-16 12:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\njnmf.dat
2004-10-18 14:17 3,063 --sha-w C:\WINDOWS\SYSTEM32\nlaxa.dat
2004-09-26 01:42 11,591 --sha-w C:\WINDOWS\SYSTEM32\nnvvn.dat
2004-07-19 03:10 11,591 --sha-w C:\WINDOWS\SYSTEM32\nqkcl.dat
2004-07-15 07:58 3,063 --sha-w C:\WINDOWS\SYSTEM32\nvmoj.dat
2004-07-22 15:13 11,591 --sha-w C:\WINDOWS\SYSTEM32\nximf.dat
2004-07-16 08:28 11,591 --sha-w C:\WINDOWS\SYSTEM32\obfsp.dat
2004-07-13 17:09 3,063 --sha-w C:\WINDOWS\SYSTEM32\obqyc.dat
2004-08-03 23:55 11,591 --sha-w C:\WINDOWS\SYSTEM32\ocwol.dat
2004-08-02 00:51 11,591 --sha-w C:\WINDOWS\SYSTEM32\ojigs.dat
2004-08-01 02:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\okutl.dat
2004-08-11 19:09 11,591 --sha-w C:\WINDOWS\SYSTEM32\oqdor.dat
2004-08-11 07:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\payse.dat
2004-07-11 00:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\petdc.dat
2004-07-09 17:13 0 -csha-w C:\WINDOWS\SYSTEM32\pfvqa.dll
2004-07-20 14:20 11,591 --sha-w C:\WINDOWS\SYSTEM32\pgdbn.dat
2004-10-07 05:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\pgziy.dat
2004-07-25 07:08 11,591 --sha-w C:\WINDOWS\SYSTEM32\phqdl.dat
2004-10-27 07:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\poixd.dat
2004-07-27 20:52 3,063 --sha-w C:\WINDOWS\SYSTEM32\pszct.dat
2004-07-21 05:39 3,063 --sha-w C:\WINDOWS\SYSTEM32\ptpbi.dat
2004-08-09 14:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\pvrdh.dat
2004-10-12 04:18 11,591 --sha-w C:\WINDOWS\SYSTEM32\pvuzh.dat
2004-08-20 11:02 3,063 --sha-w C:\WINDOWS\SYSTEM32\qfvhg.dat
2004-07-17 01:40 11,591 --sha-w C:\WINDOWS\SYSTEM32\qghsd.dat
2004-08-05 11:24 3,063 --sha-w C:\WINDOWS\SYSTEM32\qhzhh.dat
2004-07-19 15:45 3,063 --sha-w C:\WINDOWS\SYSTEM32\qllrv.dat
2004-07-22 19:49 11,591 --sha-w C:\WINDOWS\SYSTEM32\qmuuh.dat
2004-08-07 03:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\qsntd.dat
2004-09-30 06:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\qsovv.dat
2004-09-23 19:40 11,591 --sha-w C:\WINDOWS\SYSTEM32\qujur.dat
2004-07-15 13:18 3,063 --sha-w C:\WINDOWS\SYSTEM32\qvaod.dat
2004-08-05 14:29 3,063 --sha-w C:\WINDOWS\SYSTEM32\qwlas.dat
2004-09-22 02:56 0 -csha-w C:\WINDOWS\SYSTEM32\qxphf.dll
2004-08-09 07:01 3,063 --sha-w C:\WINDOWS\SYSTEM32\rafbx.dat
2004-10-07 05:08 3,362 --sha-w C:\WINDOWS\SYSTEM32\rbsiq.dat
2004-08-23 19:04 11,591 --sha-w C:\WINDOWS\SYSTEM32\rdlxt.dat
2004-09-08 15:28 3,063 --sha-w C:\WINDOWS\SYSTEM32\rfmtd.dat
2004-09-30 13:52 0 -csha-w C:\WINDOWS\SYSTEM32\rownh.dll
2004-07-22 04:10 3,063 --sha-w C:\WINDOWS\SYSTEM32\rqinq.dat
2004-07-18 16:39 11,591 --sha-w C:\WINDOWS\SYSTEM32\rurag.dat
2004-08-07 07:10 0 -csha-w C:\WINDOWS\SYSTEM32\rvgoz.dat
2004-08-04 13:07 3,063 --sha-w C:\WINDOWS\SYSTEM32\rxjgc.dat
2004-07-29 02:08 11,591 --sha-w C:\WINDOWS\SYSTEM32\rzeey.dat
2004-07-13 13:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\scpak.dat
2004-07-25 17:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\sdbwv.dat
2004-07-29 07:55 3,063 --sha-w C:\WINDOWS\SYSTEM32\sdcgr.dat
2004-08-05 15:10 11,591 --sha-w C:\WINDOWS\SYSTEM32\snxef.dat
2004-07-30 12:10 3,063 --sha-w C:\WINDOWS\SYSTEM32\sobhe.dat
2004-07-21 11:34 3,063 --sha-w C:\WINDOWS\SYSTEM32\soogr.dat
2004-07-14 09:22 11,591 --sha-w C:\WINDOWS\SYSTEM32\sxblt.dat
2004-08-06 19:25 11,591 --sha-w C:\WINDOWS\SYSTEM32\syxfz.dat
2004-07-17 13:35 3,063 --sha-w C:\WINDOWS\SYSTEM32\tbuvk.dat
2004-07-22 05:30 11,591 --sha-w C:\WINDOWS\SYSTEM32\thbdw.dat
2004-10-27 17:59 11,591 --sha-w C:\WINDOWS\SYSTEM32\thlwb.dat
2004-07-30 05:25 3,063 --sha-w C:\WINDOWS\SYSTEM32\tjeru.dat
2004-08-02 01:03 3,063 --sha-w C:\WINDOWS\SYSTEM32\totuq.dat
2004-07-29 10:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\tvdhe.dat
2004-07-14 22:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\tygej.dat
2004-07-19 21:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\udhls.dat
2004-08-13 15:00 3,063 --sha-w C:\WINDOWS\SYSTEM32\uiulx.dat
2004-07-27 11:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\vcsbs.dat
2004-07-20 19:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\vdisz.dat
2004-07-17 04:38 3,063 --sha-w C:\WINDOWS\SYSTEM32\veriw.dat
2004-10-28 14:00 11,591 --sha-w C:\WINDOWS\SYSTEM32\vhyao.dat
2004-08-14 16:01 11,591 --sha-w C:\WINDOWS\SYSTEM32\viout.dat
2004-07-30 13:19 3,063 --sha-w C:\WINDOWS\SYSTEM32\vipaa.dat
2004-07-13 18:43 0 -csha-w C:\WINDOWS\SYSTEM32\vkars.dll
2004-07-16 23:28 11,591 --sha-w C:\WINDOWS\SYSTEM32\vkrfz.dat
2004-07-16 06:42 3,063 --sha-w C:\WINDOWS\SYSTEM32\vkspx.dat
2004-08-07 01:09 3,063 --sha-w C:\WINDOWS\SYSTEM32\vnbmi.dat
2004-09-30 17:40 3,063 --sha-w C:\WINDOWS\SYSTEM32\vrlbr.dat
2005-01-16 18:51 0 -csha-w C:\WINDOWS\SYSTEM32\vsnne.dll
2004-08-07 08:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\vytvg.dat
2004-07-21 00:24 11,591 --sha-w C:\WINDOWS\SYSTEM32\wdtwy.dat
2004-09-14 06:11 11,591 --sha-w C:\WINDOWS\SYSTEM32\wfkqw.dat
2004-07-21 16:17 11,591 --sha-w C:\WINDOWS\SYSTEM32\wmeiw.dat
2004-07-13 18:35 3,063 --sha-w C:\WINDOWS\SYSTEM32\wplos.dat
2004-07-22 10:18 11,591 --sha-w C:\WINDOWS\SYSTEM32\wpvtn.dat
2004-07-21 01:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\wqgnf.dat
2004-10-16 04:48 3,362 --sha-w C:\WINDOWS\SYSTEM32\wvkme.dat
2004-07-29 15:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\wyluv.dat
2004-08-09 21:28 3,063 --sha-w C:\WINDOWS\SYSTEM32\xaruh.dat
2004-07-23 23:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\xswhq.dat
2004-07-26 10:41 3,063 --sha-w C:\WINDOWS\SYSTEM32\xvfdf.dat
2004-08-06 00:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\xwslt.dat
2004-11-16 14:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\xyjrl.dat
2004-07-26 06:53 11,591 --sha-w C:\WINDOWS\SYSTEM32\yfode.dat
2004-08-09 16:17 3,063 --sha-w C:\WINDOWS\SYSTEM32\yhikc.dat
2004-07-26 23:01 11,591 --sha-w C:\WINDOWS\SYSTEM32\ynhpr.dat
2004-08-11 15:02 11,591 --sha-w C:\WINDOWS\SYSTEM32\yqbmr.dat
2004-10-12 15:17 3,362 --sha-w C:\WINDOWS\SYSTEM32\yrsli.dat
2004-11-04 13:51 0 -csha-w C:\WINDOWS\SYSTEM32\ywfgj.dll
2004-08-13 09:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\yzhky.dat
2004-08-07 21:51 3,063 --sha-w C:\WINDOWS\SYSTEM32\zhggo.dat
2004-10-31 18:31 11,591 --sha-w C:\WINDOWS\SYSTEM32\zlfvi.dat
2004-08-11 21:54 3,063 --sha-w C:\WINDOWS\SYSTEM32\znrdw.dat
2004-07-24 07:05 11,591 --sha-w C:\WINDOWS\SYSTEM32\zpbrk.dat
2004-07-27 10:52 11,591 --sha-w C:\WINDOWS\SYSTEM32\zspjc.dat
2004-08-28 08:09 3,063 --sha-w C:\WINDOWS\SYSTEM32\zyomv.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-29_17.18.05.70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-30 02:22:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_614.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-12-08 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-12-08 151597]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 323584]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-27 1234712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-27 136600]
"Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [2004-09-02 221184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= jpegCode.dll
"VIDC.MJPG"= jpegCode.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-27 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-27 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-27 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-27 76040]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-27 152984]
S3 PentaxUsb;PENTAX Optio E10 on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976]
S3 PentaxVc;PENTAX Optio E10 Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2004-11-24 44256]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Kristin Faith\Application Data\Mozilla\Firefox\Profiles\v68ettuz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 22:07:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = C:\Program Files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x???????????????????????????x??????????????w????????????j??w????x???x??????????????

scanning hidden files ...

C:\WINDOWS\zexiz.dat:spsyt 56832 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-10-29 22:10:31
ComboFix-quarantined-files.txt 2008-10-30 03:10:19
ComboFix2.txt 2008-10-29 22:18:31

Pre-Run: 32,368,640,000 bytes free
Post-Run: 32,355,045,376 bytes free

542 --- E O F --- 2008-10-29 10:52:50

--------------------------------------------------------------------------------

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.175 / Virus Database: 270.8.4/1754 - Release Date: 10/29/2008 7:45 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:06 PM, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 5575 bytes

ken545 · Oct 30, 2008

Good Morning,

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

Code:

File::
C:\WINDOWS\sthcl.dat
C:\WINDOWS\submit2.exe
C:\Program Files\Common Files\submit2.exe
C:\WINDOWS\acpbr.dat
C:\WINDOWS\adxbd.dat
C:\WINDOWS\aeyxd.dat
C\WINDOWS\afkuk.dat
C:\WINDOWS\atpqn.dat
C:\WINDOWS\axnca.dat
C:\WINDOWS\betdd.dat
C:\WINDOWS\bluhe.dat
C:\WINDOWS\bmusf.dat
C:\WINDOWS\bofpj.dat
C:\WINDOWS\bpjka.dat
C:\WINDOWS\btffy.dat
C:\WINDOWS\bvoqs.dat
C:\WINDOWS\bwivf.dat
C:\WINDOWS\bwrcz.dat
C:\WINDOWS\cbbjj.dat
C:\WINDOWS\cevvj.dat
C:\WINDOWS\cgsbj.dat
C:\WINDOWS\cshqp.dat
C:\WINDOWS\csklt.dat
C:\WINDOWS\cstlr.dat
C:\WINDOWS\dmjbs.dat
C:\WINDOWS\dogsl.dat
C:\WINDOWS\dtipq.dat
C:\WINDOWS\dvuwo.dat
C:\WINDOWS\ebpzk.dat
C:\WINDOWS\ecbro.dat
C:\WINDOWS\edqxj.dat
C:\WINDOWS\eejqq.dat
C:\WINDOWS\efmvf.dat
C:\WINDOWS\ejaoo.dat
C:\WINDOWS\esdlm.dat
C:\WINDOWS\etfvy.dat
C:\WINDOWS\eyjlt.dat
C:\WINDOWS\fgwht.dat
C:\WINDOWS\fhdsq.dat
C:\WINDOWS\fjuhl.dat
C:\WINDOWS\fkdpv.dat
C:\WINDOWS\fqrcj.dat
C:\WINDOWS\gczvs.dll
C:\WINDOWS\gejdf.dat
C:\WINDOWS\ggfba.dat
C:\WINDOWS\ghopi.dat
C:\WINDOWS\gmdxz.dat
C:\WINDOWS\gqeem.dat
C:\WINDOWS\grtwx.dat
C:\WINDOWS\gvkry.dat
C:\WINDOWS\gvvfr.dat
C:\WINDOWS\gwbnr.dat
C:\WINDOWS\gzedw.dat
C:\WINDOWS\heaky.dat
C:\WINDOWS\hutbs.dat
C:\WINDOWS\hutxg.dat
C:\WINDOWS\hvhpb.dat
C:\WINDOWS\isppn.dat
C:\WINDOWS\jaacl.dat
C:\WINDOWS\jaiyq.dat
C:\WINDOWS\jjgbn.dat
C:\WINDOWS\jlgsc.dat
C:\WINDOWS\jmuvj.dat
C:\WINDOWS\jokdo.dat
C:\WINDOWS\jsums.dat
C:\WINDOWS\jwwje.dat
C:\WINDOWS\kdvzk.dat
C:\WINDOWS\kesui.dat
C:\WINDOWS\krwfj.dat
C:\WINDOWS\kveyt.dat
C:\WINDOWS\kvxih.dat
C:\WINDOWS\kvxwm.dat
C:\WINDOWS\kwtgd.dat
C:\WINDOWS\lfeeg.dat
C:\WINDOWS\lpzpb.dat
C:\WINDOWS\lyejt.dat
C:\WINDOWS\lynal.dat
C:\WINDOWS\lynsq.dat
C:\WINDOWS\mazsx.dat
C:\WINDOWS\misie.dat
C:\WINDOWS\mpsgr.dat
C:\WINDOWS\myeuc.dat
C:\WINDOWS\ndbjk.dat
C:\WINDOWS\ndfwo.dat
C:\WINDOWS\ndjpz.dat
C:\WINDOWS\ndlwy.dat
C:\WINDOWS\nfprq.dat
C:\WINDOWS\nfzwj.dat
C:\WINDOWS\nijbw.dat
C:\WINDOWS\njjsq.dat
C:\WINDOWS\njlat.dat
C:\WINDOWS\nprzv.dat
C:\WINDOWS\nqmxq.dat
C:\WINDOWS\nrmuh.dat
C:\WINDOWS\nuedz.dat
C:\WINDOWS\nvwyv.dat
C:\WINDOWS\nwrns.dat
C:\WINDOWS\nzelh.dat
C:\WINDOWS\nzqyq.dat
C:\WINDOWS\n_sdhgps.dat
C:\WINDOWS\n_vrpxfx.dat
C:\WINDOWS\n_xeqiur.dat
C:\WINDOWS\obput.dat
C:\WINDOWS\oezbw.dat
C:\WINDOWS\ogczs.dat 
C:\WINDOWS\ogdyi.dat
C:\WINDOWS\ogxsg.dat
C:\WINDOWS\oindw.dat
C:\WINDOWS\ojabj.dat
C:\WINDOWS\oktfy.dat
C:\WINDOWS\oqsmx.dat
C:\WINDOWS\orolk.dat
C:\WINDOWS\otajm.dat
C:\WINDOWS\ouign.dat
C:\WINDOWS\ovnaz.dat
C:\WINDOWS\owcot.dat
C:\WINDOWS\owdsp.dat
C:\WINDOWS\owkbh.dat
C:\WINDOWS\oxmxe.dat
C:\WINDOWS\oxzql.dat
C:\WINDOWS\oztga.dat
C:\WINDOWS\pbdpr.dat
C:\WINDOWS\piina.dat
C:\WINDOWS\pjdlo.dat
C:\WINDOWS\pmjnv.dat
C:\WINDOWS\pnbgw.dat
C:\WINDOWS\pnnbs.dat
C:\WINDOWS\pydeu.dat
C:\WINDOWS\pzire.dat
C:\WINDOWS\pzuea.dat
C:\WINDOWS\qagxk.dat
C:\WINDOWS\qaypk.dat
C:\WINDOWS\qevbx.dat
C:\WINDOWS\qjyei.dat
C:\WINDOWS\qltcw.dat
C:\WINDOWS\qpywd.dat
C:\WINDOWS\qvxee.dat
C:\WINDOWS\qzqhd.dat
C:\WINDOWS\rftnj.dat
C:\WINDOWS\rhhrr.dat
C:\WINDOWS\rjnbk.dat
C:\WINDOWS\rljfo.dat
C:\WINDOWS\rsisp.dat
C:\WINDOWS\rvrlw.dat
C:\WINDOWS\rwypo.dat
C:\WINDOWS\rzvze.dat
C:\WINDOWS\shqsy.dat
C:\WINDOWS\sjlsz.dat
C:\WINDOWS\slaig.dat
C:\WINDOWS\snjsz.dat
C:\WINDOWS\svcaz.dat
C:\WINDOWS\szfca.dat
C:\WINDOWS\szqvg.dat
C:\WINDOWS\takpi.dat
C:\WINDOWS\tczen.dat
C:\WINDOWS\tonme.dat
C:\WINDOWS\ttezl.dat
C:\WINDOWS\ttkap.dat
C:\WINDOWS\tzffe.dat
C:\WINDOWS\uiibd.dat
C:\WINDOWS\ukbcr.dat
C:\WINDOWS\uohgw.dat
C:\WINDOWS\uqdiw.dat
C:\WINDOWS\uwhnv.dat
C:\WINDOWS\uynzk.dat
C:\WINDOWS\vefou.dat
C:\WINDOWS\vjmwl.dat
C:\WINDOWS\vjnrv.dat
C:\WINDOWS\vjpkn.dat
C:\WINDOWS\vlmbx.dat
C:\WINDOWS\vymlo.dat
C:\WINDOWS\vzctz.dat
C:\WINDOWS\wjpge.dat
C:\WINDOWS\wmyvd.dat
C:\WINDOWS\woggi.dat
C:\WINDOWS\wpwls.dat
C:\WINDOWS\wrsjn.dat
C:\WINDOWS\wtdtx.dat
C:\WINDOWS\xadjo.dat
C:\WINDOWS\xajtt.dat
C:\WINDOWS\xckqh.dat
C:\WINDOWS\xfaga.dat
C:\WINDOWS\xfmpq.dat
C:\WINDOWS\xknkd.dat
C:\WINDOWS\xmjir.dat
C:\WINDOWS\xmzdy.dat
C:\WINDOWS\xqovx.dat
C:\WINDOWS\xuqyo.dat
C:\WINDOWS\xvlfl.dat
C:\WINDOWS\xwdst.dat
C:\WINDOWS\xxgel.dat
C:\WINDOWS\xyzqo.dat
C:\WINDOWS\ytzvb.dat
C:\WINDOWS\yznyh.dat
C:\WINDOWS\yzyhx.dat
C:\WINDOWS\yzzba.dat
C:\WINDOWS\zexiz.dat
C:\WINDOWS\zgtgv.dat
C:\WINDOWS\zhvlq.dat
C:\WINDOWS\zogde.dat
C:\WINDOWS\ztdqe.dat
C:\WINDOWS\zxznu.dat
C:\WINDOWS\SYSTEM32\artoy.dll
C:\WINDOWS\SYSTEM32\aycog.dat
C:\WINDOWS\SYSTEM32\bbrkw.dat 
C:\WINDOWS\SYSTEM32\bcefl.dat
C:\WINDOWS\SYSTEM32\bjdzk.dat
C:\WINDOWS\SYSTEM32\blptf.dat
C:\WINDOWS\SYSTEM32\bodau.dat
C:\WINDOWS\SYSTEM32\bswam.dat
C:\WINDOWS\SYSTEM32\bxyuj.dat
C:\WINDOWS\SYSTEM32\capkn.dat
C:\WINDOWS\SYSTEM32\cbefv.dat
C:\WINDOWS\SYSTEM32\cemrs.dat
C:\WINDOWS\SYSTEM32\cevrv.dat
C:\WINDOWS\SYSTEM32\cnyci.dat
C:\WINDOWS\SYSTEM32\cqklv.dat
C:\WINDOWS\SYSTEM32\czpuf.dat
C:\WINDOWS\SYSTEM32\dbteq.dat
C:\WINDOWS\SYSTEM32\ddeli.dat
C:\WINDOWS\SYSTEM32\dibfo.dat
C:\WINDOWS\SYSTEM32\dklng.dat
C:\WINDOWS\SYSTEM32\dnrul.dat
C:\WINDOWS\SYSTEM32\dnvhr.dat
C:\WINDOWS\SYSTEM32\dtamz.dat
C:\WINDOWS\SYSTEM32\dvsnb.dat
C:\WINDOWS\SYSTEM32\ebied.dat
C:\WINDOWS\SYSTEM32\ebkdr.dat
C:\WINDOWS\SYSTEM32\ecbfh.dat
C:\WINDOWS\SYSTEM32\eczje.dat
C:\WINDOWS\SYSTEM32\edjxl.dat
C:\WINDOWS\SYSTEM32\egbev.dat
C:\WINDOWS\SYSTEM32\enfko.dat
C:\WINDOWS\SYSTEM32\eqwdj.dat
C:\WINDOWS\SYSTEM32\fegzd.dat
C:\WINDOWS\SYSTEM32\ffjcn.dat
C:\WINDOWS\SYSTEM32\ffvtg.dat
C:\WINDOWS\SYSTEM32\fnelk.dat
C:\WINDOWS\SYSTEM32\fueav.dat
C:\WINDOWS\SYSTEM32\fwawd.dat
C:\WINDOWS\SYSTEM32\fyqgn.dat
C:\WINDOWS\SYSTEM32\gbcfr.dat
C:\WINDOWS\SYSTEM32\gkkfb.dat
C:\WINDOWS\SYSTEM32\gmcxg.dat
C:\WINDOWS\SYSTEM32\grtxf.dat
C:\WINDOWS\SYSTEM32\gtnlk.dat
C:\WINDOWS\SYSTEM32\gyrfb.dat
C:\WINDOWS\SYSTEM32\hdsau.dat
C:\WINDOWS\SYSTEM32\hiawa.dat
C:\WINDOWS\SYSTEM32\hjidg.dat
C:\WINDOWS\SYSTEM32\hnbdg.dat
C:\WINDOWS\SYSTEM32\hpljt.dat
C:\WINDOWS\SYSTEM32\hvgbo.dat
C:\WINDOWS\SYSTEM32\ibzlo.dat
C:\WINDOWS\SYSTEM32\ilckq.dat
C:\WINDOWS\SYSTEM32\iyeqi.dat
C:\WINDOWS\SYSTEM32\jceuy.dat
C:\WINDOWS\SYSTEM32\jesmj.dat
C:\WINDOWS\SYSTEM32\jeuue.dat
C:\WINDOWS\SYSTEM32\jfwty.dat
C:\WINDOWS\SYSTEM32\jgpbr.dat
C:\WINDOWS\SYSTEM32\jijsu.dat
C:\WINDOWS\SYSTEM32\jkiwh.dat
C:\WINDOWS\SYSTEM32\jorrt.dat
C:\WINDOWS\SYSTEM32\jsfqh.dat
C:\WINDOWS\SYSTEM32\jvlzm.dat
C:\WINDOWS\SYSTEM32\jxawo.dat
C:\WINDOWS\SYSTEM32\jxbak.dat
C:\WINDOWS\SYSTEM32\kbeon.dat
C:\WINDOWS\SYSTEM32\kbuzm.dat
C:\WINDOWS\SYSTEM32\kdadr.dat
C:\WINDOWS\SYSTEM32\kgxfv.dat
C:\WINDOWS\SYSTEM32\kkibi.dat
C:\WINDOWS\SYSTEM32\kmpuf.dat
C:\WINDOWS\SYSTEM32\knxtq.dat
C:\WINDOWS\SYSTEM32\kxwqq.dat
C:\WINDOWS\SYSTEM32\lcpus.dat
C:\WINDOWS\SYSTEM32\ljjwe.dat
C:\WINDOWS\SYSTEM32\lmlwn.dat
C:\WINDOWS\SYSTEM32\lvwzp.dat
C:\WINDOWS\SYSTEM32\lwsxl.dat
C:\WINDOWS\SYSTEM32\mfcic32.dll
C:\WINDOWS\SYSTEM32\mfekj.dat
C:\WINDOWS\SYSTEM32\mhlaw.dat
C:\WINDOWS\SYSTEM32\mntmc.dat
C:\WINDOWS\SYSTEM32\morbp.dat
C:\WINDOWS\SYSTEM32\mrxnp.dat
C:\WINDOWS\SYSTEM32\mshcw.dat
C:\WINDOWS\SYSTEM32\mxlcb.dat
C:\WINDOWS\SYSTEM32\mxokx.dat
C:\WINDOWS\SYSTEM32\njnmf.dat
C:\WINDOWS\SYSTEM32\nlaxa.dat
C:\WINDOWS\SYSTEM32\nnvvn.dat
C:\WINDOWS\SYSTEM32\nqkcl.dat
C:\WINDOWS\SYSTEM32\nvmoj.dat
C:\WINDOWS\SYSTEM32\nximf.dat
C:\WINDOWS\SYSTEM32\obfsp.dat
C:\WINDOWS\SYSTEM32\obqyc.dat
C:\WINDOWS\SYSTEM32\ocwol.dat
C:\WINDOWS\SYSTEM32\okutl.dat
C:\WINDOWS\SYSTEM32\ojigs.dat
C:\WINDOWS\SYSTEM32\oqdor.dat
C:\WINDOWS\SYSTEM32\payse.dat
C:\WINDOWS\SYSTEM32\petdc.dat
C:\WINDOWS\SYSTEM32\pfvqa.dll
C:\WINDOWS\SYSTEM32\pgdbn.dat
C:\WINDOWS\SYSTEM32\pgziy.dat
C:\WINDOWS\SYSTEM32\phqdl.dat
C:\WINDOWS\SYSTEM32\poixd.dat
C:\WINDOWS\SYSTEM32\pszct.dat
C:\WINDOWS\SYSTEM32\ptpbi.dat
C:\WINDOWS\SYSTEM32\pvrdh.dat
C:\WINDOWS\SYSTEM32\pvuzh.dat
C:\WINDOWS\SYSTEM32\qfvhg.dat
C:\WINDOWS\SYSTEM32\qghsd.dat
C:\WINDOWS\SYSTEM32\qhzhh.dat
C:\WINDOWS\SYSTEM32\qllrv.dat
C:\WINDOWS\SYSTEM32\qmuuh.dat
C:\WINDOWS\SYSTEM32\qsntd.dat
C:\WINDOWS\SYSTEM32\qsovv.dat
C:\WINDOWS\SYSTEM32\qujur.dat
C:\WINDOWS\SYSTEM32\qvaod.dat
C:\WINDOWS\SYSTEM32\qwlas.dat
C:\WINDOWS\SYSTEM32\qxphf.dll
C:\WINDOWS\SYSTEM32\rafbx.dat
C:\WINDOWS\SYSTEM32\rbsiq.dat
C:\WINDOWS\SYSTEM32\rdlxt.dat
C:\WINDOWS\SYSTEM32\rfmtd.dat
C:\WINDOWS\SYSTEM32\rownh.dll
C:\WINDOWS\SYSTEM32\rqinq.dat
C:\WINDOWS\SYSTEM32\rurag.dat
C:\WINDOWS\SYSTEM32\rvgoz.dat
C:\WINDOWS\SYSTEM32\rxjgc.dat
C:\WINDOWS\SYSTEM32\rzeey.dat
C:\WINDOWS\SYSTEM32\scpak.dat
C:\WINDOWS\SYSTEM32\sdbwv.dat
C:\WINDOWS\SYSTEM32\sdcgr.dat
C:\WINDOWS\SYSTEM32\snxef.dat
C:\WINDOWS\SYSTEM32\sobhe.dat
C:\WINDOWS\SYSTEM32\soogr.dat
C:\WINDOWS\SYSTEM32\sxblt.dat
C:\WINDOWS\SYSTEM32\syxfz.dat
C:\WINDOWS\SYSTEM32\tbuvk.dat
C:\WINDOWS\SYSTEM32\thbdw.dat
C:\WINDOWS\SYSTEM32\thlwb.dat
C:\WINDOWS\SYSTEM32\tjeru.dat
C:\WINDOWS\SYSTEM32\totuq.dat
C:\WINDOWS\SYSTEM32\tvdhe.dat
C:\WINDOWS\SYSTEM32\tygej.dat
C:\WINDOWS\SYSTEM32\udhls.dat
C:\WINDOWS\SYSTEM32\uiulx.dat
C:\WINDOWS\SYSTEM32\vcsbs.dat
C:\WINDOWS\SYSTEM32\vdisz.dat
C:\WINDOWS\SYSTEM32\veriw.dat
C:\WINDOWS\SYSTEM32\vhyao.dat
C:\WINDOWS\SYSTEM32\viout.dat
C:\WINDOWS\SYSTEM32\vipaa.dat
C:\WINDOWS\SYSTEM32\vkars.dll
C:\WINDOWS\SYSTEM32\vkrfz.dat
C:\WINDOWS\SYSTEM32\vkspx.dat
C:\WINDOWS\SYSTEM32\vnbmi.dat
C:\WINDOWS\SYSTEM32\vrlbr.dat
C:\WINDOWS\SYSTEM32\vsnne.dll
C:\WINDOWS\SYSTEM32\vytvg.dat
C:\WINDOWS\SYSTEM32\wdtwy.dat
C:\WINDOWS\SYSTEM32\wfkqw.dat
C:\WINDOWS\SYSTEM32\wmeiw.dat
C:\WINDOWS\SYSTEM32\wplos.dat
C:\WINDOWS\SYSTEM32\wpvtn.dat
C:\WINDOWS\SYSTEM32\wqgnf.dat
C:\WINDOWS\SYSTEM32\wvkme.dat
C:\WINDOWS\SYSTEM32\wyluv.dat
C:\WINDOWS\SYSTEM32\xaruh.dat
C:\WINDOWS\SYSTEM32\xswhq.dat
C:\WINDOWS\SYSTEM32\xvfdf.dat
C:\WINDOWS\SYSTEM32\xwslt.dat
C:\WINDOWS\SYSTEM32\xyjrl.dat
C:\WINDOWS\SYSTEM32\yfode.dat
C:\WINDOWS\SYSTEM32\yhikc.dat
C:\WINDOWS\SYSTEM32\ynhpr.dat
C:\WINDOWS\SYSTEM32\yqbmr.dat
C:\WINDOWS\SYSTEM32\yrsli.dat
C:\WINDOWS\SYSTEM32\ywfgj.dll
C:\WINDOWS\SYSTEM32\yzhky.dat
C:\WINDOWS\SYSTEM32\zhggo.dat
C:\WINDOWS\SYSTEM32\zlfvi.dat
C:\WINDOWS\SYSTEM32\znrdw.dat
C:\WINDOWS\SYSTEM32\zpbrk.dat
C:\WINDOWS\SYSTEM32\zspjc.dat
C:\WINDOWS\SYSTEM32\zyomv.dat

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

not2brightblonde · Oct 30, 2008

Good Morning.
Heres the logs-

ComboFix 08-10-30.04 - Kristin Faith 2008-10-30 5:20:52.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.297 [GMT -5:00]
Running from: C:\Documents and Settings\Kristin Faith\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kristin Faith\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Program Files\Common Files\submit2.exe
C:\WINDOWS\acpbr.dat
C:\WINDOWS\adxbd.dat
C:\WINDOWS\aeyxd.dat
C:\WINDOWS\sthcl.dat
C:\WINDOWS\submit2.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\submit2.exe
C:\WINDOWS\acpbr.dat
C:\WINDOWS\adxbd.dat
C:\WINDOWS\aeyxd.dat
C:\WINDOWS\sthcl.dat
C:\WINDOWS\submit2.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.

2008-10-29 13:17 . 2008-10-29 13:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 13:17 . 2008-10-29 13:17 <DIR> d-------- C:\Documents and Settings\Kristin Faith\Application Data\Malwarebytes
2008-10-29 13:17 . 2008-10-29 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-29 13:17 . 2008-10-22 16:28 38,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-29 13:17 . 2008-10-22 16:28 15,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-10-29 11:27 . 2008-10-29 11:27 <DIR> d-------- C:\Documents and Settings\Kristin Faith\Application Data\AdobeUM
2008-10-29 10:51 . 2008-10-29 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-29 10:11 . 2008-10-29 10:11 <DIR> d-------- C:\Documents and Settings\Kristin Faith\Application Data\ACD Systems
2008-10-29 10:02 . 2008-10-29 10:54 <DIR> d-------- C:\Program Files\Optio E10 Digital Camera
2008-10-29 10:02 . 2004-07-12 10:48 16,896 --a------ C:\WINDOWS\SYSTEM32\CoachDlg.dll
2008-10-29 10:01 . 2008-10-29 10:01 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-10-29 10:01 . 2008-10-29 10:01 <DIR> d-------- C:\Program Files\ACD Systems
2008-10-29 10:01 . 2008-10-29 10:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-10-29 10:00 . 2008-10-29 10:00 9,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys
2008-10-29 09:59 . 2008-10-29 09:59 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-10-29 08:47 . 2008-10-29 09:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-10-28 23:09 . 2008-10-28 23:15 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-28 23:08 . 2008-10-28 23:08 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-10-28 22:57 . 2008-10-28 22:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-28 22:54 . 2008-08-14 05:00 2,180,352 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-28 22:54 . 2008-08-14 04:58 2,136,064 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-28 22:54 . 2008-08-14 04:22 2,057,728 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-28 22:54 . 2008-08-14 04:22 2,015,744 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-28 22:39 . 2008-09-15 06:57 1,846,016 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-10-28 22:15 . 2008-08-28 05:04 333,056 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
2008-10-28 22:09 . 2008-04-11 13:50 683,520 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2008-10-28 21:47 . 2008-05-08 07:28 202,752 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-10-28 21:12 . 2008-10-28 21:12 <DIR> d-------- C:\Program Files\CCleaner
2008-10-28 14:40 . 2008-10-28 14:41 432 --a------ C:\WINDOWS\wininit.ini
2008-10-28 13:19 . 2008-10-28 13:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-28 13:19 . 2008-10-28 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-28 05:29 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-10-27 21:26 . 2008-08-14 04:51 138,368 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-10-27 20:51 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
2008-10-27 14:31 . 2008-10-27 14:31 410,976 --a------ C:\WINDOWS\SYSTEM32\deploytk.dll
2008-10-27 14:31 . 2008-10-27 14:31 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-10-27 05:59 . 2008-10-15 11:57 332,800 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-27 05:23 . 2008-10-28 10:00 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-27 05:10 . 2008-10-27 05:10 76,040 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-10-27 05:10 . 2008-10-27 05:10 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-10-27 05:09 . 2008-10-29 22:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-10-27 05:09 . 2008-10-27 05:09 <DIR> d-------- C:\Program Files\AVG
2008-10-27 05:09 . 2008-10-27 05:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-27 05:09 . 2008-10-27 05:09 97,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-10-26 22:34 . 2008-10-26 22:35 6 --a------ C:\WINDOWS\msoffice.ini
2008-10-26 20:11 . 2001-08-17 22:36 171,008 --a------ C:\WINDOWS\SYSTEM32\LXADSUI.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 04:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-28 19:42 --------- d-----w C:\Program Files\eZula
2008-10-27 19:31 --------- d-----w C:\Program Files\Java
2008-10-27 14:30 --------- d-----w C:\Program Files\SBITPlugin
2008-10-27 14:02 --------- d-----w C:\Documents and Settings\Kristin Faith\Application Data\sysjt
2008-10-27 10:44 --------- d-----w C:\Program Files\Common Files\AOL
2008-10-27 10:41 --------- d-----w C:\Program Files\Toolbar
2008-10-27 03:37 --------- d-----w C:\Program Files\Hasbro Interactive
2008-10-27 03:35 --------- d-----w C:\Program Files\Common Files\aolshare
2008-10-27 03:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-10-27 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-19 09:30 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-07-18 16:01 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-07-18 16:01 50,688 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\twain_32.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2004-07-25 19:38 11,591 --sha-w C:\WINDOWS\afkuk.dat
2004-08-08 12:40 3,063 --sha-w C:\WINDOWS\atpqn.dat
2005-01-22 02:19 11,592 --sha-w C:\WINDOWS\axnca.dat
2004-08-03 12:03 3,063 --sha-w C:\WINDOWS\betdd.dat
2004-09-03 12:34 11,591 --sha-w C:\WINDOWS\bluhe.dat
2004-07-19 01:23 3,063 --sha-w C:\WINDOWS\bmusf.dat
2004-08-01 21:43 11,591 --sha-w C:\WINDOWS\bofpj.dat
2004-08-22 01:07 11,591 --sha-w C:\WINDOWS\bpjka.dat
2004-08-06 18:07 3,063 --sha-w C:\WINDOWS\btffy.dat
2004-07-31 23:51 3,063 --sha-w C:\WINDOWS\bvoqs.dat
2004-07-14 12:57 3,063 --sha-w C:\WINDOWS\bwivf.dat
2004-07-23 14:19 3,063 --sha-w C:\WINDOWS\bwrcz.dat
2004-07-15 22:02 11,591 --sha-w C:\WINDOWS\cbbjj.dat
2004-07-30 05:46 3,063 --sha-w C:\WINDOWS\cevvj.dat
2004-07-25 05:11 3,063 --sha-w C:\WINDOWS\cgsbj.dat
2004-12-03 03:28 11,591 --sha-w C:\WINDOWS\cshqp.dat
2004-07-17 06:36 11,591 --sha-w C:\WINDOWS\csklt.dat
2004-07-21 10:34 3,063 --sha-w C:\WINDOWS\cstlr.dat
2004-09-06 20:45 11,591 --sha-w C:\WINDOWS\dmjbs.dat
2004-08-10 21:01 3,063 --sha-w C:\WINDOWS\dogsl.dat
2004-07-28 09:44 11,591 --sha-w C:\WINDOWS\dtipq.dat
2004-08-11 19:09 11,591 --sha-w C:\WINDOWS\dvuwo.dat
2004-08-01 22:09 11,591 --sha-w C:\WINDOWS\ebpzk.dat
2004-11-02 19:18 11,591 --sha-w C:\WINDOWS\ecbro.dat
2004-07-28 22:34 3,063 --sha-w C:\WINDOWS\edqxj.dat
2004-07-15 04:39 3,063 --sha-w C:\WINDOWS\eejqq.dat
2004-08-05 05:50 11,591 --sha-w C:\WINDOWS\efmvf.dat
2004-07-27 06:19 11,591 --sha-w C:\WINDOWS\ejaoo.dat
2004-07-19 10:34 3,063 --sha-w C:\WINDOWS\esdlm.dat
2004-07-24 06:32 11,591 --sha-w C:\WINDOWS\etfvy.dat
2004-07-26 20:09 3,063 --sha-w C:\WINDOWS\eyjlt.dat
2004-07-28 21:24 11,591 --sha-w C:\WINDOWS\fgwht.dat
2004-07-29 17:48 11,591 --sha-w C:\WINDOWS\fhdsq.dat
2004-07-27 07:45 3,063 --sha-w C:\WINDOWS\fjuhl.dat
2004-08-07 14:47 11,591 --sha-w C:\WINDOWS\fkdpv.dat
2004-08-11 12:15 11,591 --sha-w C:\WINDOWS\fqrcj.dat
2004-10-25 00:35 0 --sha-w C:\WINDOWS\gczvs.dll
2004-07-28 12:25 3,063 --sha-w C:\WINDOWS\gejdf.dat
2004-08-04 19:41 11,591 --sha-w C:\WINDOWS\ggfba.dat
2004-08-08 15:12 3,063 --sha-w C:\WINDOWS\ghopi.dat
2004-07-28 15:08 11,591 --sha-w C:\WINDOWS\gmdxz.dat
2004-08-01 18:53 3,063 --sha-w C:\WINDOWS\gqeem.dat
2004-08-05 09:50 3,063 --sha-w C:\WINDOWS\grtwx.dat
2004-07-27 21:12 11,591 --sha-w C:\WINDOWS\gvkry.dat
2004-07-23 19:49 11,591 --sha-w C:\WINDOWS\gvvfr.dat
2005-01-12 21:00 3,347 --sha-w C:\WINDOWS\gwbnr.dat
2004-08-11 09:09 3,063 --sha-w C:\WINDOWS\gzedw.dat
2004-09-08 05:42 11,591 --sha-w C:\WINDOWS\heaky.dat
2004-07-30 23:41 11,591 --sha-w C:\WINDOWS\hutbs.dat
2004-11-06 14:46 11,591 --sha-w C:\WINDOWS\hutxg.dat
2004-07-29 02:26 11,591 --sha-w C:\WINDOWS\hvhpb.dat
2004-12-30 16:24 3,063 --sha-w C:\WINDOWS\isppn.dat
2004-09-29 03:16 3,063 --sha-w C:\WINDOWS\jaacl.dat
2004-08-07 04:49 11,591 --sha-w C:\WINDOWS\jaiyq.dat
2004-07-30 16:38 3,063 --sha-w C:\WINDOWS\jjgbn.dat
2004-08-18 12:53 3,063 --sha-w C:\WINDOWS\jlgsc.dat
2004-07-29 22:53 3,063 --sha-w C:\WINDOWS\jmuvj.dat
2004-08-06 00:42 3,063 --sha-w C:\WINDOWS\jokdo.dat
2004-10-04 04:50 3,063 --sha-w C:\WINDOWS\jsums.dat
2004-11-24 19:02 11,591 --sha-w C:\WINDOWS\jwwje.dat
2004-08-05 01:51 11,591 --sha-w C:\WINDOWS\kdvzk.dat
2004-07-20 08:29 11,591 --sha-w C:\WINDOWS\kesui.dat
2004-08-07 02:22 3,063 --sha-w C:\WINDOWS\krwfj.dat
2004-07-31 14:32 3,063 --sha-w C:\WINDOWS\kveyt.dat
2004-08-01 10:52 3,063 --sha-w C:\WINDOWS\kvxih.dat
2004-08-11 21:03 3,063 --sha-w C:\WINDOWS\kvxwm.dat
2004-08-08 18:08 11,591 --sha-w C:\WINDOWS\kwtgd.dat
2004-10-03 21:12 3,063 --sha-w C:\WINDOWS\lfeeg.dat
2004-07-21 09:25 11,591 --sha-w C:\WINDOWS\lpzpb.dat
2004-07-21 17:18 11,591 --sha-w C:\WINDOWS\lyejt.dat
2004-10-24 17:41 11,591 --sha-w C:\WINDOWS\lynal.dat
2004-09-29 07:19 11,591 --sha-w C:\WINDOWS\lynsq.dat
2004-08-09 22:55 11,591 --sha-w C:\WINDOWS\mazsx.dat
2004-08-05 09:43 3,063 --sha-w C:\WINDOWS\misie.dat
2004-09-10 18:58 11,591 --sha-w C:\WINDOWS\mpsgr.dat
2004-08-02 15:40 3,063 --sha-w C:\WINDOWS\myeuc.dat
2004-07-28 05:42 11,591 --sha-w C:\WINDOWS\ndbjk.dat
2004-07-20 05:01 2,569 --sha-w C:\WINDOWS\ndfwo.dat
2004-09-22 10:12 3,063 --sha-w C:\WINDOWS\ndjpz.dat
2004-08-04 00:06 3,063 --sha-w C:\WINDOWS\ndlwy.dat
2004-09-21 09:29 3,063 --sha-w C:\WINDOWS\nfprq.dat
2004-10-25 18:46 11,591 --sha-w C:\WINDOWS\nfzwj.dat
2004-07-31 18:32 3,063 --sha-w C:\WINDOWS\nijbw.dat
2004-08-04 18:10 11,591 --sha-w C:\WINDOWS\njjsq.dat
2004-10-13 14:47 11,591 --sha-w C:\WINDOWS\njlat.dat
2004-08-03 13:28 3,063 --sha-w C:\WINDOWS\nprzv.dat
2004-08-10 20:43 11,591 --sha-w C:\WINDOWS\nqmxq.dat
2004-08-12 02:28 11,591 --sha-w C:\WINDOWS\nrmuh.dat
2004-07-16 07:39 11,591 --sha-w C:\WINDOWS\nuedz.dat
2004-10-02 19:13 3,362 --sha-w C:\WINDOWS\nvwyv.dat
2004-12-29 16:43 3,063 --sha-w C:\WINDOWS\nwrns.dat
2004-07-19 09:37 11,591 --sha-w C:\WINDOWS\nzelh.dat
2004-07-29 00:21 3,063 --sha-w C:\WINDOWS\nzqyq.dat
2004-11-04 13:53 0 -csha-w C:\WINDOWS\n_sdhgps.dat
2004-08-26 05:49 0 --sha-w C:\WINDOWS\n_vrpxfx.dat
2004-11-06 12:19 0 -csha-w C:\WINDOWS\n_xeqiur.dat
2004-08-12 17:05 11,591 --sha-w C:\WINDOWS\obput.dat
2004-08-09 21:27 3,063 --sha-w C:\WINDOWS\oezbw.dat
2005-01-09 09:45 11,591 --sha-w C:\WINDOWS\ogczs.dat
2004-08-08 06:59 11,591 --sha-w C:\WINDOWS\ogdyi.dat
2004-07-20 16:06 3,063 --sha-w C:\WINDOWS\ogxsg.dat
2004-08-05 21:30 11,591 --sha-w C:\WINDOWS\oindw.dat
2004-07-19 20:35 11,591 --sha-w C:\WINDOWS\ojabj.dat
2004-08-05 20:21 11,591 --sha-w C:\WINDOWS\oktfy.dat
2004-08-01 20:34 3,063 --sha-w C:\WINDOWS\oqsmx.dat
2004-08-09 03:50 11,591 --sha-w C:\WINDOWS\orolk.dat
2004-08-02 16:15 11,591 --sha-w C:\WINDOWS\otajm.dat
2005-01-08 12:46 11,591 --sha-w C:\WINDOWS\ouign.dat
2005-01-03 02:22 3,063 --sha-w C:\WINDOWS\ovnaz.dat
2004-07-21 03:28 3,063 --sha-w C:\WINDOWS\owcot.dat
2005-01-08 12:46 3,063 --sha-w C:\WINDOWS\owdsp.dat
2004-08-22 01:26 11,591 --sha-w C:\WINDOWS\owkbh.dat
2004-08-09 14:19 11,591 --sha-w C:\WINDOWS\oxmxe.dat
2004-08-08 14:59 11,591 --sha-w C:\WINDOWS\oxzql.dat
2005-01-03 02:22 3,063 --sha-w C:\WINDOWS\oztga.dat
2004-08-11 22:46 11,591 --sha-w C:\WINDOWS\pbdpr.dat
2004-09-29 08:35 3,063 --sha-w C:\WINDOWS\piina.dat
2004-10-06 15:51 11,591 --sha-w C:\WINDOWS\pjdlo.dat
2004-08-24 03:09 3,063 --sha-w C:\WINDOWS\pmjnv.dat
2004-08-12 02:00 3,063 --sha-w C:\WINDOWS\pnbgw.dat
2004-08-13 16:54 11,591 --sha-w C:\WINDOWS\pnnbs.dat
2004-12-22 07:04 11,591 --sha-w C:\WINDOWS\pydeu.dat
2004-08-04 15:31 3,063 --sha-w C:\WINDOWS\pzire.dat
2004-08-01 16:34 11,591 --sha-w C:\WINDOWS\pzuea.dat
2004-10-15 14:54 11,591 --sha-w C:\WINDOWS\qagxk.dat
2004-11-05 21:36 3,347 --sha-w C:\WINDOWS\qaypk.dat
2004-08-03 19:11 11,591 --sha-w C:\WINDOWS\qevbx.dat
2004-07-22 18:13 3,063 --sha-w C:\WINDOWS\qjyei.dat
2004-07-30 01:28 11,591 --sha-w C:\WINDOWS\qltcw.dat
2004-10-26 08:37 3,063 --sha-w C:\WINDOWS\qpywd.dat
2004-07-23 12:42 3,063 --sha-w C:\WINDOWS\qvxee.dat
2004-08-30 07:34 11,591 --sha-w C:\WINDOWS\qzqhd.dat
2005-10-21 17:52 11,591 --sha-w C:\WINDOWS\rftnj.dat
2004-09-15 22:43 11,591 --sha-w C:\WINDOWS\rhhrr.dat
2004-08-15 16:52 3,063 --sha-w C:\WINDOWS\rjnbk.dat
2004-08-12 19:58 11,591 --sha-w C:\WINDOWS\rljfo.dat
2004-07-28 16:05 11,591 --sha-w C:\WINDOWS\rsisp.dat
2004-09-08 19:33 3,063 --sha-w C:\WINDOWS\rvrlw.dat
2004-07-20 23:42 3,063 --sha-w C:\WINDOWS\rwypo.dat
2004-09-11 02:50 11,591 --sha-w C:\WINDOWS\rzvze.dat
2004-08-11 21:44 3,063 --sha-w C:\WINDOWS\shqsy.dat
2005-01-16 19:49 3,063 --sha-w C:\WINDOWS\sjlsz.dat
2004-07-23 22:24 11,591 --sha-w C:\WINDOWS\slaig.dat
2004-08-13 05:40 3,063 --sha-w C:\WINDOWS\snjsz.dat
2004-09-05 08:33 11,591 --sha-w C:\WINDOWS\svcaz.dat
2004-08-05 01:58 11,591 --sha-w C:\WINDOWS\szfca.dat
2004-11-24 19:49 3,063 --sha-w C:\WINDOWS\szqvg.dat
2004-07-23 19:28 11,591 --sha-w C:\WINDOWS\takpi.dat
2004-07-24 07:43 3,063 --sha-w C:\WINDOWS\tczen.dat
2004-08-14 17:52 3,063 --sha-w C:\WINDOWS\tonme.dat
2004-10-17 02:45 3,362 --sha-w C:\WINDOWS\ttezl.dat
2004-09-08 23:43 11,591 --sha-w C:\WINDOWS\ttkap.dat
2004-11-16 22:24 11,591 --sha-w C:\WINDOWS\tzffe.dat
2004-07-17 07:37 3,063 --sha-w C:\WINDOWS\uiibd.dat
2004-08-14 23:44 11,591 --sha-w C:\WINDOWS\ukbcr.dat
2005-10-15 20:30 11,591 --sha-w C:\WINDOWS\uohgw.dat
2004-11-25 12:19 11,591 --sha-w C:\WINDOWS\uqdiw.dat
2004-10-24 14:54 11,591 --sha-w C:\WINDOWS\uunnf.dat
2004-08-02 07:37 3,063 --sha-w C:\WINDOWS\uwhnv.dat
2004-08-07 23:05 11,591 --sha-w C:\WINDOWS\uynzk.dat
2004-07-13 23:18 3,063 --sha-w C:\WINDOWS\vefou.dat
2004-08-05 07:36 11,591 --sha-w C:\WINDOWS\vjmwl.dat
2004-07-21 02:28 3,063 --sha-w C:\WINDOWS\vjnrv.dat
2004-10-22 10:24 11,591 --sha-w C:\WINDOWS\vjpkn.dat
2004-09-22 13:39 11,591 --sha-w C:\WINDOWS\vlmbx.dat
2004-08-06 00:34 11,591 --sha-w C:\WINDOWS\vymlo.dat
2004-07-22 13:29 3,063 --sha-w C:\WINDOWS\vzctz.dat
2004-07-20 19:35 11,591 --sha-w C:\WINDOWS\wjpge.dat
2005-10-15 20:30 11,591 --sha-w C:\WINDOWS\wmyvd.dat
2005-10-15 20:30 3,063 --sha-w C:\WINDOWS\woggi.dat
2004-08-10 10:17 3,063 --sha-w C:\WINDOWS\wpwls.dat
2004-07-18 21:43 11,591 --sha-w C:\WINDOWS\wrsjn.dat
2004-07-14 09:28 11,591 --sha-w C:\WINDOWS\wtdtx.dat
2004-08-05 17:29 11,591 --sha-w C:\WINDOWS\xadjo.dat
2004-07-24 21:21 11,591 --sha-w C:\WINDOWS\xajtt.dat
2004-07-21 20:52 11,591 --sha-w C:\WINDOWS\xckqh.dat
2004-07-27 21:44 3,063 --sha-w C:\WINDOWS\xfaga.dat
2004-08-04 13:49 11,591 --sha-w C:\WINDOWS\xfmpq.dat
2004-11-10 12:16 3,063 --sha-w C:\WINDOWS\xknkd.dat
2004-07-29 14:22 11,591 --sha-w C:\WINDOWS\xmjir.dat
2004-10-13 06:10 3,362 --sha-w C:\WINDOWS\xmzdy.dat
2004-10-11 12:46 3,063 --sha-w C:\WINDOWS\xqovx.dat
2004-08-05 01:32 11,591 --sha-w C:\WINDOWS\xuqyo.dat
2004-08-01 19:18 11,591 --sha-w C:\WINDOWS\xvlfl.dat
2004-07-28 21:17 3,063 --sha-w C:\WINDOWS\xwdst.dat
2004-07-18 06:40 11,591 --sha-w C:\WINDOWS\xxgel.dat
2004-08-05 04:33 11,591 --sha-w C:\WINDOWS\xyzqo.dat
2004-07-21 07:53 3,063 --sha-w C:\WINDOWS\ykizd.dat
2004-10-24 04:55 11,591 --sha-w C:\WINDOWS\ytzvb.dat
2004-10-19 10:35 11,591 --sha-w C:\WINDOWS\yznyh.dat
2004-10-11 12:46 3,063 --sha-w C:\WINDOWS\yzyhx.dat
2004-10-25 14:06 3,362 --sha-w C:\WINDOWS\yzzba.dat
2004-10-11 12:46 3,063 --sha-w C:\WINDOWS\zexiz.dat
2004-07-20 10:13 11,591 --sha-w C:\WINDOWS\zgtgv.dat
2004-07-29 08:29 11,591 --sha-w C:\WINDOWS\zhvlq.dat
2004-08-06 18:41 3,063 --sha-w C:\WINDOWS\zogde.dat
2004-07-20 08:00 3,063 --sha-w C:\WINDOWS\ztdqe.dat
2004-08-04 19:28 3,063 --sha-w C:\WINDOWS\zxznu.dat
2004-09-11 16:35 56,832 --sha-w C:\WINDOWS\SYSTEM32\artoy.dll
2004-08-06 17:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\aycog.dat
2004-08-03 17:43 11,591 --sha-w C:\WINDOWS\SYSTEM32\bbrkw.dat
2004-07-22 07:37 11,591 --sha-w C:\WINDOWS\SYSTEM32\bcefl.dat
2004-08-15 12:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\bjdzk.dat
2004-07-24 20:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\blptf.dat
2004-07-30 08:51 3,063 --sha-w C:\WINDOWS\SYSTEM32\bodau.dat
2004-07-25 10:05 3,063 --sha-w C:\WINDOWS\SYSTEM32\bswam.dat
2004-08-06 16:13 11,591 --sha-w C:\WINDOWS\SYSTEM32\bxyuj.dat
2004-08-02 07:51 3,063 --sha-w C:\WINDOWS\SYSTEM32\capkn.dat
2004-08-06 16:40 3,063 --sha-w C:\WINDOWS\SYSTEM32\cbefv.dat
2004-08-11 11:22 3,063 --sha-w C:\WINDOWS\SYSTEM32\cemrs.dat
2004-07-29 21:19 3,063 --sha-w C:\WINDOWS\SYSTEM32\cevrv.dat
2004-08-03 05:43 3,063 --sha-w C:\WINDOWS\SYSTEM32\cnyci.dat
2004-07-25 10:44 3,063 --sha-w C:\WINDOWS\SYSTEM32\cqklv.dat
2004-08-06 12:45 3,063 --sha-w C:\WINDOWS\SYSTEM32\czpuf.dat
2004-07-21 03:27 3,063 --sha-w C:\WINDOWS\SYSTEM32\dbteq.dat
2004-10-04 10:23 3,063 --sha-w C:\WINDOWS\SYSTEM32\ddeli.dat
2004-07-13 02:25 11,591 --sha-w C:\WINDOWS\SYSTEM32\dibfo.dat
2004-07-22 23:20 3,063 --sha-w C:\WINDOWS\SYSTEM32\dklng.dat
2004-07-30 21:33 11,591 --sha-w C:\WINDOWS\SYSTEM32\dnrul.dat
2004-07-24 11:54 11,591 --sha-w C:\WINDOWS\SYSTEM32\dnvhr.dat
2004-07-30 04:29 11,591 --sha-w C:\WINDOWS\SYSTEM32\dtamz.dat
2004-07-28 09:14 11,591 --sha-w C:\WINDOWS\SYSTEM32\dvsnb.dat
2004-08-06 11:49 11,591 --sha-w C:\WINDOWS\SYSTEM32\ebied.dat
2004-07-18 16:08 11,591 --sha-w C:\WINDOWS\SYSTEM32\ebkdr.dat
2004-09-13 21:56 3,063 --sha-w C:\WINDOWS\SYSTEM32\ecbfh.dat
2004-07-14 14:02 3,063 --sha-w C:\WINDOWS\SYSTEM32\eczje.dat
2004-07-19 08:05 3,063 --sha-w C:\WINDOWS\SYSTEM32\edjxl.dat
2004-10-13 20:59 3,063 --sha-w C:\WINDOWS\SYSTEM32\egbev.dat
2004-07-24 16:34 11,591 --sha-w C:\WINDOWS\SYSTEM32\enfko.dat
2004-10-21 04:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\eqwdj.dat
2004-08-06 19:43 11,591 --sha-w C:\WINDOWS\SYSTEM32\fegzd.dat
2004-08-01 02:45 11,591 --sha-w C:\WINDOWS\SYSTEM32\ffjcn.dat
2004-08-02 15:23 3,063 --sha-w C:\WINDOWS\SYSTEM32\ffvtg.dat
2004-08-10 02:22 11,591 --sha-w C:\WINDOWS\SYSTEM32\fnelk.dat
2004-08-04 05:59 3,063 --sha-w C:\WINDOWS\SYSTEM32\fueav.dat
2004-08-31 20:30 11,591 --sha-w C:\WINDOWS\SYSTEM32\fwawd.dat
2004-08-02 15:07 11,591 --sha-w C:\WINDOWS\SYSTEM32\fyqgn.dat
2004-08-01 17:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\gbcfr.dat
2004-08-09 17:26 3,063 --sha-w C:\WINDOWS\SYSTEM32\gkkfb.dat
2004-08-10 16:23 11,591 --sha-w C:\WINDOWS\SYSTEM32\gmcxg.dat
2004-08-11 19:20 3,063 --sha-w C:\WINDOWS\SYSTEM32\grtxf.dat
2004-07-15 20:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\gtnlk.dat
2004-07-29 14:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\gyrfb.dat
2004-07-21 20:17 3,063 --sha-w C:\WINDOWS\SYSTEM32\hdsau.dat
2004-07-30 20:53 3,063 --sha-w C:\WINDOWS\SYSTEM32\hiawa.dat
2004-07-22 03:21 11,591 --sha-w C:\WINDOWS\SYSTEM32\hjidg.dat
2004-07-19 12:49 11,591 --sha-w C:\WINDOWS\SYSTEM32\hnbdg.dat
2004-08-06 09:06 3,063 --sha-w C:\WINDOWS\SYSTEM32\hpljt.dat
2004-07-30 01:13 11,591 --sha-w C:\WINDOWS\SYSTEM32\hvgbo.dat
2004-07-23 09:41 11,591 --sha-w C:\WINDOWS\SYSTEM32\ibzlo.dat
2004-07-15 23:47 11,591 --sha-w C:\WINDOWS\SYSTEM32\ilckq.dat
2004-07-31 13:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\iyeqi.dat
2004-08-04 11:41 3,063 --sha-w C:\WINDOWS\SYSTEM32\jceuy.dat
2004-08-18 18:51 11,591 --sha-w C:\WINDOWS\SYSTEM32\jesmj.dat
2004-07-24 13:22 11,591 --sha-w C:\WINDOWS\SYSTEM32\jeuue.dat
2004-07-25 18:39 3,063 --sha-w C:\WINDOWS\SYSTEM32\jfwty.dat
2004-08-10 19:18 11,591 --sha-w C:\WINDOWS\SYSTEM32\jgpbr.dat
2004-07-25 16:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\jijsu.dat
2004-07-21 10:32 11,591 --sha-w C:\WINDOWS\SYSTEM32\jkiwh.dat
2004-08-02 01:54 11,591 --sha-w C:\WINDOWS\SYSTEM32\jorrt.dat
2004-08-01 23:30 11,591 --sha-w C:\WINDOWS\SYSTEM32\jsfqh.dat
2004-07-23 04:28 11,591 --sha-w C:\WINDOWS\SYSTEM32\jvlzm.dat
2004-07-16 03:01 3,063 --sha-w C:\WINDOWS\SYSTEM32\jxawo.dat
2004-07-27 07:24 3,063 --sha-w C:\WINDOWS\SYSTEM32\jxbak.dat
2004-07-13 14:43 11,591 --sha-w C:\WINDOWS\SYSTEM32\kbeon.dat
2004-07-27 18:11 11,591 --sha-w C:\WINDOWS\SYSTEM32\kbuzm.dat
2004-07-31 05:42 11,591 --sha-w C:\WINDOWS\SYSTEM32\kdadr.dat
2004-07-23 03:52 3,063 --sha-w C:\WINDOWS\SYSTEM32\kgxfv.dat
2004-08-09 21:38 3,063 --sha-w C:\WINDOWS\SYSTEM32\kkibi.dat
2004-07-27 23:48 3,063 --sha-w C:\WINDOWS\SYSTEM32\kmpuf.dat
2004-08-13 09:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\knxtq.dat
2004-07-27 14:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\kxwqq.dat
2004-08-02 11:49 3,063 --sha-w C:\WINDOWS\SYSTEM32\lcpus.dat
2004-08-13 17:27 11,591 --sha-w C:\WINDOWS\SYSTEM32\ljjwe.dat
2004-08-03 07:25 11,591 --sha-w C:\WINDOWS\SYSTEM32\lmlwn.dat
2004-08-05 14:37 3,063 --sha-w C:\WINDOWS\SYSTEM32\lvwzp.dat
2004-07-14 02:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\lwsxl.dat
2004-07-30 07:04 430 --sha-w C:\WINDOWS\SYSTEM32\mfcic32.dll
2004-07-27 13:38 3,063 --sha-w C:\WINDOWS\SYSTEM32\mfekj.dat
2004-10-21 18:48 3,362 --sha-w C:\WINDOWS\SYSTEM32\mhlaw.dat
2004-08-01 08:05 3,063 --sha-w C:\WINDOWS\SYSTEM32\mntmc.dat
2004-07-31 15:49 3,063 --sha-w C:\WINDOWS\SYSTEM32\morbp.dat
2004-08-07 22:02 11,591 --sha-w C:\WINDOWS\SYSTEM32\mrxnp.dat
2004-08-12 16:05 11,591 --sha-w C:\WINDOWS\SYSTEM32\mshcw.dat
2004-07-21 10:47 3,063 --sha-w C:\WINDOWS\SYSTEM32\mxlcb.dat
2004-08-08 15:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\mxokx.dat
2004-10-16 12:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\njnmf.dat
2004-10-18 14:17 3,063 --sha-w C:\WINDOWS\SYSTEM32\nlaxa.dat
2004-09-26 01:42 11,591 --sha-w C:\WINDOWS\SYSTEM32\nnvvn.dat
2004-07-19 03:10 11,591 --sha-w C:\WINDOWS\SYSTEM32\nqkcl.dat
2004-07-15 07:58 3,063 --sha-w C:\WINDOWS\SYSTEM32\nvmoj.dat
2004-07-22 15:13 11,591 --sha-w C:\WINDOWS\SYSTEM32\nximf.dat
2004-07-16 08:28 11,591 --sha-w C:\WINDOWS\SYSTEM32\obfsp.dat
2004-07-13 17:09 3,063 --sha-w C:\WINDOWS\SYSTEM32\obqyc.dat
2004-08-03 23:55 11,591 --sha-w C:\WINDOWS\SYSTEM32\ocwol.dat
2004-08-02 00:51 11,591 --sha-w C:\WINDOWS\SYSTEM32\ojigs.dat
2004-08-01 02:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\okutl.dat
2004-08-11 19:09 11,591 --sha-w C:\WINDOWS\SYSTEM32\oqdor.dat
2004-08-11 07:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\payse.dat
2004-07-11 00:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\petdc.dat
2004-07-09 17:13 0 -csha-w C:\WINDOWS\SYSTEM32\pfvqa.dll
2004-07-20 14:20 11,591 --sha-w C:\WINDOWS\SYSTEM32\pgdbn.dat
2004-10-07 05:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\pgziy.dat
2004-07-25 07:08 11,591 --sha-w C:\WINDOWS\SYSTEM32\phqdl.dat
2004-10-27 07:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\poixd.dat
2004-07-27 20:52 3,063 --sha-w C:\WINDOWS\SYSTEM32\pszct.dat
2004-07-21 05:39 3,063 --sha-w C:\WINDOWS\SYSTEM32\ptpbi.dat
2004-08-09 14:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\pvrdh.dat
2004-10-12 04:18 11,591 --sha-w C:\WINDOWS\SYSTEM32\pvuzh.dat
2004-08-20 11:02 3,063 --sha-w C:\WINDOWS\SYSTEM32\qfvhg.dat
2004-07-17 01:40 11,591 --sha-w C:\WINDOWS\SYSTEM32\qghsd.dat
2004-08-05 11:24 3,063 --sha-w C:\WINDOWS\SYSTEM32\qhzhh.dat
2004-07-19 15:45 3,063 --sha-w C:\WINDOWS\SYSTEM32\qllrv.dat
2004-07-22 19:49 11,591 --sha-w C:\WINDOWS\SYSTEM32\qmuuh.dat
2004-08-07 03:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\qsntd.dat
2004-09-30 06:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\qsovv.dat
2004-09-23 19:40 11,591 --sha-w C:\WINDOWS\SYSTEM32\qujur.dat
2004-07-15 13:18 3,063 --sha-w C:\WINDOWS\SYSTEM32\qvaod.dat
2004-08-05 14:29 3,063 --sha-w C:\WINDOWS\SYSTEM32\qwlas.dat
2004-09-22 02:56 0 -csha-w C:\WINDOWS\SYSTEM32\qxphf.dll
2004-08-09 07:01 3,063 --sha-w C:\WINDOWS\SYSTEM32\rafbx.dat
2004-10-07 05:08 3,362 --sha-w C:\WINDOWS\SYSTEM32\rbsiq.dat
2004-08-23 19:04 11,591 --sha-w C:\WINDOWS\SYSTEM32\rdlxt.dat
2004-09-08 15:28 3,063 --sha-w C:\WINDOWS\SYSTEM32\rfmtd.dat
2004-09-30 13:52 0 -csha-w C:\WINDOWS\SYSTEM32\rownh.dll
2004-07-22 04:10 3,063 --sha-w C:\WINDOWS\SYSTEM32\rqinq.dat
2004-07-18 16:39 11,591 --sha-w C:\WINDOWS\SYSTEM32\rurag.dat
2004-08-07 07:10 0 -csha-w C:\WINDOWS\SYSTEM32\rvgoz.dat
2004-08-04 13:07 3,063 --sha-w C:\WINDOWS\SYSTEM32\rxjgc.dat
2004-07-29 02:08 11,591 --sha-w C:\WINDOWS\SYSTEM32\rzeey.dat
2004-07-13 13:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\scpak.dat
2004-07-25 17:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\sdbwv.dat
2004-07-29 07:55 3,063 --sha-w C:\WINDOWS\SYSTEM32\sdcgr.dat
2004-08-05 15:10 11,591 --sha-w C:\WINDOWS\SYSTEM32\snxef.dat
2004-07-30 12:10 3,063 --sha-w C:\WINDOWS\SYSTEM32\sobhe.dat
2004-07-21 11:34 3,063 --sha-w C:\WINDOWS\SYSTEM32\soogr.dat
2004-07-14 09:22 11,591 --sha-w C:\WINDOWS\SYSTEM32\sxblt.dat
2004-08-06 19:25 11,591 --sha-w C:\WINDOWS\SYSTEM32\syxfz.dat
2004-07-17 13:35 3,063 --sha-w C:\WINDOWS\SYSTEM32\tbuvk.dat
2004-07-22 05:30 11,591 --sha-w C:\WINDOWS\SYSTEM32\thbdw.dat
2004-10-27 17:59 11,591 --sha-w C:\WINDOWS\SYSTEM32\thlwb.dat
2004-07-30 05:25 3,063 --sha-w C:\WINDOWS\SYSTEM32\tjeru.dat
2004-08-02 01:03 3,063 --sha-w C:\WINDOWS\SYSTEM32\totuq.dat
2004-07-29 10:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\tvdhe.dat
2004-07-14 22:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\tygej.dat
2004-07-19 21:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\udhls.dat
2004-08-13 15:00 3,063 --sha-w C:\WINDOWS\SYSTEM32\uiulx.dat
2004-07-27 11:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\vcsbs.dat
2004-07-20 19:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\vdisz.dat
2004-07-17 04:38 3,063 --sha-w C:\WINDOWS\SYSTEM32\veriw.dat
2004-10-28 14:00 11,591 --sha-w C:\WINDOWS\SYSTEM32\vhyao.dat
2004-08-14 16:01 11,591 --sha-w C:\WINDOWS\SYSTEM32\viout.dat
2004-07-30 13:19 3,063 --sha-w C:\WINDOWS\SYSTEM32\vipaa.dat
2004-07-13 18:43 0 -csha-w C:\WINDOWS\SYSTEM32\vkars.dll
2004-07-16 23:28 11,591 --sha-w C:\WINDOWS\SYSTEM32\vkrfz.dat
2004-07-16 06:42 3,063 --sha-w C:\WINDOWS\SYSTEM32\vkspx.dat
2004-08-07 01:09 3,063 --sha-w C:\WINDOWS\SYSTEM32\vnbmi.dat
2004-09-30 17:40 3,063 --sha-w C:\WINDOWS\SYSTEM32\vrlbr.dat
2005-01-16 18:51 0 -csha-w C:\WINDOWS\SYSTEM32\vsnne.dll
2004-08-07 08:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\vytvg.dat
2004-07-21 00:24 11,591 --sha-w C:\WINDOWS\SYSTEM32\wdtwy.dat
2004-09-14 06:11 11,591 --sha-w C:\WINDOWS\SYSTEM32\wfkqw.dat
2004-07-21 16:17 11,591 --sha-w C:\WINDOWS\SYSTEM32\wmeiw.dat
2004-07-13 18:35 3,063 --sha-w C:\WINDOWS\SYSTEM32\wplos.dat
2004-07-22 10:18 11,591 --sha-w C:\WINDOWS\SYSTEM32\wpvtn.dat
2004-07-21 01:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\wqgnf.dat
2004-10-16 04:48 3,362 --sha-w C:\WINDOWS\SYSTEM32\wvkme.dat
2004-07-29 15:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\wyluv.dat
2004-08-09 21:28 3,063 --sha-w C:\WINDOWS\SYSTEM32\xaruh.dat
2004-07-23 23:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\xswhq.dat
2004-07-26 10:41 3,063 --sha-w C:\WINDOWS\SYSTEM32\xvfdf.dat
2004-08-06 00:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\xwslt.dat
2004-11-16 14:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\xyjrl.dat
2004-07-26 06:53 11,591 --sha-w C:\WINDOWS\SYSTEM32\yfode.dat
2004-08-09 16:17 3,063 --sha-w C:\WINDOWS\SYSTEM32\yhikc.dat
2004-07-26 23:01 11,591 --sha-w C:\WINDOWS\SYSTEM32\ynhpr.dat
2004-08-11 15:02 11,591 --sha-w C:\WINDOWS\SYSTEM32\yqbmr.dat
2004-10-12 15:17 3,362 --sha-w C:\WINDOWS\SYSTEM32\yrsli.dat
2004-11-04 13:51 0 -csha-w C:\WINDOWS\SYSTEM32\ywfgj.dll
2004-08-13 09:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\yzhky.dat
2004-08-07 21:51 3,063 --sha-w C:\WINDOWS\SYSTEM32\zhggo.dat
2004-10-31 18:31 11,591 --sha-w C:\WINDOWS\SYSTEM32\zlfvi.dat
2004-08-11 21:54 3,063 --sha-w C:\WINDOWS\SYSTEM32\znrdw.dat
2004-07-24 07:05 11,591 --sha-w C:\WINDOWS\SYSTEM32\zpbrk.dat
2004-07-27 10:52 11,591 --sha-w C:\WINDOWS\SYSTEM32\zspjc.dat
2004-08-28 08:09 3,063 --sha-w C:\WINDOWS\SYSTEM32\zyomv.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-29_17.18.05.70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-30 10:05:08 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_604.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-12-08 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-12-08 151597]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 323584]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-27 1234712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-27 136600]
"Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [2004-09-02 221184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= jpegCode.dll
"VIDC.MJPG"= jpegCode.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-27 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-27 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-27 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-27 76040]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-27 152984]
S3 PentaxUsb;PENTAX Optio E10 on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976]
S3 PentaxVc;PENTAX Optio E10 Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2004-11-24 44256]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 05:24:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = C:\Program Files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x???????????????????????????x??????????????w????????????j??w????x???x??????????????

scanning hidden files ...

C:\WINDOWS\zexiz.dat:spsyt 56832 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-10-30 5:27:16
ComboFix-quarantined-files.txt 2008-10-30 10:26:59
ComboFix2.txt 2008-10-30 03:10:33
ComboFix3.txt 2008-10-29 22:18:31

Pre-Run: 32,285,020,160 bytes free
Post-Run: 32,271,134,720 bytes free

543 --- E O F --- 2008-10-30 04:33:34

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:28:58 AM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05A1C1AC-BD54-4631-A16F-0D38205A5D3A}: NameServer = 205.152.37.23 205.152.132.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{05A1C1AC-BD54-4631-A16F-0D38205A5D3A}: NameServer = 205.152.37.23 205.152.132.23
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 5796 bytes

ken545 · Oct 30, 2008

Hi,

You did not input all the files that I put in the code box, these all need to go into the script, lets do it again

File::
C:\WINDOWS\sthcl.dat
C:\WINDOWS\submit2.exe
C:\Program Files\Common Files\submit2.exe
C:\WINDOWS\acpbr.dat
C:\WINDOWS\adxbd.dat
C:\WINDOWS\aeyxd.dat
C\WINDOWS\afkuk.dat
C:\WINDOWS\atpqn.dat
C:\WINDOWS\axnca.dat
C:\WINDOWS\betdd.dat
C:\WINDOWS\bluhe.dat
C:\WINDOWS\bmusf.dat
C:\WINDOWS\bofpj.dat
C:\WINDOWS\bpjka.dat
C:\WINDOWS\btffy.dat
C:\WINDOWS\bvoqs.dat
C:\WINDOWS\bwivf.dat
C:\WINDOWS\bwrcz.dat
C:\WINDOWS\cbbjj.dat
C:\WINDOWS\cevvj.dat
C:\WINDOWS\cgsbj.dat
C:\WINDOWS\cshqp.dat
C:\WINDOWS\csklt.dat
C:\WINDOWS\cstlr.dat
C:\WINDOWS\dmjbs.dat
C:\WINDOWS\dogsl.dat
C:\WINDOWS\dtipq.dat
C:\WINDOWS\dvuwo.dat
C:\WINDOWS\ebpzk.dat
C:\WINDOWS\ecbro.dat
C:\WINDOWS\edqxj.dat
C:\WINDOWS\eejqq.dat
C:\WINDOWS\efmvf.dat
C:\WINDOWS\ejaoo.dat
C:\WINDOWS\esdlm.dat
C:\WINDOWS\etfvy.dat
C:\WINDOWS\eyjlt.dat
C:\WINDOWS\fgwht.dat
C:\WINDOWS\fhdsq.dat
C:\WINDOWS\fjuhl.dat
C:\WINDOWS\fkdpv.dat
C:\WINDOWS\fqrcj.dat
C:\WINDOWS\gczvs.dll
C:\WINDOWS\gejdf.dat
C:\WINDOWS\ggfba.dat
C:\WINDOWS\ghopi.dat
C:\WINDOWS\gmdxz.dat
C:\WINDOWS\gqeem.dat
C:\WINDOWS\grtwx.dat
C:\WINDOWS\gvkry.dat
C:\WINDOWS\gvvfr.dat
C:\WINDOWS\gwbnr.dat
C:\WINDOWS\gzedw.dat
C:\WINDOWS\heaky.dat
C:\WINDOWS\hutbs.dat
C:\WINDOWS\hutxg.dat
C:\WINDOWS\hvhpb.dat
C:\WINDOWS\isppn.dat
C:\WINDOWS\jaacl.dat
C:\WINDOWS\jaiyq.dat
C:\WINDOWS\jjgbn.dat
C:\WINDOWS\jlgsc.dat
C:\WINDOWS\jmuvj.dat
C:\WINDOWS\jokdo.dat
C:\WINDOWS\jsums.dat
C:\WINDOWS\jwwje.dat
C:\WINDOWS\kdvzk.dat
C:\WINDOWS\kesui.dat
C:\WINDOWS\krwfj.dat
C:\WINDOWS\kveyt.dat
C:\WINDOWS\kvxih.dat
C:\WINDOWS\kvxwm.dat
C:\WINDOWS\kwtgd.dat
C:\WINDOWS\lfeeg.dat
C:\WINDOWS\lpzpb.dat
C:\WINDOWS\lyejt.dat
C:\WINDOWS\lynal.dat
C:\WINDOWS\lynsq.dat
C:\WINDOWS\mazsx.dat
C:\WINDOWS\misie.dat
C:\WINDOWS\mpsgr.dat
C:\WINDOWS\myeuc.dat
C:\WINDOWS\ndbjk.dat
C:\WINDOWS\ndfwo.dat
C:\WINDOWS\ndjpz.dat
C:\WINDOWS\ndlwy.dat
C:\WINDOWS\nfprq.dat
C:\WINDOWS\nfzwj.dat
C:\WINDOWS\nijbw.dat
C:\WINDOWS\njjsq.dat
C:\WINDOWS\njlat.dat
C:\WINDOWS\nprzv.dat
C:\WINDOWS\nqmxq.dat
C:\WINDOWS\nrmuh.dat
C:\WINDOWS\nuedz.dat
C:\WINDOWS\nvwyv.dat
C:\WINDOWS\nwrns.dat
C:\WINDOWS\nzelh.dat
C:\WINDOWS\nzqyq.dat
C:\WINDOWS\n_sdhgps.dat
C:\WINDOWS\n_vrpxfx.dat
C:\WINDOWS\n_xeqiur.dat
C:\WINDOWS\obput.dat
C:\WINDOWS\oezbw.dat
C:\WINDOWS\ogczs.dat
C:\WINDOWS\ogdyi.dat
C:\WINDOWS\ogxsg.dat
C:\WINDOWS\oindw.dat
C:\WINDOWS\ojabj.dat
C:\WINDOWS\oktfy.dat
C:\WINDOWS\oqsmx.dat
C:\WINDOWS\orolk.dat
C:\WINDOWS\otajm.dat
C:\WINDOWS\ouign.dat
C:\WINDOWS\ovnaz.dat
C:\WINDOWS\owcot.dat
C:\WINDOWS\owdsp.dat
C:\WINDOWS\owkbh.dat
C:\WINDOWS\oxmxe.dat
C:\WINDOWS\oxzql.dat
C:\WINDOWS\oztga.dat
C:\WINDOWS\pbdpr.dat
C:\WINDOWS\piina.dat
C:\WINDOWS\pjdlo.dat
C:\WINDOWS\pmjnv.dat
C:\WINDOWS\pnbgw.dat
C:\WINDOWS\pnnbs.dat
C:\WINDOWS\pydeu.dat
C:\WINDOWS\pzire.dat
C:\WINDOWS\pzuea.dat
C:\WINDOWS\qagxk.dat
C:\WINDOWS\qaypk.dat
C:\WINDOWS\qevbx.dat
C:\WINDOWS\qjyei.dat
C:\WINDOWS\qltcw.dat
C:\WINDOWS\qpywd.dat
C:\WINDOWS\qvxee.dat
C:\WINDOWS\qzqhd.dat
C:\WINDOWS\rftnj.dat
C:\WINDOWS\rhhrr.dat
C:\WINDOWS\rjnbk.dat
C:\WINDOWS\rljfo.dat
C:\WINDOWS\rsisp.dat
C:\WINDOWS\rvrlw.dat
C:\WINDOWS\rwypo.dat
C:\WINDOWS\rzvze.dat
C:\WINDOWS\shqsy.dat
C:\WINDOWS\sjlsz.dat
C:\WINDOWS\slaig.dat
C:\WINDOWS\snjsz.dat
C:\WINDOWS\svcaz.dat
C:\WINDOWS\szfca.dat
C:\WINDOWS\szqvg.dat
C:\WINDOWS\takpi.dat
C:\WINDOWS\tczen.dat
C:\WINDOWS\tonme.dat
C:\WINDOWS\ttezl.dat
C:\WINDOWS\ttkap.dat
C:\WINDOWS\tzffe.dat
C:\WINDOWS\uiibd.dat
C:\WINDOWS\ukbcr.dat
C:\WINDOWS\uohgw.dat
C:\WINDOWS\uqdiw.dat
C:\WINDOWS\uwhnv.dat
C:\WINDOWS\uynzk.dat
C:\WINDOWS\vefou.dat
C:\WINDOWS\vjmwl.dat
C:\WINDOWS\vjnrv.dat
C:\WINDOWS\vjpkn.dat
C:\WINDOWS\vlmbx.dat
C:\WINDOWS\vymlo.dat
C:\WINDOWS\vzctz.dat
C:\WINDOWS\wjpge.dat
C:\WINDOWS\wmyvd.dat
C:\WINDOWS\woggi.dat
C:\WINDOWS\wpwls.dat
C:\WINDOWS\wrsjn.dat
C:\WINDOWS\wtdtx.dat
C:\WINDOWS\xadjo.dat
C:\WINDOWS\xajtt.dat
C:\WINDOWS\xckqh.dat
C:\WINDOWS\xfaga.dat
C:\WINDOWS\xfmpq.dat
C:\WINDOWS\xknkd.dat
C:\WINDOWS\xmjir.dat
C:\WINDOWS\xmzdy.dat
C:\WINDOWS\xqovx.dat
C:\WINDOWS\xuqyo.dat
C:\WINDOWS\xvlfl.dat
C:\WINDOWS\xwdst.dat
C:\WINDOWS\xxgel.dat
C:\WINDOWS\xyzqo.dat
C:\WINDOWS\ytzvb.dat
C:\WINDOWS\yznyh.dat
C:\WINDOWS\yzyhx.dat
C:\WINDOWS\yzzba.dat
C:\WINDOWS\zexiz.dat
C:\WINDOWS\zgtgv.dat
C:\WINDOWS\zhvlq.dat
C:\WINDOWS\zogde.dat
C:\WINDOWS\ztdqe.dat
C:\WINDOWS\zxznu.dat
C:\WINDOWS\SYSTEM32\artoy.dll
C:\WINDOWS\SYSTEM32\aycog.dat
C:\WINDOWS\SYSTEM32\bbrkw.dat
C:\WINDOWS\SYSTEM32\bcefl.dat
C:\WINDOWS\SYSTEM32\bjdzk.dat
C:\WINDOWS\SYSTEM32\blptf.dat
C:\WINDOWS\SYSTEM32\bodau.dat
C:\WINDOWS\SYSTEM32\bswam.dat
C:\WINDOWS\SYSTEM32\bxyuj.dat
C:\WINDOWS\SYSTEM32\capkn.dat
C:\WINDOWS\SYSTEM32\cbefv.dat
C:\WINDOWS\SYSTEM32\cemrs.dat
C:\WINDOWS\SYSTEM32\cevrv.dat
C:\WINDOWS\SYSTEM32\cnyci.dat
C:\WINDOWS\SYSTEM32\cqklv.dat
C:\WINDOWS\SYSTEM32\czpuf.dat
C:\WINDOWS\SYSTEM32\dbteq.dat
C:\WINDOWS\SYSTEM32\ddeli.dat
C:\WINDOWS\SYSTEM32\dibfo.dat
C:\WINDOWS\SYSTEM32\dklng.dat
C:\WINDOWS\SYSTEM32\dnrul.dat
C:\WINDOWS\SYSTEM32\dnvhr.dat
C:\WINDOWS\SYSTEM32\dtamz.dat
C:\WINDOWS\SYSTEM32\dvsnb.dat
C:\WINDOWS\SYSTEM32\ebied.dat
C:\WINDOWS\SYSTEM32\ebkdr.dat
C:\WINDOWS\SYSTEM32\ecbfh.dat
C:\WINDOWS\SYSTEM32\eczje.dat
C:\WINDOWS\SYSTEM32\edjxl.dat
C:\WINDOWS\SYSTEM32\egbev.dat
C:\WINDOWS\SYSTEM32\enfko.dat
C:\WINDOWS\SYSTEM32\eqwdj.dat
C:\WINDOWS\SYSTEM32\fegzd.dat
C:\WINDOWS\SYSTEM32\ffjcn.dat
C:\WINDOWS\SYSTEM32\ffvtg.dat
C:\WINDOWS\SYSTEM32\fnelk.dat
C:\WINDOWS\SYSTEM32\fueav.dat
C:\WINDOWS\SYSTEM32\fwawd.dat
C:\WINDOWS\SYSTEM32\fyqgn.dat
C:\WINDOWS\SYSTEM32\gbcfr.dat
C:\WINDOWS\SYSTEM32\gkkfb.dat
C:\WINDOWS\SYSTEM32\gmcxg.dat
C:\WINDOWS\SYSTEM32\grtxf.dat
C:\WINDOWS\SYSTEM32\gtnlk.dat
C:\WINDOWS\SYSTEM32\gyrfb.dat
C:\WINDOWS\SYSTEM32\hdsau.dat
C:\WINDOWS\SYSTEM32\hiawa.dat
C:\WINDOWS\SYSTEM32\hjidg.dat
C:\WINDOWS\SYSTEM32\hnbdg.dat
C:\WINDOWS\SYSTEM32\hpljt.dat
C:\WINDOWS\SYSTEM32\hvgbo.dat
C:\WINDOWS\SYSTEM32\ibzlo.dat
C:\WINDOWS\SYSTEM32\ilckq.dat
C:\WINDOWS\SYSTEM32\iyeqi.dat
C:\WINDOWS\SYSTEM32\jceuy.dat
C:\WINDOWS\SYSTEM32\jesmj.dat
C:\WINDOWS\SYSTEM32\jeuue.dat
C:\WINDOWS\SYSTEM32\jfwty.dat
C:\WINDOWS\SYSTEM32\jgpbr.dat
C:\WINDOWS\SYSTEM32\jijsu.dat
C:\WINDOWS\SYSTEM32\jkiwh.dat
C:\WINDOWS\SYSTEM32\jorrt.dat
C:\WINDOWS\SYSTEM32\jsfqh.dat
C:\WINDOWS\SYSTEM32\jvlzm.dat
C:\WINDOWS\SYSTEM32\jxawo.dat
C:\WINDOWS\SYSTEM32\jxbak.dat
C:\WINDOWS\SYSTEM32\kbeon.dat
C:\WINDOWS\SYSTEM32\kbuzm.dat
C:\WINDOWS\SYSTEM32\kdadr.dat
C:\WINDOWS\SYSTEM32\kgxfv.dat
C:\WINDOWS\SYSTEM32\kkibi.dat
C:\WINDOWS\SYSTEM32\kmpuf.dat
C:\WINDOWS\SYSTEM32\knxtq.dat
C:\WINDOWS\SYSTEM32\kxwqq.dat
C:\WINDOWS\SYSTEM32\lcpus.dat
C:\WINDOWS\SYSTEM32\ljjwe.dat
C:\WINDOWS\SYSTEM32\lmlwn.dat
C:\WINDOWS\SYSTEM32\lvwzp.dat
C:\WINDOWS\SYSTEM32\lwsxl.dat
C:\WINDOWS\SYSTEM32\mfcic32.dll
C:\WINDOWS\SYSTEM32\mfekj.dat
C:\WINDOWS\SYSTEM32\mhlaw.dat
C:\WINDOWS\SYSTEM32\mntmc.dat
C:\WINDOWS\SYSTEM32\morbp.dat
C:\WINDOWS\SYSTEM32\mrxnp.dat
C:\WINDOWS\SYSTEM32\mshcw.dat
C:\WINDOWS\SYSTEM32\mxlcb.dat
C:\WINDOWS\SYSTEM32\mxokx.dat
C:\WINDOWS\SYSTEM32\njnmf.dat
C:\WINDOWS\SYSTEM32\nlaxa.dat
C:\WINDOWS\SYSTEM32\nnvvn.dat
C:\WINDOWS\SYSTEM32\nqkcl.dat
C:\WINDOWS\SYSTEM32\nvmoj.dat
C:\WINDOWS\SYSTEM32\nximf.dat
C:\WINDOWS\SYSTEM32\obfsp.dat
C:\WINDOWS\SYSTEM32\obqyc.dat
C:\WINDOWS\SYSTEM32\ocwol.dat
C:\WINDOWS\SYSTEM32\okutl.dat
C:\WINDOWS\SYSTEM32\ojigs.dat
C:\WINDOWS\SYSTEM32\oqdor.dat
C:\WINDOWS\SYSTEM32\payse.dat
C:\WINDOWS\SYSTEM32\petdc.dat
C:\WINDOWS\SYSTEM32\pfvqa.dll
C:\WINDOWS\SYSTEM32\pgdbn.dat
C:\WINDOWS\SYSTEM32\pgziy.dat
C:\WINDOWS\SYSTEM32\phqdl.dat
C:\WINDOWS\SYSTEM32\poixd.dat
C:\WINDOWS\SYSTEM32\pszct.dat
C:\WINDOWS\SYSTEM32\ptpbi.dat
C:\WINDOWS\SYSTEM32\pvrdh.dat
C:\WINDOWS\SYSTEM32\pvuzh.dat
C:\WINDOWS\SYSTEM32\qfvhg.dat
C:\WINDOWS\SYSTEM32\qghsd.dat
C:\WINDOWS\SYSTEM32\qhzhh.dat
C:\WINDOWS\SYSTEM32\qllrv.dat
C:\WINDOWS\SYSTEM32\qmuuh.dat
C:\WINDOWS\SYSTEM32\qsntd.dat
C:\WINDOWS\SYSTEM32\qsovv.dat
C:\WINDOWS\SYSTEM32\qujur.dat
C:\WINDOWS\SYSTEM32\qvaod.dat
C:\WINDOWS\SYSTEM32\qwlas.dat
C:\WINDOWS\SYSTEM32\qxphf.dll
C:\WINDOWS\SYSTEM32\rafbx.dat
C:\WINDOWS\SYSTEM32\rbsiq.dat
C:\WINDOWS\SYSTEM32\rdlxt.dat
C:\WINDOWS\SYSTEM32\rfmtd.dat
C:\WINDOWS\SYSTEM32\rownh.dll
C:\WINDOWS\SYSTEM32\rqinq.dat
C:\WINDOWS\SYSTEM32\rurag.dat
C:\WINDOWS\SYSTEM32\rvgoz.dat
C:\WINDOWS\SYSTEM32\rxjgc.dat
C:\WINDOWS\SYSTEM32\rzeey.dat
C:\WINDOWS\SYSTEM32\scpak.dat
C:\WINDOWS\SYSTEM32\sdbwv.dat
C:\WINDOWS\SYSTEM32\sdcgr.dat
C:\WINDOWS\SYSTEM32\snxef.dat
C:\WINDOWS\SYSTEM32\sobhe.dat
C:\WINDOWS\SYSTEM32\soogr.dat
C:\WINDOWS\SYSTEM32\sxblt.dat
C:\WINDOWS\SYSTEM32\syxfz.dat
C:\WINDOWS\SYSTEM32\tbuvk.dat
C:\WINDOWS\SYSTEM32\thbdw.dat
C:\WINDOWS\SYSTEM32\thlwb.dat
C:\WINDOWS\SYSTEM32\tjeru.dat
C:\WINDOWS\SYSTEM32\totuq.dat
C:\WINDOWS\SYSTEM32\tvdhe.dat
C:\WINDOWS\SYSTEM32\tygej.dat
C:\WINDOWS\SYSTEM32\udhls.dat
C:\WINDOWS\SYSTEM32\uiulx.dat
C:\WINDOWS\SYSTEM32\vcsbs.dat
C:\WINDOWS\SYSTEM32\vdisz.dat
C:\WINDOWS\SYSTEM32\veriw.dat
C:\WINDOWS\SYSTEM32\vhyao.dat
C:\WINDOWS\SYSTEM32\viout.dat
C:\WINDOWS\SYSTEM32\vipaa.dat
C:\WINDOWS\SYSTEM32\vkars.dll
C:\WINDOWS\SYSTEM32\vkrfz.dat
C:\WINDOWS\SYSTEM32\vkspx.dat
C:\WINDOWS\SYSTEM32\vnbmi.dat
C:\WINDOWS\SYSTEM32\vrlbr.dat
C:\WINDOWS\SYSTEM32\vsnne.dll
C:\WINDOWS\SYSTEM32\vytvg.dat
C:\WINDOWS\SYSTEM32\wdtwy.dat
C:\WINDOWS\SYSTEM32\wfkqw.dat
C:\WINDOWS\SYSTEM32\wmeiw.dat
C:\WINDOWS\SYSTEM32\wplos.dat
C:\WINDOWS\SYSTEM32\wpvtn.dat
C:\WINDOWS\SYSTEM32\wqgnf.dat
C:\WINDOWS\SYSTEM32\wvkme.dat
C:\WINDOWS\SYSTEM32\wyluv.dat
C:\WINDOWS\SYSTEM32\xaruh.dat
C:\WINDOWS\SYSTEM32\xswhq.dat
C:\WINDOWS\SYSTEM32\xvfdf.dat
C:\WINDOWS\SYSTEM32\xwslt.dat
C:\WINDOWS\SYSTEM32\xyjrl.dat
C:\WINDOWS\SYSTEM32\yfode.dat
C:\WINDOWS\SYSTEM32\yhikc.dat
C:\WINDOWS\SYSTEM32\ynhpr.dat
C:\WINDOWS\SYSTEM32\yqbmr.dat
C:\WINDOWS\SYSTEM32\yrsli.dat
C:\WINDOWS\SYSTEM32\ywfgj.dll
C:\WINDOWS\SYSTEM32\yzhky.dat
C:\WINDOWS\SYSTEM32\zhggo.dat
C:\WINDOWS\SYSTEM32\zlfvi.dat
C:\WINDOWS\SYSTEM32\znrdw.dat
C:\WINDOWS\SYSTEM32\zpbrk.dat
C:\WINDOWS\SYSTEM32\zspjc.dat
C:\WINDOWS\SYSTEM32\zyomv.dat

not2brightblonde · Oct 30, 2008

It seems like even tho I copy all of that list , it still is only doing those few files. I have tried this a few times now and it keeps coming out the same. Even when I open the cfscript to check if I copied them all it shows I did but when I run the combofix they all dont show up???

ComboFix 08-10-30.04 - Kristin Faith 2008-10-30 9:08:12.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.263 [GMT -5:00]
Running from: C:\Documents and Settings\Kristin Faith\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kristin Faith\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Program Files\Common Files\submit2.exe
C:\WINDOWS\acpbr.dat
C:\WINDOWS\adxbd.dat
C:\WINDOWS\aeyxd.dat
C:\WINDOWS\sthcl.dat
C:\WINDOWS\submit2.exe
.

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.

2008-10-29 13:17 . 2008-10-29 13:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 13:17 . 2008-10-29 13:17 <DIR> d-------- C:\Documents and Settings\Kristin Faith\Application Data\Malwarebytes
2008-10-29 13:17 . 2008-10-29 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-29 13:17 . 2008-10-22 16:28 38,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-29 13:17 . 2008-10-22 16:28 15,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-10-29 11:27 . 2008-10-29 11:27 <DIR> d-------- C:\Documents and Settings\Kristin Faith\Application Data\AdobeUM
2008-10-29 10:51 . 2008-10-29 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-29 10:11 . 2008-10-29 10:11 <DIR> d-------- C:\Documents and Settings\Kristin Faith\Application Data\ACD Systems
2008-10-29 10:02 . 2008-10-29 10:54 <DIR> d-------- C:\Program Files\Optio E10 Digital Camera
2008-10-29 10:02 . 2004-07-12 10:48 16,896 --a------ C:\WINDOWS\SYSTEM32\CoachDlg.dll
2008-10-29 10:01 . 2008-10-29 10:01 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-10-29 10:01 . 2008-10-29 10:01 <DIR> d-------- C:\Program Files\ACD Systems
2008-10-29 10:01 . 2008-10-29 10:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-10-29 10:00 . 2008-10-29 10:00 9,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys
2008-10-29 09:59 . 2008-10-29 09:59 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-10-29 08:47 . 2008-10-29 09:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-10-28 23:09 . 2008-10-28 23:15 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-28 23:08 . 2008-10-28 23:08 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-10-28 22:57 . 2008-10-28 22:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-28 22:54 . 2008-08-14 05:00 2,180,352 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-28 22:54 . 2008-08-14 04:58 2,136,064 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-28 22:54 . 2008-08-14 04:22 2,057,728 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-28 22:54 . 2008-08-14 04:22 2,015,744 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-28 22:39 . 2008-09-15 06:57 1,846,016 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-10-28 22:15 . 2008-08-28 05:04 333,056 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
2008-10-28 22:09 . 2008-04-11 13:50 683,520 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2008-10-28 21:47 . 2008-05-08 07:28 202,752 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-10-28 21:12 . 2008-10-28 21:12 <DIR> d-------- C:\Program Files\CCleaner
2008-10-28 14:40 . 2008-10-28 14:41 432 --a------ C:\WINDOWS\wininit.ini
2008-10-28 13:19 . 2008-10-28 13:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-28 13:19 . 2008-10-28 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-28 05:29 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-10-27 21:26 . 2008-08-14 04:51 138,368 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-10-27 20:51 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
2008-10-27 14:31 . 2008-10-27 14:31 410,976 --a------ C:\WINDOWS\SYSTEM32\deploytk.dll
2008-10-27 14:31 . 2008-10-27 14:31 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-10-27 05:59 . 2008-10-15 11:57 332,800 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-27 05:23 . 2008-10-28 10:00 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-27 05:10 . 2008-10-27 05:10 76,040 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-10-27 05:10 . 2008-10-27 05:10 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-10-27 05:09 . 2008-10-29 22:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-10-27 05:09 . 2008-10-27 05:09 <DIR> d-------- C:\Program Files\AVG
2008-10-27 05:09 . 2008-10-27 05:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-27 05:09 . 2008-10-27 05:09 97,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-10-26 22:34 . 2008-10-26 22:35 6 --a------ C:\WINDOWS\msoffice.ini
2008-10-26 20:11 . 2001-08-17 22:36 171,008 --a------ C:\WINDOWS\SYSTEM32\LXADSUI.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 04:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-28 19:42 --------- d-----w C:\Program Files\eZula
2008-10-27 19:31 --------- d-----w C:\Program Files\Java
2008-10-27 14:30 --------- d-----w C:\Program Files\SBITPlugin
2008-10-27 14:02 --------- d-----w C:\Documents and Settings\Kristin Faith\Application Data\sysjt
2008-10-27 10:44 --------- d-----w C:\Program Files\Common Files\AOL
2008-10-27 10:41 --------- d-----w C:\Program Files\Toolbar
2008-10-27 03:37 --------- d-----w C:\Program Files\Hasbro Interactive
2008-10-27 03:35 --------- d-----w C:\Program Files\Common Files\aolshare
2008-10-27 03:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-10-27 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-19 09:30 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-07-18 16:01 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-07-18 16:01 50,688 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\twain_32.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2004-07-25 19:38 11,591 --sha-w C:\WINDOWS\afkuk.dat
2004-08-08 12:40 3,063 --sha-w C:\WINDOWS\atpqn.dat
2005-01-22 02:19 11,592 --sha-w C:\WINDOWS\axnca.dat
2004-08-03 12:03 3,063 --sha-w C:\WINDOWS\betdd.dat
2004-09-03 12:34 11,591 --sha-w C:\WINDOWS\bluhe.dat
2004-07-19 01:23 3,063 --sha-w C:\WINDOWS\bmusf.dat
2004-08-01 21:43 11,591 --sha-w C:\WINDOWS\bofpj.dat
2004-08-22 01:07 11,591 --sha-w C:\WINDOWS\bpjka.dat
2004-08-06 18:07 3,063 --sha-w C:\WINDOWS\btffy.dat
2004-07-31 23:51 3,063 --sha-w C:\WINDOWS\bvoqs.dat
2004-07-14 12:57 3,063 --sha-w C:\WINDOWS\bwivf.dat
2004-07-23 14:19 3,063 --sha-w C:\WINDOWS\bwrcz.dat
2004-07-15 22:02 11,591 --sha-w C:\WINDOWS\cbbjj.dat
2004-07-30 05:46 3,063 --sha-w C:\WINDOWS\cevvj.dat
2004-07-25 05:11 3,063 --sha-w C:\WINDOWS\cgsbj.dat
2004-12-03 03:28 11,591 --sha-w C:\WINDOWS\cshqp.dat
2004-07-17 06:36 11,591 --sha-w C:\WINDOWS\csklt.dat
2004-07-21 10:34 3,063 --sha-w C:\WINDOWS\cstlr.dat
2004-09-06 20:45 11,591 --sha-w C:\WINDOWS\dmjbs.dat
2004-08-10 21:01 3,063 --sha-w C:\WINDOWS\dogsl.dat
2004-07-28 09:44 11,591 --sha-w C:\WINDOWS\dtipq.dat
2004-08-11 19:09 11,591 --sha-w C:\WINDOWS\dvuwo.dat
2004-08-01 22:09 11,591 --sha-w C:\WINDOWS\ebpzk.dat
2004-11-02 19:18 11,591 --sha-w C:\WINDOWS\ecbro.dat
2004-07-28 22:34 3,063 --sha-w C:\WINDOWS\edqxj.dat
2004-07-15 04:39 3,063 --sha-w C:\WINDOWS\eejqq.dat
2004-08-05 05:50 11,591 --sha-w C:\WINDOWS\efmvf.dat
2004-07-27 06:19 11,591 --sha-w C:\WINDOWS\ejaoo.dat
2004-07-19 10:34 3,063 --sha-w C:\WINDOWS\esdlm.dat
2004-07-24 06:32 11,591 --sha-w C:\WINDOWS\etfvy.dat
2004-07-26 20:09 3,063 --sha-w C:\WINDOWS\eyjlt.dat
2004-07-28 21:24 11,591 --sha-w C:\WINDOWS\fgwht.dat
2004-07-29 17:48 11,591 --sha-w C:\WINDOWS\fhdsq.dat
2004-07-27 07:45 3,063 --sha-w C:\WINDOWS\fjuhl.dat
2004-08-07 14:47 11,591 --sha-w C:\WINDOWS\fkdpv.dat
2004-08-11 12:15 11,591 --sha-w C:\WINDOWS\fqrcj.dat
2004-10-25 00:35 0 --sha-w C:\WINDOWS\gczvs.dll
2004-07-28 12:25 3,063 --sha-w C:\WINDOWS\gejdf.dat
2004-08-04 19:41 11,591 --sha-w C:\WINDOWS\ggfba.dat
2004-08-08 15:12 3,063 --sha-w C:\WINDOWS\ghopi.dat
2004-07-28 15:08 11,591 --sha-w C:\WINDOWS\gmdxz.dat
2004-08-01 18:53 3,063 --sha-w C:\WINDOWS\gqeem.dat
2004-08-05 09:50 3,063 --sha-w C:\WINDOWS\grtwx.dat
2004-07-27 21:12 11,591 --sha-w C:\WINDOWS\gvkry.dat
2004-07-23 19:49 11,591 --sha-w C:\WINDOWS\gvvfr.dat
2005-01-12 21:00 3,347 --sha-w C:\WINDOWS\gwbnr.dat
2004-08-11 09:09 3,063 --sha-w C:\WINDOWS\gzedw.dat
2004-09-08 05:42 11,591 --sha-w C:\WINDOWS\heaky.dat
2004-07-30 23:41 11,591 --sha-w C:\WINDOWS\hutbs.dat
2004-11-06 14:46 11,591 --sha-w C:\WINDOWS\hutxg.dat
2004-07-29 02:26 11,591 --sha-w C:\WINDOWS\hvhpb.dat
2004-12-30 16:24 3,063 --sha-w C:\WINDOWS\isppn.dat
2004-09-29 03:16 3,063 --sha-w C:\WINDOWS\jaacl.dat
2004-08-07 04:49 11,591 --sha-w C:\WINDOWS\jaiyq.dat
2004-07-30 16:38 3,063 --sha-w C:\WINDOWS\jjgbn.dat
2004-08-18 12:53 3,063 --sha-w C:\WINDOWS\jlgsc.dat
2004-07-29 22:53 3,063 --sha-w C:\WINDOWS\jmuvj.dat
2004-08-06 00:42 3,063 --sha-w C:\WINDOWS\jokdo.dat
2004-10-04 04:50 3,063 --sha-w C:\WINDOWS\jsums.dat
2004-11-24 19:02 11,591 --sha-w C:\WINDOWS\jwwje.dat
2004-08-05 01:51 11,591 --sha-w C:\WINDOWS\kdvzk.dat
2004-07-20 08:29 11,591 --sha-w C:\WINDOWS\kesui.dat
2004-08-07 02:22 3,063 --sha-w C:\WINDOWS\krwfj.dat
2004-07-31 14:32 3,063 --sha-w C:\WINDOWS\kveyt.dat
2004-08-01 10:52 3,063 --sha-w C:\WINDOWS\kvxih.dat
2004-08-11 21:03 3,063 --sha-w C:\WINDOWS\kvxwm.dat
2004-08-08 18:08 11,591 --sha-w C:\WINDOWS\kwtgd.dat
2004-10-03 21:12 3,063 --sha-w C:\WINDOWS\lfeeg.dat
2004-07-21 09:25 11,591 --sha-w C:\WINDOWS\lpzpb.dat
2004-07-21 17:18 11,591 --sha-w C:\WINDOWS\lyejt.dat
2004-10-24 17:41 11,591 --sha-w C:\WINDOWS\lynal.dat
2004-09-29 07:19 11,591 --sha-w C:\WINDOWS\lynsq.dat
2004-08-09 22:55 11,591 --sha-w C:\WINDOWS\mazsx.dat
2004-08-05 09:43 3,063 --sha-w C:\WINDOWS\misie.dat
2004-09-10 18:58 11,591 --sha-w C:\WINDOWS\mpsgr.dat
2004-08-02 15:40 3,063 --sha-w C:\WINDOWS\myeuc.dat
2004-07-28 05:42 11,591 --sha-w C:\WINDOWS\ndbjk.dat
2004-07-20 05:01 2,569 --sha-w C:\WINDOWS\ndfwo.dat
2004-09-22 10:12 3,063 --sha-w C:\WINDOWS\ndjpz.dat
2004-08-04 00:06 3,063 --sha-w C:\WINDOWS\ndlwy.dat
2004-09-21 09:29 3,063 --sha-w C:\WINDOWS\nfprq.dat
2004-10-25 18:46 11,591 --sha-w C:\WINDOWS\nfzwj.dat
2004-07-31 18:32 3,063 --sha-w C:\WINDOWS\nijbw.dat
2004-08-04 18:10 11,591 --sha-w C:\WINDOWS\njjsq.dat
2004-10-13 14:47 11,591 --sha-w C:\WINDOWS\njlat.dat
2004-08-03 13:28 3,063 --sha-w C:\WINDOWS\nprzv.dat
2004-08-10 20:43 11,591 --sha-w C:\WINDOWS\nqmxq.dat
2004-08-12 02:28 11,591 --sha-w C:\WINDOWS\nrmuh.dat
2004-07-16 07:39 11,591 --sha-w C:\WINDOWS\nuedz.dat
2004-10-02 19:13 3,362 --sha-w C:\WINDOWS\nvwyv.dat
2004-12-29 16:43 3,063 --sha-w C:\WINDOWS\nwrns.dat
2004-07-19 09:37 11,591 --sha-w C:\WINDOWS\nzelh.dat
2004-07-29 00:21 3,063 --sha-w C:\WINDOWS\nzqyq.dat
2004-11-04 13:53 0 -csha-w C:\WINDOWS\n_sdhgps.dat
2004-08-26 05:49 0 --sha-w C:\WINDOWS\n_vrpxfx.dat
2004-11-06 12:19 0 -csha-w C:\WINDOWS\n_xeqiur.dat
2004-08-12 17:05 11,591 --sha-w C:\WINDOWS\obput.dat
2004-08-09 21:27 3,063 --sha-w C:\WINDOWS\oezbw.dat
2005-01-09 09:45 11,591 --sha-w C:\WINDOWS\ogczs.dat
2004-08-08 06:59 11,591 --sha-w C:\WINDOWS\ogdyi.dat
2004-07-20 16:06 3,063 --sha-w C:\WINDOWS\ogxsg.dat
2004-08-05 21:30 11,591 --sha-w C:\WINDOWS\oindw.dat
2004-07-19 20:35 11,591 --sha-w C:\WINDOWS\ojabj.dat
2004-08-05 20:21 11,591 --sha-w C:\WINDOWS\oktfy.dat
2004-08-01 20:34 3,063 --sha-w C:\WINDOWS\oqsmx.dat
2004-08-09 03:50 11,591 --sha-w C:\WINDOWS\orolk.dat
2004-08-02 16:15 11,591 --sha-w C:\WINDOWS\otajm.dat
2005-01-08 12:46 11,591 --sha-w C:\WINDOWS\ouign.dat
2005-01-03 02:22 3,063 --sha-w C:\WINDOWS\ovnaz.dat
2004-07-21 03:28 3,063 --sha-w C:\WINDOWS\owcot.dat
2005-01-08 12:46 3,063 --sha-w C:\WINDOWS\owdsp.dat
2004-08-22 01:26 11,591 --sha-w C:\WINDOWS\owkbh.dat
2004-08-09 14:19 11,591 --sha-w C:\WINDOWS\oxmxe.dat
2004-08-08 14:59 11,591 --sha-w C:\WINDOWS\oxzql.dat
2005-01-03 02:22 3,063 --sha-w C:\WINDOWS\oztga.dat
2004-08-11 22:46 11,591 --sha-w C:\WINDOWS\pbdpr.dat
2004-09-29 08:35 3,063 --sha-w C:\WINDOWS\piina.dat
2004-10-06 15:51 11,591 --sha-w C:\WINDOWS\pjdlo.dat
2004-08-24 03:09 3,063 --sha-w C:\WINDOWS\pmjnv.dat
2004-08-12 02:00 3,063 --sha-w C:\WINDOWS\pnbgw.dat
2004-08-13 16:54 11,591 --sha-w C:\WINDOWS\pnnbs.dat
2004-12-22 07:04 11,591 --sha-w C:\WINDOWS\pydeu.dat
2004-08-04 15:31 3,063 --sha-w C:\WINDOWS\pzire.dat
2004-08-01 16:34 11,591 --sha-w C:\WINDOWS\pzuea.dat
2004-10-15 14:54 11,591 --sha-w C:\WINDOWS\qagxk.dat
2004-11-05 21:36 3,347 --sha-w C:\WINDOWS\qaypk.dat
2004-08-03 19:11 11,591 --sha-w C:\WINDOWS\qevbx.dat
2004-07-22 18:13 3,063 --sha-w C:\WINDOWS\qjyei.dat
2004-07-30 01:28 11,591 --sha-w C:\WINDOWS\qltcw.dat
2004-10-26 08:37 3,063 --sha-w C:\WINDOWS\qpywd.dat
2004-07-23 12:42 3,063 --sha-w C:\WINDOWS\qvxee.dat
2004-08-30 07:34 11,591 --sha-w C:\WINDOWS\qzqhd.dat
2005-10-21 17:52 11,591 --sha-w C:\WINDOWS\rftnj.dat
2004-09-15 22:43 11,591 --sha-w C:\WINDOWS\rhhrr.dat
2004-08-15 16:52 3,063 --sha-w C:\WINDOWS\rjnbk.dat
2004-08-12 19:58 11,591 --sha-w C:\WINDOWS\rljfo.dat
2004-07-28 16:05 11,591 --sha-w C:\WINDOWS\rsisp.dat
2004-09-08 19:33 3,063 --sha-w C:\WINDOWS\rvrlw.dat
2004-07-20 23:42 3,063 --sha-w C:\WINDOWS\rwypo.dat
2004-09-11 02:50 11,591 --sha-w C:\WINDOWS\rzvze.dat
2004-08-11 21:44 3,063 --sha-w C:\WINDOWS\shqsy.dat
2005-01-16 19:49 3,063 --sha-w C:\WINDOWS\sjlsz.dat
2004-07-23 22:24 11,591 --sha-w C:\WINDOWS\slaig.dat
2004-08-13 05:40 3,063 --sha-w C:\WINDOWS\snjsz.dat
2004-09-05 08:33 11,591 --sha-w C:\WINDOWS\svcaz.dat
2004-08-05 01:58 11,591 --sha-w C:\WINDOWS\szfca.dat
2004-11-24 19:49 3,063 --sha-w C:\WINDOWS\szqvg.dat
2004-07-23 19:28 11,591 --sha-w C:\WINDOWS\takpi.dat
2004-07-24 07:43 3,063 --sha-w C:\WINDOWS\tczen.dat
2004-08-14 17:52 3,063 --sha-w C:\WINDOWS\tonme.dat
2004-10-17 02:45 3,362 --sha-w C:\WINDOWS\ttezl.dat
2004-09-08 23:43 11,591 --sha-w C:\WINDOWS\ttkap.dat
2004-11-16 22:24 11,591 --sha-w C:\WINDOWS\tzffe.dat
2004-07-17 07:37 3,063 --sha-w C:\WINDOWS\uiibd.dat
2004-08-14 23:44 11,591 --sha-w C:\WINDOWS\ukbcr.dat
2005-10-15 20:30 11,591 --sha-w C:\WINDOWS\uohgw.dat
2004-11-25 12:19 11,591 --sha-w C:\WINDOWS\uqdiw.dat
2004-10-24 14:54 11,591 --sha-w C:\WINDOWS\uunnf.dat
2004-08-02 07:37 3,063 --sha-w C:\WINDOWS\uwhnv.dat
2004-08-07 23:05 11,591 --sha-w C:\WINDOWS\uynzk.dat
2004-07-13 23:18 3,063 --sha-w C:\WINDOWS\vefou.dat
2004-08-05 07:36 11,591 --sha-w C:\WINDOWS\vjmwl.dat
2004-07-21 02:28 3,063 --sha-w C:\WINDOWS\vjnrv.dat
2004-10-22 10:24 11,591 --sha-w C:\WINDOWS\vjpkn.dat
2004-09-22 13:39 11,591 --sha-w C:\WINDOWS\vlmbx.dat
2004-08-06 00:34 11,591 --sha-w C:\WINDOWS\vymlo.dat
2004-07-22 13:29 3,063 --sha-w C:\WINDOWS\vzctz.dat
2004-07-20 19:35 11,591 --sha-w C:\WINDOWS\wjpge.dat
2005-10-15 20:30 11,591 --sha-w C:\WINDOWS\wmyvd.dat
2005-10-15 20:30 3,063 --sha-w C:\WINDOWS\woggi.dat
2004-08-10 10:17 3,063 --sha-w C:\WINDOWS\wpwls.dat
2004-07-18 21:43 11,591 --sha-w C:\WINDOWS\wrsjn.dat
2004-07-14 09:28 11,591 --sha-w C:\WINDOWS\wtdtx.dat
2004-08-05 17:29 11,591 --sha-w C:\WINDOWS\xadjo.dat
2004-07-24 21:21 11,591 --sha-w C:\WINDOWS\xajtt.dat
2004-07-21 20:52 11,591 --sha-w C:\WINDOWS\xckqh.dat
2004-07-27 21:44 3,063 --sha-w C:\WINDOWS\xfaga.dat
2004-08-04 13:49 11,591 --sha-w C:\WINDOWS\xfmpq.dat
2004-11-10 12:16 3,063 --sha-w C:\WINDOWS\xknkd.dat
2004-07-29 14:22 11,591 --sha-w C:\WINDOWS\xmjir.dat
2004-10-13 06:10 3,362 --sha-w C:\WINDOWS\xmzdy.dat
2004-10-11 12:46 3,063 --sha-w C:\WINDOWS\xqovx.dat
2004-08-05 01:32 11,591 --sha-w C:\WINDOWS\xuqyo.dat
2004-08-01 19:18 11,591 --sha-w C:\WINDOWS\xvlfl.dat
2004-07-28 21:17 3,063 --sha-w C:\WINDOWS\xwdst.dat
2004-07-18 06:40 11,591 --sha-w C:\WINDOWS\xxgel.dat
2004-08-05 04:33 11,591 --sha-w C:\WINDOWS\xyzqo.dat
2004-07-21 07:53 3,063 --sha-w C:\WINDOWS\ykizd.dat
2004-10-24 04:55 11,591 --sha-w C:\WINDOWS\ytzvb.dat
2004-10-19 10:35 11,591 --sha-w C:\WINDOWS\yznyh.dat
2004-10-11 12:46 3,063 --sha-w C:\WINDOWS\yzyhx.dat
2004-10-25 14:06 3,362 --sha-w C:\WINDOWS\yzzba.dat
2004-10-11 12:46 3,063 --sha-w C:\WINDOWS\zexiz.dat
2004-07-20 10:13 11,591 --sha-w C:\WINDOWS\zgtgv.dat
2004-07-29 08:29 11,591 --sha-w C:\WINDOWS\zhvlq.dat
2004-08-06 18:41 3,063 --sha-w C:\WINDOWS\zogde.dat
2004-07-20 08:00 3,063 --sha-w C:\WINDOWS\ztdqe.dat
2004-08-04 19:28 3,063 --sha-w C:\WINDOWS\zxznu.dat
2004-09-11 16:35 56,832 --sha-w C:\WINDOWS\SYSTEM32\artoy.dll
2004-08-06 17:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\aycog.dat
2004-08-03 17:43 11,591 --sha-w C:\WINDOWS\SYSTEM32\bbrkw.dat
2004-07-22 07:37 11,591 --sha-w C:\WINDOWS\SYSTEM32\bcefl.dat
2004-08-15 12:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\bjdzk.dat
2004-07-24 20:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\blptf.dat
2004-07-30 08:51 3,063 --sha-w C:\WINDOWS\SYSTEM32\bodau.dat
2004-07-25 10:05 3,063 --sha-w C:\WINDOWS\SYSTEM32\bswam.dat
2004-08-06 16:13 11,591 --sha-w C:\WINDOWS\SYSTEM32\bxyuj.dat
2004-08-02 07:51 3,063 --sha-w C:\WINDOWS\SYSTEM32\capkn.dat
2004-08-06 16:40 3,063 --sha-w C:\WINDOWS\SYSTEM32\cbefv.dat
2004-08-11 11:22 3,063 --sha-w C:\WINDOWS\SYSTEM32\cemrs.dat
2004-07-29 21:19 3,063 --sha-w C:\WINDOWS\SYSTEM32\cevrv.dat
2004-08-03 05:43 3,063 --sha-w C:\WINDOWS\SYSTEM32\cnyci.dat
2004-07-25 10:44 3,063 --sha-w C:\WINDOWS\SYSTEM32\cqklv.dat
2004-08-06 12:45 3,063 --sha-w C:\WINDOWS\SYSTEM32\czpuf.dat
2004-07-21 03:27 3,063 --sha-w C:\WINDOWS\SYSTEM32\dbteq.dat
2004-10-04 10:23 3,063 --sha-w C:\WINDOWS\SYSTEM32\ddeli.dat
2004-07-13 02:25 11,591 --sha-w C:\WINDOWS\SYSTEM32\dibfo.dat
2004-07-22 23:20 3,063 --sha-w C:\WINDOWS\SYSTEM32\dklng.dat
2004-07-30 21:33 11,591 --sha-w C:\WINDOWS\SYSTEM32\dnrul.dat
2004-07-24 11:54 11,591 --sha-w C:\WINDOWS\SYSTEM32\dnvhr.dat
2004-07-30 04:29 11,591 --sha-w C:\WINDOWS\SYSTEM32\dtamz.dat
2004-07-28 09:14 11,591 --sha-w C:\WINDOWS\SYSTEM32\dvsnb.dat
2004-08-06 11:49 11,591 --sha-w C:\WINDOWS\SYSTEM32\ebied.dat
2004-07-18 16:08 11,591 --sha-w C:\WINDOWS\SYSTEM32\ebkdr.dat
2004-09-13 21:56 3,063 --sha-w C:\WINDOWS\SYSTEM32\ecbfh.dat
2004-07-14 14:02 3,063 --sha-w C:\WINDOWS\SYSTEM32\eczje.dat
2004-07-19 08:05 3,063 --sha-w C:\WINDOWS\SYSTEM32\edjxl.dat
2004-10-13 20:59 3,063 --sha-w C:\WINDOWS\SYSTEM32\egbev.dat
2004-07-24 16:34 11,591 --sha-w C:\WINDOWS\SYSTEM32\enfko.dat
2004-10-21 04:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\eqwdj.dat
2004-08-06 19:43 11,591 --sha-w C:\WINDOWS\SYSTEM32\fegzd.dat
2004-08-01 02:45 11,591 --sha-w C:\WINDOWS\SYSTEM32\ffjcn.dat
2004-08-02 15:23 3,063 --sha-w C:\WINDOWS\SYSTEM32\ffvtg.dat
2004-08-10 02:22 11,591 --sha-w C:\WINDOWS\SYSTEM32\fnelk.dat
2004-08-04 05:59 3,063 --sha-w C:\WINDOWS\SYSTEM32\fueav.dat
2004-08-31 20:30 11,591 --sha-w C:\WINDOWS\SYSTEM32\fwawd.dat
2004-08-02 15:07 11,591 --sha-w C:\WINDOWS\SYSTEM32\fyqgn.dat
2004-08-01 17:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\gbcfr.dat
2004-08-09 17:26 3,063 --sha-w C:\WINDOWS\SYSTEM32\gkkfb.dat
2004-08-10 16:23 11,591 --sha-w C:\WINDOWS\SYSTEM32\gmcxg.dat
2004-08-11 19:20 3,063 --sha-w C:\WINDOWS\SYSTEM32\grtxf.dat
2004-07-15 20:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\gtnlk.dat
2004-07-29 14:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\gyrfb.dat
2004-07-21 20:17 3,063 --sha-w C:\WINDOWS\SYSTEM32\hdsau.dat
2004-07-30 20:53 3,063 --sha-w C:\WINDOWS\SYSTEM32\hiawa.dat
2004-07-22 03:21 11,591 --sha-w C:\WINDOWS\SYSTEM32\hjidg.dat
2004-07-19 12:49 11,591 --sha-w C:\WINDOWS\SYSTEM32\hnbdg.dat
2004-08-06 09:06 3,063 --sha-w C:\WINDOWS\SYSTEM32\hpljt.dat
2004-07-30 01:13 11,591 --sha-w C:\WINDOWS\SYSTEM32\hvgbo.dat
2004-07-23 09:41 11,591 --sha-w C:\WINDOWS\SYSTEM32\ibzlo.dat
2004-07-15 23:47 11,591 --sha-w C:\WINDOWS\SYSTEM32\ilckq.dat
2004-07-31 13:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\iyeqi.dat
2004-08-04 11:41 3,063 --sha-w C:\WINDOWS\SYSTEM32\jceuy.dat
2004-08-18 18:51 11,591 --sha-w C:\WINDOWS\SYSTEM32\jesmj.dat
2004-07-24 13:22 11,591 --sha-w C:\WINDOWS\SYSTEM32\jeuue.dat
2004-07-25 18:39 3,063 --sha-w C:\WINDOWS\SYSTEM32\jfwty.dat
2004-08-10 19:18 11,591 --sha-w C:\WINDOWS\SYSTEM32\jgpbr.dat
2004-07-25 16:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\jijsu.dat
2004-07-21 10:32 11,591 --sha-w C:\WINDOWS\SYSTEM32\jkiwh.dat
2004-08-02 01:54 11,591 --sha-w C:\WINDOWS\SYSTEM32\jorrt.dat
2004-08-01 23:30 11,591 --sha-w C:\WINDOWS\SYSTEM32\jsfqh.dat
2004-07-23 04:28 11,591 --sha-w C:\WINDOWS\SYSTEM32\jvlzm.dat
2004-07-16 03:01 3,063 --sha-w C:\WINDOWS\SYSTEM32\jxawo.dat
2004-07-27 07:24 3,063 --sha-w C:\WINDOWS\SYSTEM32\jxbak.dat
2004-07-13 14:43 11,591 --sha-w C:\WINDOWS\SYSTEM32\kbeon.dat
2004-07-27 18:11 11,591 --sha-w C:\WINDOWS\SYSTEM32\kbuzm.dat
2004-07-31 05:42 11,591 --sha-w C:\WINDOWS\SYSTEM32\kdadr.dat
2004-07-23 03:52 3,063 --sha-w C:\WINDOWS\SYSTEM32\kgxfv.dat
2004-08-09 21:38 3,063 --sha-w C:\WINDOWS\SYSTEM32\kkibi.dat
2004-07-27 23:48 3,063 --sha-w C:\WINDOWS\SYSTEM32\kmpuf.dat
2004-08-13 09:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\knxtq.dat
2004-07-27 14:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\kxwqq.dat
2004-08-02 11:49 3,063 --sha-w C:\WINDOWS\SYSTEM32\lcpus.dat
2004-08-13 17:27 11,591 --sha-w C:\WINDOWS\SYSTEM32\ljjwe.dat
2004-08-03 07:25 11,591 --sha-w C:\WINDOWS\SYSTEM32\lmlwn.dat
2004-08-05 14:37 3,063 --sha-w C:\WINDOWS\SYSTEM32\lvwzp.dat
2004-07-14 02:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\lwsxl.dat
2004-07-30 07:04 430 --sha-w C:\WINDOWS\SYSTEM32\mfcic32.dll
2004-07-27 13:38 3,063 --sha-w C:\WINDOWS\SYSTEM32\mfekj.dat
2004-10-21 18:48 3,362 --sha-w C:\WINDOWS\SYSTEM32\mhlaw.dat
2004-08-01 08:05 3,063 --sha-w C:\WINDOWS\SYSTEM32\mntmc.dat
2004-07-31 15:49 3,063 --sha-w C:\WINDOWS\SYSTEM32\morbp.dat
2004-08-07 22:02 11,591 --sha-w C:\WINDOWS\SYSTEM32\mrxnp.dat
2004-08-12 16:05 11,591 --sha-w C:\WINDOWS\SYSTEM32\mshcw.dat
2004-07-21 10:47 3,063 --sha-w C:\WINDOWS\SYSTEM32\mxlcb.dat
2004-08-08 15:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\mxokx.dat
2004-10-16 12:14 3,063 --sha-w C:\WINDOWS\SYSTEM32\njnmf.dat
2004-10-18 14:17 3,063 --sha-w C:\WINDOWS\SYSTEM32\nlaxa.dat
2004-09-26 01:42 11,591 --sha-w C:\WINDOWS\SYSTEM32\nnvvn.dat
2004-07-19 03:10 11,591 --sha-w C:\WINDOWS\SYSTEM32\nqkcl.dat
2004-07-15 07:58 3,063 --sha-w C:\WINDOWS\SYSTEM32\nvmoj.dat
2004-07-22 15:13 11,591 --sha-w C:\WINDOWS\SYSTEM32\nximf.dat
2004-07-16 08:28 11,591 --sha-w C:\WINDOWS\SYSTEM32\obfsp.dat
2004-07-13 17:09 3,063 --sha-w C:\WINDOWS\SYSTEM32\obqyc.dat
2004-08-03 23:55 11,591 --sha-w C:\WINDOWS\SYSTEM32\ocwol.dat
2004-08-02 00:51 11,591 --sha-w C:\WINDOWS\SYSTEM32\ojigs.dat
2004-08-01 02:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\okutl.dat
2004-08-11 19:09 11,591 --sha-w C:\WINDOWS\SYSTEM32\oqdor.dat
2004-08-11 07:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\payse.dat
2004-07-11 00:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\petdc.dat
2004-07-09 17:13 0 -csha-w C:\WINDOWS\SYSTEM32\pfvqa.dll
2004-07-20 14:20 11,591 --sha-w C:\WINDOWS\SYSTEM32\pgdbn.dat
2004-10-07 05:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\pgziy.dat
2004-07-25 07:08 11,591 --sha-w C:\WINDOWS\SYSTEM32\phqdl.dat
2004-10-27 07:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\poixd.dat
2004-07-27 20:52 3,063 --sha-w C:\WINDOWS\SYSTEM32\pszct.dat
2004-07-21 05:39 3,063 --sha-w C:\WINDOWS\SYSTEM32\ptpbi.dat
2004-08-09 14:15 11,591 --sha-w C:\WINDOWS\SYSTEM32\pvrdh.dat
2004-10-12 04:18 11,591 --sha-w C:\WINDOWS\SYSTEM32\pvuzh.dat
2004-08-20 11:02 3,063 --sha-w C:\WINDOWS\SYSTEM32\qfvhg.dat
2004-07-17 01:40 11,591 --sha-w C:\WINDOWS\SYSTEM32\qghsd.dat
2004-08-05 11:24 3,063 --sha-w C:\WINDOWS\SYSTEM32\qhzhh.dat
2004-07-19 15:45 3,063 --sha-w C:\WINDOWS\SYSTEM32\qllrv.dat
2004-07-22 19:49 11,591 --sha-w C:\WINDOWS\SYSTEM32\qmuuh.dat
2004-08-07 03:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\qsntd.dat
2004-09-30 06:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\qsovv.dat
2004-09-23 19:40 11,591 --sha-w C:\WINDOWS\SYSTEM32\qujur.dat
2004-07-15 13:18 3,063 --sha-w C:\WINDOWS\SYSTEM32\qvaod.dat
2004-08-05 14:29 3,063 --sha-w C:\WINDOWS\SYSTEM32\qwlas.dat
2004-09-22 02:56 0 -csha-w C:\WINDOWS\SYSTEM32\qxphf.dll
2004-08-09 07:01 3,063 --sha-w C:\WINDOWS\SYSTEM32\rafbx.dat
2004-10-07 05:08 3,362 --sha-w C:\WINDOWS\SYSTEM32\rbsiq.dat
2004-08-23 19:04 11,591 --sha-w C:\WINDOWS\SYSTEM32\rdlxt.dat
2004-09-08 15:28 3,063 --sha-w C:\WINDOWS\SYSTEM32\rfmtd.dat
2004-09-30 13:52 0 -csha-w C:\WINDOWS\SYSTEM32\rownh.dll
2004-07-22 04:10 3,063 --sha-w C:\WINDOWS\SYSTEM32\rqinq.dat
2004-07-18 16:39 11,591 --sha-w C:\WINDOWS\SYSTEM32\rurag.dat
2004-08-07 07:10 0 -csha-w C:\WINDOWS\SYSTEM32\rvgoz.dat
2004-08-04 13:07 3,063 --sha-w C:\WINDOWS\SYSTEM32\rxjgc.dat
2004-07-29 02:08 11,591 --sha-w C:\WINDOWS\SYSTEM32\rzeey.dat
2004-07-13 13:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\scpak.dat
2004-07-25 17:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\sdbwv.dat
2004-07-29 07:55 3,063 --sha-w C:\WINDOWS\SYSTEM32\sdcgr.dat
2004-08-05 15:10 11,591 --sha-w C:\WINDOWS\SYSTEM32\snxef.dat
2004-07-30 12:10 3,063 --sha-w C:\WINDOWS\SYSTEM32\sobhe.dat
2004-07-21 11:34 3,063 --sha-w C:\WINDOWS\SYSTEM32\soogr.dat
2004-07-14 09:22 11,591 --sha-w C:\WINDOWS\SYSTEM32\sxblt.dat
2004-08-06 19:25 11,591 --sha-w C:\WINDOWS\SYSTEM32\syxfz.dat
2004-07-17 13:35 3,063 --sha-w C:\WINDOWS\SYSTEM32\tbuvk.dat
2004-07-22 05:30 11,591 --sha-w C:\WINDOWS\SYSTEM32\thbdw.dat
2004-10-27 17:59 11,591 --sha-w C:\WINDOWS\SYSTEM32\thlwb.dat
2004-07-30 05:25 3,063 --sha-w C:\WINDOWS\SYSTEM32\tjeru.dat
2004-08-02 01:03 3,063 --sha-w C:\WINDOWS\SYSTEM32\totuq.dat
2004-07-29 10:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\tvdhe.dat
2004-07-14 22:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\tygej.dat
2004-07-19 21:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\udhls.dat
2004-08-13 15:00 3,063 --sha-w C:\WINDOWS\SYSTEM32\uiulx.dat
2004-07-27 11:03 11,591 --sha-w C:\WINDOWS\SYSTEM32\vcsbs.dat
2004-07-20 19:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\vdisz.dat
2004-07-17 04:38 3,063 --sha-w C:\WINDOWS\SYSTEM32\veriw.dat
2004-10-28 14:00 11,591 --sha-w C:\WINDOWS\SYSTEM32\vhyao.dat
2004-08-14 16:01 11,591 --sha-w C:\WINDOWS\SYSTEM32\viout.dat
2004-07-30 13:19 3,063 --sha-w C:\WINDOWS\SYSTEM32\vipaa.dat
2004-07-13 18:43 0 -csha-w C:\WINDOWS\SYSTEM32\vkars.dll
2004-07-16 23:28 11,591 --sha-w C:\WINDOWS\SYSTEM32\vkrfz.dat
2004-07-16 06:42 3,063 --sha-w C:\WINDOWS\SYSTEM32\vkspx.dat
2004-08-07 01:09 3,063 --sha-w C:\WINDOWS\SYSTEM32\vnbmi.dat
2004-09-30 17:40 3,063 --sha-w C:\WINDOWS\SYSTEM32\vrlbr.dat
2005-01-16 18:51 0 -csha-w C:\WINDOWS\SYSTEM32\vsnne.dll
2004-08-07 08:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\vytvg.dat
2004-07-21 00:24 11,591 --sha-w C:\WINDOWS\SYSTEM32\wdtwy.dat
2004-09-14 06:11 11,591 --sha-w C:\WINDOWS\SYSTEM32\wfkqw.dat
2004-07-21 16:17 11,591 --sha-w C:\WINDOWS\SYSTEM32\wmeiw.dat
2004-07-13 18:35 3,063 --sha-w C:\WINDOWS\SYSTEM32\wplos.dat
2004-07-22 10:18 11,591 --sha-w C:\WINDOWS\SYSTEM32\wpvtn.dat
2004-07-21 01:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\wqgnf.dat
2004-10-16 04:48 3,362 --sha-w C:\WINDOWS\SYSTEM32\wvkme.dat
2004-07-29 15:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\wyluv.dat
2004-08-09 21:28 3,063 --sha-w C:\WINDOWS\SYSTEM32\xaruh.dat
2004-07-23 23:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\xswhq.dat
2004-07-26 10:41 3,063 --sha-w C:\WINDOWS\SYSTEM32\xvfdf.dat
2004-08-06 00:57 3,063 --sha-w C:\WINDOWS\SYSTEM32\xwslt.dat
2004-11-16 14:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\xyjrl.dat
2004-07-26 06:53 11,591 --sha-w C:\WINDOWS\SYSTEM32\yfode.dat
2004-08-09 16:17 3,063 --sha-w C:\WINDOWS\SYSTEM32\yhikc.dat
2004-07-26 23:01 11,591 --sha-w C:\WINDOWS\SYSTEM32\ynhpr.dat
2004-08-11 15:02 11,591 --sha-w C:\WINDOWS\SYSTEM32\yqbmr.dat
2004-10-12 15:17 3,362 --sha-w C:\WINDOWS\SYSTEM32\yrsli.dat
2004-11-04 13:51 0 -csha-w C:\WINDOWS\SYSTEM32\ywfgj.dll
2004-08-13 09:15 3,063 --sha-w C:\WINDOWS\SYSTEM32\yzhky.dat
2004-08-07 21:51 3,063 --sha-w C:\WINDOWS\SYSTEM32\zhggo.dat
2004-10-31 18:31 11,591 --sha-w C:\WINDOWS\SYSTEM32\zlfvi.dat
2004-08-11 21:54 3,063 --sha-w C:\WINDOWS\SYSTEM32\znrdw.dat
2004-07-24 07:05 11,591 --sha-w C:\WINDOWS\SYSTEM32\zpbrk.dat
2004-07-27 10:52 11,591 --sha-w C:\WINDOWS\SYSTEM32\zspjc.dat
2004-08-28 08:09 3,063 --sha-w C:\WINDOWS\SYSTEM32\zyomv.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-29_17.18.05.70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-30 10:05:08 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_604.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-12-08 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-12-08 151597]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 323584]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-27 1234712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-27 136600]
"Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [2004-09-02 221184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= jpegCode.dll
"VIDC.MJPG"= jpegCode.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-27 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-27 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-27 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-27 76040]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-27 152984]
S3 PentaxUsb;PENTAX Optio E10 on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976]
S3 PentaxVc;PENTAX Optio E10 Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2004-11-24 44256]

*Newly Created Service* - CATCHME
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 09:09:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = C:\Program Files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x???????????????????????????x??????????????w????????????j??w????x???x??????????????

scanning hidden files ...

C:\WINDOWS\zexiz.dat:spsyt 56832 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-10-30 9:11:57
ComboFix-quarantined-files.txt 2008-10-30 14:11:48
ComboFix2.txt 2008-10-30 13:46:51
ComboFix3.txt 2008-10-30 10:27:17
ComboFix4.txt 2008-10-30 03:10:33
ComboFix5.txt 2008-10-30 13:55:02

Pre-Run: 32,198,774,784 bytes free
Post-Run: 32,186,413,056 bytes free

537 --- E O F --- 2008-10-30 04:33:34

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:30 AM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05A1C1AC-BD54-4631-A16F-0D38205A5D3A}: NameServer = 205.152.37.23 205.152.132.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{05A1C1AC-BD54-4631-A16F-0D38205A5D3A}: NameServer = 205.152.37.23 205.152.132.23
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 5796 bytes

ken545 · Oct 30, 2008

Those files may not be present or something is putting them back ??

Please download OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\zexiz.dat
C:\WINDOWS\sthcl.dat
C:\WINDOWS\submit2.exe
C:\Program Files\Common Files\submit2.exe
C:\WINDOWS\acpbr.dat
C:\WINDOWS\adxbd.dat
C:\WINDOWS\aeyxd.dat
C\WINDOWS\afkuk.dat
C:\WINDOWS\atpqn.dat
C:\WINDOWS\axnca.dat
C:\WINDOWS\betdd.dat
C:\WINDOWS\bluhe.dat
C:\WINDOWS\bmusf.dat
C:\WINDOWS\bofpj.dat
C:\WINDOWS\bpjka.dat
C:\WINDOWS\btffy.dat
C:\WINDOWS\bvoqs.dat
C:\WINDOWS\bwivf.dat
C:\WINDOWS\bwrcz.dat
C:\WINDOWS\cbbjj.dat
C:\WINDOWS\cevvj.dat
C:\WINDOWS\cgsbj.dat
C:\WINDOWS\cshqp.dat
C:\WINDOWS\csklt.dat
C:\WINDOWS\cstlr.dat
C:\WINDOWS\dmjbs.dat
C:\WINDOWS\dogsl.dat
C:\WINDOWS\dtipq.dat
C:\WINDOWS\dvuwo.dat
C:\WINDOWS\ebpzk.dat
C:\WINDOWS\ecbro.dat
C:\WINDOWS\edqxj.dat
C:\WINDOWS\eejqq.dat
C:\WINDOWS\efmvf.dat
C:\WINDOWS\ejaoo.dat
C:\WINDOWS\esdlm.dat
C:\WINDOWS\etfvy.dat
C:\WINDOWS\eyjlt.dat
C:\WINDOWS\fgwht.dat
C:\WINDOWS\fhdsq.dat
C:\WINDOWS\fjuhl.dat
C:\WINDOWS\fkdpv.dat
C:\WINDOWS\fqrcj.dat
C:\WINDOWS\gczvs.dll
C:\WINDOWS\gejdf.dat
C:\WINDOWS\ggfba.dat
C:\WINDOWS\ghopi.dat
C:\WINDOWS\gmdxz.dat
C:\WINDOWS\gqeem.dat
C:\WINDOWS\grtwx.dat
C:\WINDOWS\gvkry.dat
C:\WINDOWS\gvvfr.dat
C:\WINDOWS\gwbnr.dat
C:\WINDOWS\gzedw.dat
C:\WINDOWS\heaky.dat
C:\WINDOWS\hutbs.dat
C:\WINDOWS\hutxg.dat
C:\WINDOWS\hvhpb.dat
C:\WINDOWS\isppn.dat
C:\WINDOWS\jaacl.dat
C:\WINDOWS\jaiyq.dat
C:\WINDOWS\jjgbn.dat
C:\WINDOWS\jlgsc.dat
C:\WINDOWS\jmuvj.dat
C:\WINDOWS\jokdo.dat
C:\WINDOWS\jsums.dat
C:\WINDOWS\jwwje.dat
C:\WINDOWS\kdvzk.dat
C:\WINDOWS\kesui.dat
C:\WINDOWS\krwfj.dat
C:\WINDOWS\kveyt.dat
C:\WINDOWS\kvxih.dat
C:\WINDOWS\kvxwm.dat
C:\WINDOWS\kwtgd.dat
C:\WINDOWS\lfeeg.dat
C:\WINDOWS\lpzpb.dat
C:\WINDOWS\lyejt.dat
C:\WINDOWS\lynal.dat
C:\WINDOWS\lynsq.dat
C:\WINDOWS\mazsx.dat
C:\WINDOWS\misie.dat
C:\WINDOWS\mpsgr.dat
C:\WINDOWS\myeuc.dat
C:\WINDOWS\ndbjk.dat
C:\WINDOWS\ndfwo.dat
C:\WINDOWS\ndjpz.dat
C:\WINDOWS\ndlwy.dat
C:\WINDOWS\nfprq.dat
C:\WINDOWS\nfzwj.dat
C:\WINDOWS\nijbw.dat
C:\WINDOWS\njjsq.dat
C:\WINDOWS\njlat.dat
C:\WINDOWS\nprzv.dat
C:\WINDOWS\nqmxq.dat
C:\WINDOWS\nrmuh.dat
C:\WINDOWS\nuedz.dat
C:\WINDOWS\nvwyv.dat
C:\WINDOWS\nwrns.dat
C:\WINDOWS\nzelh.dat
C:\WINDOWS\nzqyq.dat
C:\WINDOWS\n_sdhgps.dat
C:\WINDOWS\n_vrpxfx.dat
C:\WINDOWS\n_xeqiur.dat
C:\WINDOWS\obput.dat
C:\WINDOWS\oezbw.dat
C:\WINDOWS\ogczs.dat
C:\WINDOWS\ogdyi.dat
C:\WINDOWS\ogxsg.dat
C:\WINDOWS\oindw.dat
C:\WINDOWS\ojabj.dat
C:\WINDOWS\oktfy.dat
C:\WINDOWS\oqsmx.dat
C:\WINDOWS\orolk.dat
C:\WINDOWS\otajm.dat
C:\WINDOWS\ouign.dat
C:\WINDOWS\ovnaz.dat
C:\WINDOWS\owcot.dat
C:\WINDOWS\owdsp.dat
C:\WINDOWS\owkbh.dat
C:\WINDOWS\oxmxe.dat
C:\WINDOWS\oxzql.dat
C:\WINDOWS\oztga.dat
C:\WINDOWS\pbdpr.dat
C:\WINDOWS\piina.dat
C:\WINDOWS\pjdlo.dat
C:\WINDOWS\pmjnv.dat
C:\WINDOWS\pnbgw.dat
C:\WINDOWS\pnnbs.dat
C:\WINDOWS\pydeu.dat
C:\WINDOWS\pzire.dat
C:\WINDOWS\pzuea.dat
C:\WINDOWS\qagxk.dat
C:\WINDOWS\qaypk.dat
C:\WINDOWS\qevbx.dat
C:\WINDOWS\qjyei.dat
C:\WINDOWS\qltcw.dat
C:\WINDOWS\qpywd.dat
C:\WINDOWS\qvxee.dat
C:\WINDOWS\qzqhd.dat
C:\WINDOWS\rftnj.dat
C:\WINDOWS\rhhrr.dat
C:\WINDOWS\rjnbk.dat
C:\WINDOWS\rljfo.dat
C:\WINDOWS\rsisp.dat
C:\WINDOWS\rvrlw.dat
C:\WINDOWS\rwypo.dat
C:\WINDOWS\rzvze.dat
C:\WINDOWS\shqsy.dat
C:\WINDOWS\sjlsz.dat
C:\WINDOWS\slaig.dat
C:\WINDOWS\snjsz.dat
C:\WINDOWS\svcaz.dat
C:\WINDOWS\szfca.dat
C:\WINDOWS\szqvg.dat
C:\WINDOWS\takpi.dat
C:\WINDOWS\tczen.dat
C:\WINDOWS\tonme.dat
C:\WINDOWS\ttezl.dat
C:\WINDOWS\ttkap.dat
C:\WINDOWS\tzffe.dat
C:\WINDOWS\uiibd.dat
C:\WINDOWS\ukbcr.dat
C:\WINDOWS\uohgw.dat
C:\WINDOWS\uqdiw.dat
C:\WINDOWS\uwhnv.dat
C:\WINDOWS\uynzk.dat
C:\WINDOWS\vefou.dat
C:\WINDOWS\vjmwl.dat
C:\WINDOWS\vjnrv.dat
C:\WINDOWS\vjpkn.dat
C:\WINDOWS\vlmbx.dat
C:\WINDOWS\vymlo.dat
C:\WINDOWS\vzctz.dat
C:\WINDOWS\wjpge.dat
C:\WINDOWS\wmyvd.dat
C:\WINDOWS\woggi.dat
C:\WINDOWS\wpwls.dat
C:\WINDOWS\wrsjn.dat
C:\WINDOWS\wtdtx.dat
C:\WINDOWS\xadjo.dat
C:\WINDOWS\xajtt.dat
C:\WINDOWS\xckqh.dat
C:\WINDOWS\xfaga.dat
C:\WINDOWS\xfmpq.dat
C:\WINDOWS\xknkd.dat
C:\WINDOWS\xmjir.dat
C:\WINDOWS\xmzdy.dat
C:\WINDOWS\xqovx.dat
C:\WINDOWS\xuqyo.dat
C:\WINDOWS\xvlfl.dat
C:\WINDOWS\xwdst.dat
C:\WINDOWS\xxgel.dat
C:\WINDOWS\xyzqo.dat
C:\WINDOWS\ytzvb.dat
C:\WINDOWS\yznyh.dat
C:\WINDOWS\yzyhx.dat
C:\WINDOWS\yzzba.dat
C:\WINDOWS\zexiz.dat
C:\WINDOWS\zgtgv.dat
C:\WINDOWS\zhvlq.dat
C:\WINDOWS\zogde.dat
C:\WINDOWS\ztdqe.dat
C:\WINDOWS\zxznu.dat
C:\WINDOWS\SYSTEM32\artoy.dll
C:\WINDOWS\SYSTEM32\aycog.dat
C:\WINDOWS\SYSTEM32\bbrkw.dat
C:\WINDOWS\SYSTEM32\bcefl.dat
C:\WINDOWS\SYSTEM32\bjdzk.dat
C:\WINDOWS\SYSTEM32\blptf.dat
C:\WINDOWS\SYSTEM32\bodau.dat
C:\WINDOWS\SYSTEM32\bswam.dat
C:\WINDOWS\SYSTEM32\bxyuj.dat
C:\WINDOWS\SYSTEM32\capkn.dat
C:\WINDOWS\SYSTEM32\cbefv.dat
C:\WINDOWS\SYSTEM32\cemrs.dat
C:\WINDOWS\SYSTEM32\cevrv.dat
C:\WINDOWS\SYSTEM32\cnyci.dat
C:\WINDOWS\SYSTEM32\cqklv.dat
C:\WINDOWS\SYSTEM32\czpuf.dat
C:\WINDOWS\SYSTEM32\dbteq.dat
C:\WINDOWS\SYSTEM32\ddeli.dat
C:\WINDOWS\SYSTEM32\dibfo.dat
C:\WINDOWS\SYSTEM32\dklng.dat
C:\WINDOWS\SYSTEM32\dnrul.dat
C:\WINDOWS\SYSTEM32\dnvhr.dat
C:\WINDOWS\SYSTEM32\dtamz.dat
C:\WINDOWS\SYSTEM32\dvsnb.dat
C:\WINDOWS\SYSTEM32\ebied.dat
C:\WINDOWS\SYSTEM32\ebkdr.dat
C:\WINDOWS\SYSTEM32\ecbfh.dat
C:\WINDOWS\SYSTEM32\eczje.dat
C:\WINDOWS\SYSTEM32\edjxl.dat
C:\WINDOWS\SYSTEM32\egbev.dat
C:\WINDOWS\SYSTEM32\enfko.dat
C:\WINDOWS\SYSTEM32\eqwdj.dat
C:\WINDOWS\SYSTEM32\fegzd.dat
C:\WINDOWS\SYSTEM32\ffjcn.dat
C:\WINDOWS\SYSTEM32\ffvtg.dat
C:\WINDOWS\SYSTEM32\fnelk.dat
C:\WINDOWS\SYSTEM32\fueav.dat
C:\WINDOWS\SYSTEM32\fwawd.dat
C:\WINDOWS\SYSTEM32\fyqgn.dat
C:\WINDOWS\SYSTEM32\gbcfr.dat
C:\WINDOWS\SYSTEM32\gkkfb.dat
C:\WINDOWS\SYSTEM32\gmcxg.dat
C:\WINDOWS\SYSTEM32\grtxf.dat
C:\WINDOWS\SYSTEM32\gtnlk.dat
C:\WINDOWS\SYSTEM32\gyrfb.dat
C:\WINDOWS\SYSTEM32\hdsau.dat
C:\WINDOWS\SYSTEM32\hiawa.dat
C:\WINDOWS\SYSTEM32\hjidg.dat
C:\WINDOWS\SYSTEM32\hnbdg.dat
C:\WINDOWS\SYSTEM32\hpljt.dat
C:\WINDOWS\SYSTEM32\hvgbo.dat
C:\WINDOWS\SYSTEM32\ibzlo.dat
C:\WINDOWS\SYSTEM32\ilckq.dat
C:\WINDOWS\SYSTEM32\iyeqi.dat
C:\WINDOWS\SYSTEM32\jceuy.dat
C:\WINDOWS\SYSTEM32\jesmj.dat
C:\WINDOWS\SYSTEM32\jeuue.dat
C:\WINDOWS\SYSTEM32\jfwty.dat
C:\WINDOWS\SYSTEM32\jgpbr.dat
C:\WINDOWS\SYSTEM32\jijsu.dat
C:\WINDOWS\SYSTEM32\jkiwh.dat
C:\WINDOWS\SYSTEM32\jorrt.dat
C:\WINDOWS\SYSTEM32\jsfqh.dat
C:\WINDOWS\SYSTEM32\jvlzm.dat
C:\WINDOWS\SYSTEM32\jxawo.dat
C:\WINDOWS\SYSTEM32\jxbak.dat
C:\WINDOWS\SYSTEM32\kbeon.dat
C:\WINDOWS\SYSTEM32\kbuzm.dat
C:\WINDOWS\SYSTEM32\kdadr.dat
C:\WINDOWS\SYSTEM32\kgxfv.dat
C:\WINDOWS\SYSTEM32\kkibi.dat
C:\WINDOWS\SYSTEM32\kmpuf.dat
C:\WINDOWS\SYSTEM32\knxtq.dat
C:\WINDOWS\SYSTEM32\kxwqq.dat
C:\WINDOWS\SYSTEM32\lcpus.dat
C:\WINDOWS\SYSTEM32\ljjwe.dat
C:\WINDOWS\SYSTEM32\lmlwn.dat
C:\WINDOWS\SYSTEM32\lvwzp.dat
C:\WINDOWS\SYSTEM32\lwsxl.dat
C:\WINDOWS\SYSTEM32\mfcic32.dll
C:\WINDOWS\SYSTEM32\mfekj.dat
C:\WINDOWS\SYSTEM32\mhlaw.dat
C:\WINDOWS\SYSTEM32\mntmc.dat
C:\WINDOWS\SYSTEM32\morbp.dat
C:\WINDOWS\SYSTEM32\mrxnp.dat
C:\WINDOWS\SYSTEM32\mshcw.dat
C:\WINDOWS\SYSTEM32\mxlcb.dat
C:\WINDOWS\SYSTEM32\mxokx.dat
C:\WINDOWS\SYSTEM32\njnmf.dat
C:\WINDOWS\SYSTEM32\nlaxa.dat
C:\WINDOWS\SYSTEM32\nnvvn.dat
C:\WINDOWS\SYSTEM32\nqkcl.dat
C:\WINDOWS\SYSTEM32\nvmoj.dat
C:\WINDOWS\SYSTEM32\nximf.dat
C:\WINDOWS\SYSTEM32\obfsp.dat
C:\WINDOWS\SYSTEM32\obqyc.dat
C:\WINDOWS\SYSTEM32\ocwol.dat
C:\WINDOWS\SYSTEM32\okutl.dat
C:\WINDOWS\SYSTEM32\ojigs.dat
C:\WINDOWS\SYSTEM32\oqdor.dat
C:\WINDOWS\SYSTEM32\payse.dat
C:\WINDOWS\SYSTEM32\petdc.dat
C:\WINDOWS\SYSTEM32\pfvqa.dll
C:\WINDOWS\SYSTEM32\pgdbn.dat
C:\WINDOWS\SYSTEM32\pgziy.dat
C:\WINDOWS\SYSTEM32\phqdl.dat
C:\WINDOWS\SYSTEM32\poixd.dat
C:\WINDOWS\SYSTEM32\pszct.dat
C:\WINDOWS\SYSTEM32\ptpbi.dat
C:\WINDOWS\SYSTEM32\pvrdh.dat
C:\WINDOWS\SYSTEM32\pvuzh.dat
C:\WINDOWS\SYSTEM32\qfvhg.dat
C:\WINDOWS\SYSTEM32\qghsd.dat
C:\WINDOWS\SYSTEM32\qhzhh.dat
C:\WINDOWS\SYSTEM32\qllrv.dat
C:\WINDOWS\SYSTEM32\qmuuh.dat
C:\WINDOWS\SYSTEM32\qsntd.dat
C:\WINDOWS\SYSTEM32\qsovv.dat
C:\WINDOWS\SYSTEM32\qujur.dat
C:\WINDOWS\SYSTEM32\qvaod.dat
C:\WINDOWS\SYSTEM32\qwlas.dat
C:\WINDOWS\SYSTEM32\qxphf.dll
C:\WINDOWS\SYSTEM32\rafbx.dat
C:\WINDOWS\SYSTEM32\rbsiq.dat
C:\WINDOWS\SYSTEM32\rdlxt.dat
C:\WINDOWS\SYSTEM32\rfmtd.dat
C:\WINDOWS\SYSTEM32\rownh.dll
C:\WINDOWS\SYSTEM32\rqinq.dat
C:\WINDOWS\SYSTEM32\rurag.dat
C:\WINDOWS\SYSTEM32\rvgoz.dat
C:\WINDOWS\SYSTEM32\rxjgc.dat
C:\WINDOWS\SYSTEM32\rzeey.dat
C:\WINDOWS\SYSTEM32\scpak.dat
C:\WINDOWS\SYSTEM32\sdbwv.dat
C:\WINDOWS\SYSTEM32\sdcgr.dat
C:\WINDOWS\SYSTEM32\snxef.dat
C:\WINDOWS\SYSTEM32\sobhe.dat
C:\WINDOWS\SYSTEM32\soogr.dat
C:\WINDOWS\SYSTEM32\sxblt.dat
C:\WINDOWS\SYSTEM32\syxfz.dat
C:\WINDOWS\SYSTEM32\tbuvk.dat
C:\WINDOWS\SYSTEM32\thbdw.dat
C:\WINDOWS\SYSTEM32\thlwb.dat
C:\WINDOWS\SYSTEM32\tjeru.dat
C:\WINDOWS\SYSTEM32\totuq.dat
C:\WINDOWS\SYSTEM32\tvdhe.dat
C:\WINDOWS\SYSTEM32\tygej.dat
C:\WINDOWS\SYSTEM32\udhls.dat
C:\WINDOWS\SYSTEM32\uiulx.dat
C:\WINDOWS\SYSTEM32\vcsbs.dat
C:\WINDOWS\SYSTEM32\vdisz.dat
C:\WINDOWS\SYSTEM32\veriw.dat
C:\WINDOWS\SYSTEM32\vhyao.dat
C:\WINDOWS\SYSTEM32\viout.dat
C:\WINDOWS\SYSTEM32\vipaa.dat
C:\WINDOWS\SYSTEM32\vkars.dll
C:\WINDOWS\SYSTEM32\vkrfz.dat
C:\WINDOWS\SYSTEM32\vkspx.dat
C:\WINDOWS\SYSTEM32\vnbmi.dat
C:\WINDOWS\SYSTEM32\vrlbr.dat
C:\WINDOWS\SYSTEM32\vsnne.dll
C:\WINDOWS\SYSTEM32\vytvg.dat
C:\WINDOWS\SYSTEM32\wdtwy.dat
C:\WINDOWS\SYSTEM32\wfkqw.dat
C:\WINDOWS\SYSTEM32\wmeiw.dat
C:\WINDOWS\SYSTEM32\wplos.dat
C:\WINDOWS\SYSTEM32\wpvtn.dat
C:\WINDOWS\SYSTEM32\wqgnf.dat
C:\WINDOWS\SYSTEM32\wvkme.dat
C:\WINDOWS\SYSTEM32\wyluv.dat
C:\WINDOWS\SYSTEM32\xaruh.dat
C:\WINDOWS\SYSTEM32\xswhq.dat
C:\WINDOWS\SYSTEM32\xvfdf.dat
C:\WINDOWS\SYSTEM32\xwslt.dat
C:\WINDOWS\SYSTEM32\xyjrl.dat
C:\WINDOWS\SYSTEM32\yfode.dat
C:\WINDOWS\SYSTEM32\yhikc.dat
C:\WINDOWS\SYSTEM32\ynhpr.dat
C:\WINDOWS\SYSTEM32\yqbmr.dat
C:\WINDOWS\SYSTEM32\yrsli.dat
C:\WINDOWS\SYSTEM32\ywfgj.dll
C:\WINDOWS\SYSTEM32\yzhky.dat
C:\WINDOWS\SYSTEM32\zhggo.dat
C:\WINDOWS\SYSTEM32\zlfvi.dat
C:\WINDOWS\SYSTEM32\znrdw.dat
C:\WINDOWS\SYSTEM32\zpbrk.dat
C:\WINDOWS\SYSTEM32\zspjc.dat
C:\WINDOWS\SYSTEM32\zyomv.dat

Click to expand...
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

help with log please

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert