Vitumonde Infection

Hey peku006

Everything seems normal, I longer receive pop ups at system restart regarding specific .dll files (probably vundo). Do you think Vundo has been wiped from my system?
 
Hi 4daVii

We will run one online scan to be sure that there is nothing left.

1 - Update Java

Please download JavaRa and unzip it to your desktop.

  • Double-click on JavaRa.exe to start the program.
  • Click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a log file has been produced. Click OK.
  • A log file will pop up. Please save it to a convenient location.

Download the latest version of Java Runtime Environment (JRE) 6 Update 12.

  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.

2 - Clean temp files

  • Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:

    • Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache
      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:

    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:

    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

3 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

5 - Status Check
Please reply with

1. the Kaspersky online scanner report
2. a fresh HijackThis log

Thanks peku006
 
Hi peku006,

Sorry for the huge delay.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, March 19, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, March 19, 2009 11:00:13
Records in database: 1933434
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
X:\
Y:\
Z:\

Scan statistics:
Files scanned: 189950
Threat name: 5
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 05:29:02


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\SYSTEM32\HAL.DLL\system32\vufosesa.dll.vir Infected: Trojan.Win32.Agent2.erm 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP386\A0075405.dll Infected: Trojan.Win32.Agent2.erm 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP386\A0075411.dll Infected: Trojan.Win32.Agent2.erm 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP389\A0075577.exe Infected: Trojan.Win32.Inject.pum 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP391\A0075704.dll Infected: Trojan.Win32.Agent2.erm 1
C:\WINDOWS\SYSTEM32\iocea.dll Infected: Trojan-Spy.Win32.Briss.s 1
C:\WINDOWS\SYSTEM32\touuuin.dll Infected: not-a-virus:AdWare.Win32.AdultIt.a 1
H:\MiSc\BSINSTALL.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1

The selected area was scanned.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22 PM, on 03-19-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\SYSTEM32\HAL.DLL\System32\smss.exe
C:\SYSTEM32\HAL.DLL\system32\winlogon.exe
C:\SYSTEM32\HAL.DLL\system32\services.exe
C:\SYSTEM32\HAL.DLL\system32\lsass.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\MsPMSPSv.exe
C:\SYSTEM32\HAL.DLL\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\progra~1\winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\SYSTEM32\HAL.DLL\system32\taskmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\progra~1\winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Damien\Local Settings\temp\jkos-Damien\binaries\ScanningProcess.exe
C:\Documents and Settings\Damien\Desktop\Damien.exe

F3 - REG:win.ini: load=""
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {f11e4ae0-fa5c-4387-8e12-f2a5ea40af58} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\SYSTEM32\HAL.DLL\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [WinampAgent] c:\progra~1\winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\SYSTEM32\HAL.DLL\system32\scvhost.exe
O4 - HKUS\S-1-5-19\..\Run: [mabozejeki] Rundll32.exe "C:\SYSTEM32\HAL.DLL\system32\modigege.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mabozejeki] Rundll32.exe "C:\SYSTEM32\HAL.DLL\system32\modigege.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236619636953
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://ge.clubhanbit.jp/launcher/GELauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} (NeffyManSpLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - C:\Program Files\TAXWIZ 2005\TW2005\ic2005pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe

--
End of file - 12245 bytes
 
Hi 4daVii

Delete your version of SDFix and download a fresh copy........

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible.
Some steps will require you to use Safe Mode and you will not have access to this page.

1 - Download and Install SDFix
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

2 - Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

3- Run SDFix
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).

4 - Scan With ComboFix

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable Anti-virus

Please include the C:\ComboFix.txt in your next reply for further review.

5 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

6 - Status Check
Please reply with

1. the SDFix Report.txt(C:\SDFix\Report.txt)
2. the ComboFix log(C:\ComboFix.txt)
3. a fresh HijackThis log

Thanks peku006
 
SDFix Report too big for one post (72092 characters) and too large to attach (70.4 KB)


SDFix: Version 1.240
Run by Damien on 03-20-2009 at 08:21 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\MFVSE.EXE - Deleted
C:\OOTPNL.EXE - Deleted
C:\SYSTEM32\HAL.DLL\system32\ckl009.dat - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 22:54:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:55ca492d
"s2"=dword:3e756b8f
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:01,fd,87,da,d4,58,76,48,f3,c0,09,02,d4,3f,1b,e9,71,d7,9c,e9,55,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,4e,b3,8f,71,92,39,52,e1,55,0f,08,aa,17,05,34,9e,fa,66,1c,48,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,e5,c3,ac,4b,97,28,e7,46,07,64,e1,f2,8b,f6,94,44,..
"khjeh"=hex:af,48,7d,16,80,38,a2,d5,f4,70,61,c2,3c,b1,73,6b,9f,b2,10,d6,92,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5b,9b,5d,d8,b7,25,af,b8,ba,53,0b,af,11,a3,b0,78,a6,ed,c6,98,dc,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:17,a5,0e,2b,04,c2,ea,44,e8,b7,28,df,61,42,d5,64,fa,88,84,2d,05,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:b8,6b,27,20,74,d1,ee,d5,e5,d8,17,d5,61,64,6b,8f,d0,51,b4,56,74,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:01,fd,87,da,d4,58,76,48,f3,c0,09,02,d4,3f,1b,e9,71,d7,9c,e9,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,4e,b3,8f,71,92,39,52,e1,55,0f,08,aa,17,05,34,9e,fa,66,1c,48,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,e5,c3,ac,4b,97,28,e7,46,07,64,e1,f2,8b,f6,94,44,..
"khjeh"=hex:af,48,7d,16,80,38,a2,d5,f4,70,61,c2,3c,b1,73,6b,9f,b2,10,d6,92,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5b,9b,5d,d8,b7,25,af,b8,ba,53,0b,af,11,a3,b0,78,a6,ed,c6,98,dc,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:17,a5,0e,2b,04,c2,ea,44,e8,b7,28,df,61,42,d5,64,fa,88,84,2d,05,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:b8,6b,27,20,74,d1,ee,d5,e5,d8,17,d5,61,64,6b,8f,d0,51,b4,56,74,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:01,fd,87,da,d4,58,76,48,f3,c0,09,02,d4,3f,1b,e9,71,d7,9c,e9,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,4e,b3,8f,71,92,39,52,e1,55,0f,08,aa,17,05,34,9e,fa,66,1c,48,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,e5,c3,ac,4b,97,28,e7,46,07,64,e1,f2,8b,f6,94,44,..
"khjeh"=hex:af,48,7d,16,80,38,a2,d5,f4,70,61,c2,3c,b1,73,6b,9f,b2,10,d6,92,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ca,53,74,d8,18,06,a9,a7,8d,81,ba,43,71,78,05,d0,9f,c8,df,87,10,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:8f,c9,27,ac,3a,77,b1,48,d2,f6,bc,7e,ee,d4,7c,5e,72,4e,e4,a0,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:b8,6b,27,20,74,d1,ee,d5,e5,d8,17,d5,61,64,6b,8f,d0,51,b4,56,74,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="A6AD13F8A5DCC26F98683400B69FE63ED6F8405D8A1698CDBAB673F6A1A74C97AC61B4C19DF3310C856D8D60654BA1120735AB0FE807BF62D56E7E5FE2A2072310F1D645363105E4F2D3A1F3591D11E0064EAE8953B59D9164F7830DBE9217168CD0C5BA6B4651634211AF9B8757874F01DB16FB5498E560FDB3829D7A4631EFC041534B5DF36C26BCEE79B105531B3986CE388B9EBE91039BD480A3011ECE65AE5E57184C136FFD0C0CC6808FFD29AD8DE86BD285495BE8996207A36012AC5F3C1328B4228E3970C1D9E0C8865550EC6C408A5D836DC4AE3B39A11AC82CCC7A3421A62566656B37CE1D973FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452C038D530D6EB3452A2D97226D213B5554F6EBEBADED40E0E6034C7CF6A55B3870D469CB474D1000C3561F023DE95E06724964286395FB42CA302C2B5ACBBBD4CAEC5DDF26932AA88245F44C22CB52B299844870FCCF1190FA9D3CC1DE4622A8E6F9807D17D3EBC99F1D94B44D9A9AABEB5782B263E462EF655209FF4DD855D3B2DCC13FD45562DFA1514E234621986512B4A07D612686F14ADF3BBE347374431E680C0D9B8B3F75725E02BD0A9FEEAF7C9E43F5DB43BDA905DEC6143B45F4DC4406914FCB5DF1B51DFAA870E732D8BC208853728F2F07105333F96201DB3E9BE814ED232F9BA9CFC27EE211469C49932FE7F975E7E15B702A2B1263D5C459059168D0AF6ABF483E27DBEE2BD1ABF50BD6D374F56EF81398943209D0FB2F3BC478E9586FDD218DA028CBFFC1A75E86B4EB4A80F9EC0E703134DF850404177ED2A1E6C5DAEDCFCB2C9A1A9656D525F2A42DAE2CAF64F4E260AA1BF542C12D7259B1D29E5A218D21E202F4BD2AF6819536B89843DD2DD8CB84D448C02668D736AA607F639A83B9CB55C4785418B565B2F900FC7E15B92CF532F590AF9B4067BC6CB7C98B7C35D31154DA44E71611DC389EADD757BED78981677AD771C0EAC77CAFEC1E0052A7ABADA33242EE7C3A241B3A88AEA0F1A7D3B216130A88FA29ABF88A8BC3908C5F3382C444541EB7A309781EC4F1B64A5F460199AF104BE52CA0295A3FB9CEA360EFCAE28AEBA0A01F15F4CCB8B0D09079307A9482C05D7341CC08CC1AC9B9E4DF03010FB285F12877A0370D040DA4F6CF4FC7F7FB83BCC90D1D10F4525D95591294BFDD11F8819F0BFC24F799132CB371868CBCB964A536593DE3B675C12853DA69E2EADA423F5D419334D384CD4D6785DC2442C686966636D64BBD3EC0E6ABF3ECAD688EC31C57FC6BB52F1DC1A8EFB8DD7A415F4624371CDB539AA19AE843BA848344FD046696FE697CA82D3EB543E51C8276BA795EC2888F7E1FE4369960781610664CD0D035802D62936E9C84CEC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes]
"\31jィ\16f\35g?"="-3 "
"\31jィ\xff740\xff770\xff830\xff6f0?"="-3 \x30b4\x30b7\x30c3\x30af"
"\xff740\xff770\xff830\xff6f0"="-3 \x30b4\x30b7\x30c3\x30af"
"z\xf8f3\x30fb|\xf8f3o\xf8f3x\xf8f3?"="-3 \x30b4\x30b7\x30c3\x30af"
"x\xf8f3p\xf8f3\x30fbt\xf8f3?"="Courier"
"\x80\xf8f3r\xf8f3\x30fb}\xf8f3\x30fb\x30fb\x30fb\x30fb?????"="Times New Roman"
"\x30fb\x30fb\x30fb\x30fb\x30fbv\xf8f3?????"="Arial"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\SYSTEM32\HAL.DLL\system32\vufosesa.dll c:\system32\hal.dll\system32\neyiwafu.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"LoadAppInit_DLLs"=dword:00000001

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Damien\\My Documents\\HydraIRC\\HydraIRC.exe"="C:\\Documents and Settings\\Damien\\My Documents\\HydraIRC\\HydraIRC.exe:*:Enabled:HydraIRC"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Documents and Settings\\Damien\\My Documents\\Warcraft III\\Warcraft III.exe"="C:\\Documents and Settings\\Damien\\My Documents\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Documents and Settings\\Damien\\Desktop\\UT\\System\\UT2004.exe"="C:\\Documents and Settings\\Damien\\Desktop\\UT\\System\\UT2004.exe:*:Enabled:UT2004"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"H:\\Steam\\SteamApps\\4davii\\counter-strike source\\hl2.exe"="H:\\Steam\\SteamApps\\4davii\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"H:\\Steam\\SteamApps\\4davii\\day of defeat source\\hl2.exe"="H:\\Steam\\SteamApps\\4davii\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"H:\\Games\\Steam\\SteamApps\\4davii\\counter-strike source\\hl2.exe"="H:\\Games\\Steam\\SteamApps\\4davii\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Documents and Settings\\Damien\\My Documents\\Starcraft\\StarCraft.exe"="C:\\Documents and Settings\\Damien\\My Documents\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Documents and Settings\\Damien\\My Documents\\StarCraft2CinematicTrailer_EnglishUS-avi-downloader.exe"="C:\\Documents and Settings\\Damien\\My Documents\\StarCraft2CinematicTrailer_EnglishUS-avi-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Documents and Settings\\Damien\\My Documents\\FreeStyle Street BBall\\FreeStyle.exe"="C:\\Documents and Settings\\Damien\\My Documents\\FreeStyle Street BBall\\FreeStyle.exe:*:Disabled:FreeStyle"
"C:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrA.exe"="C:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrB.exe"="C:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"I:\\Games\\Fear\\FEARMP.exe"="I:\\Games\\Fear\\FEARMP.exe:*:Enabled:FEAR Combat"
"I:\\Games\\FearX\\FEARXP2.exe"="I:\\Games\\FearX\\FEARXP2.exe:*:Enabled:FEARXP2"
"I:\\NOMADAPP\\Portable Programs\\W32\\Skype\\Phone\\skype.exe"="I:\\NOMADAPP\\Portable Programs\\W32\\Skype\\Phone\\skype.exe:*:Enabled:Skype"
"C:\\Program Files\\DAUM\\PotPlayer\\daumvsvr.exe"="C:\\Program Files\\DAUM\\PotPlayer\\daumvsvr.exe:*:Enabled:VideoPot"
"C:\\Program Files\\DAUM\\PotPlayer\\PotPlayer.exe"="C:\\Program Files\\DAUM\\PotPlayer\\PotPlayer.exe:*:Enabled:Daum ?????"
"H:\\NOMADAPP\\Portable Programs\\W32\\Skype\\Phone\\Skype.exe"="H:\\NOMADAPP\\Portable Programs\\W32\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"="C:\\Program Files\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\SYSTEM32\\HAL.DLL\\system32\\logonui.exe"="C:\\SYSTEM32\\HAL.DLL\\system32\\logonui.exe:*:Enabled:logonui"
"C:\\SYSTEM32\\HAL.DLL\\system32\\winlogon.exe"="C:\\SYSTEM32\\HAL.DLL\\system32\\winlogon.exe:*:Enabled:winlogon"
"C:\\SYSTEM32\\HAL.DLL\\system32\\spoolsv.exe"="C:\\SYSTEM32\\HAL.DLL\\system32\\spoolsv.exe:*:Enabled:spoolsv"
"C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe"="C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe:*:Enabled:ALUSchedulerSvc"
"C:\\SYSTEM32\\HAL.DLL\\explorer.exe"="C:\\SYSTEM32\\HAL.DLL\\explorer.exe:*:Enabled:Explorer"
"C:\\SYSTEM32\\HAL.DLL\\system32\\lsass.exe"="C:\\SYSTEM32\\HAL.DLL\\system32\\lsass.exe:*:Enabled:lsass"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
 
Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 30 Dec 2003 0 A..H. --- "C:\WINDOWS\WINDOWS\PAKU.exe.tmp"
Fri 11 Jun 2004 0 A..H. --- "C:\WINDOWS\WINDOWS\szcdul.exe.tmp"
Sun 29 Aug 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 4 Nov 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users.HAL.DLL\DRM\DRMv1.bak"
Fri 6 Mar 2009 2,713 ..SH. --- "C:\SYSTEM32\HAL.DLL\system32\felazako.exe"
Sun 8 Mar 2009 102,400 A.SH. --- "C:\SYSTEM32\HAL.DLL\system32\simonuha.dll"
Fri 11 Jan 2008 28,672 A..H. --- "C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP400\A0078140.dll"
Fri 11 Jan 2008 32,768 A..H. --- "C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP400\A0078143.dll"
Fri 16 Jan 2009 3,102,267 A..H. --- "C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP400\A0078145.exe"
Fri 11 Jan 2008 28,672 A..H. --- "C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP404\A0084482.dll"
Fri 11 Jan 2008 32,768 A..H. --- "C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP404\A0084485.dll"
Fri 16 Jan 2009 3,102,267 A..H. --- "C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP404\A0084487.exe"
Sat 23 Sep 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 1 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users.HAL.DLL\DRM\Cache\Indiv01.tmp"
Fri 12 Nov 2004 37,376 A..H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Sat 12 Jan 2008 22,528 ...H. --- "C:\Documents and Settings\Damien\Application Data\Microsoft\Word\~WRL0357.tmp"
Sat 12 Jan 2008 22,016 ...H. --- "C:\Documents and Settings\Damien\Application Data\Microsoft\Word\~WRL0893.tmp"
Sat 12 Jan 2008 22,528 ...H. --- "C:\Documents and Settings\Damien\Application Data\Microsoft\Word\~WRL1444.tmp"
Sat 12 Jan 2008 22,528 ...H. --- "C:\Documents and Settings\Damien\Application Data\Microsoft\Word\~WRL2587.tmp"
Sat 12 Jan 2008 22,528 ...H. --- "C:\Documents and Settings\Damien\Application Data\Microsoft\Word\~WRL2953.tmp"
Sat 12 Jan 2008 22,528 ...H. --- "C:\Documents and Settings\Damien\Application Data\Microsoft\Word\~WRL3606.tmp"
Sat 12 Jan 2008 22,528 ...H. --- "C:\Documents and Settings\Damien\Application Data\Microsoft\Word\~WRL3950.tmp"
Thu 21 Apr 2005 19,968 ...H. --- "C:\Documents and Settings\Grace\Application Data\Microsoft\Word\~WRL0059.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0003.tmp"
Wed 26 Nov 2008 19,456 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0005.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0008.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0014.tmp"
Wed 3 Dec 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0022.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0038.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0041.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0049.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0051.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0061.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0063.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0071.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0072.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0085.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0106.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0110.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0129.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0137.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0139.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0145.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0153.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0156.tmp"
Wed 3 Dec 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0163.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0165.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0185.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0217.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0225.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0253.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0258.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0263.tmp"
Wed 3 Dec 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0295.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0299.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0305.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0306.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0313.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0320.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0328.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0329.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0332.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0347.tmp"
Wed 3 Dec 2008 26,112 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0372.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0382.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0389.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0390.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0413.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0417.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0428.tmp"
Wed 3 Dec 2008 26,624 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0432.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0434.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0440.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0444.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0455.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0462.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0464.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0480.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0487.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0491.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0506.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0524.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0525.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0556.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0582.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0585.tmp"
Wed 3 Dec 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0587.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0593.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0635.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0653.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0656.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0658.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0663.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0668.tmp"
Wed 3 Dec 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0671.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0687.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0691.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0706.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0732.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0736.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0747.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0750.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0757.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0768.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0783.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0795.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0800.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0816.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0818.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0827.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0837.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0841.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0846.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0854.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0855.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0858.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0859.tmp"
Wed 3 Dec 2008 19,456 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0862.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0863.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0864.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0865.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0873.tmp"
Wed 3 Dec 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0876.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0887.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0896.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0920.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0922.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0930.tmp"
Wed 3 Dec 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0940.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0943.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0948.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0949.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0951.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0961.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1001.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1012.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1014.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1015.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1018.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1025.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1033.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1037.tmp"
Wed 3 Dec 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1046.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1048.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1064.tmp"
Wed 3 Dec 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1078.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1093.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1094.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1102.tmp"
Wed 3 Dec 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1103.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1120.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1130.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1132.tmp"
Wed 3 Dec 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1149.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1189.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1223.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1246.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1255.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1258.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1265.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1268.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1288.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1298.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1308.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1309.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1317.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1318.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1365.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1367.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1377.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1383.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1386.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1420.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1425.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1429.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1430.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1445.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1448.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1462.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1464.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1466.tmp"
Wed 3 Dec 2008 19,456 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1469.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1479.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1492.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1517.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1523.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1524.tmp"
Wed 3 Dec 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1530.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1534.tmp"
Wed 3 Dec 2008 19,456 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1550.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1575.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1590.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1596.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1597.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1604.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1612.tmp"
Wed 3 Dec 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1622.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1632.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1656.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1666.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1687.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1710.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1715.tmp"
Wed 3 Dec 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1725.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1726.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1731.tmp"
Wed 3 Dec 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1738.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1743.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1751.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1759.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1760.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1761.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1767.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1780.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1785.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1790.tmp"
Wed 3 Dec 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1792.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1801.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1808.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1836.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1842.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1844.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1858.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1865.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1866.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1908.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1916.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1923.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1926.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1937.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1945.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1948.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1950.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1951.tmp"
Wed 3 Dec 2008 26,112 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1953.tmp"
Wed 3 Dec 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1954.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1994.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1997.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2013.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2014.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2016.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2017.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2018.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2019.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2027.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2030.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2031.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2034.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2047.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2048.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2061.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2063.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2072.tmp"
Wed 3 Dec 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2075.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2101.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2107.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2116.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2125.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2128.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2132.tmp"
Wed 3 Dec 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2155.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2157.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2158.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2165.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2196.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2228.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2236.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2240.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2243.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2257.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2273.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2279.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2291.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2299.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2313.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2318.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2323.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2327.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2340.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2341.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2345.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2356.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2375.tmp"
Wed 3 Dec 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2381.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2403.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2415.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2424.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2432.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2435.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2440.tmp"
Wed 29 Oct 2008 19,456 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2450.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2454.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2461.tmp"
Wed 3 Dec 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2484.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2487.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2491.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2492.tmp"
Wed 3 Dec 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2497.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2498.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2512.tmp"
Wed 3 Dec 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2513.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2529.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2554.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2558.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2565.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2580.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2599.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2601.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2608.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2618.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2619.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2620.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2630.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2644.tmp"
Wed 3 Dec 2008 29,696 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2662.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2671.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2683.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2688.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2704.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2711.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2719.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2727.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2729.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2731.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2733.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2750.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2758.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2772.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2795.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2799.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2804.tmp"
Wed 3 Dec 2008 29,696 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2815.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2817.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2818.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2849.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2871.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2883.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2886.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2889.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2930.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2949.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2950.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2964.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2971.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2974.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2987.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2988.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2993.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2998.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3005.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3017.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3020.tmp"
Wed 3 Dec 2008 26,624 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3036.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3056.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3058.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3065.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3074.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3078.tmp"
Wed 3 Dec 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3085.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3087.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3099.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3102.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3104.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3107.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3108.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3111.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3117.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3118.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3128.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3155.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3156.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3168.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3176.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3179.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3185.tmp"
Wed 3 Dec 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3209.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3211.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3212.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3221.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3236.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3238.tmp"
Wed 3 Dec 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3244.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3254.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3255.tmp"
Wed 3 Dec 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3269.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3280.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3287.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3294.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3297.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3304.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3308.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3315.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3325.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3326.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3335.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3342.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3343.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3348.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3351.tmp"
Wed 3 Dec 2008 26,624 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3356.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3391.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3399.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3402.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3413.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3430.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3454.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3458.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3482.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3493.tmp"
Wed 3 Dec 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3494.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3496.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3517.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3518.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3519.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3521.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3540.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3544.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3551.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3555.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3558.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3575.tmp"
Wed 3 Dec 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3600.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3602.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3615.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3628.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3636.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3664.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3665.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3675.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3681.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3693.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3696.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3699.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3706.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3708.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3716.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3724.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3745.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3763.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3764.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3769.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3783.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3791.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3792.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3795.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3796.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3799.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3800.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3804.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3810.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3826.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3828.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3830.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3831.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3842.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3843.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3863.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3866.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3879.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3889.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3901.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3911.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3915.tmp"
Wed 3 Dec 2008 26,624 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3924.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3926.tmp"
Wed 3 Dec 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3950.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3962.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3965.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3988.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3998.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4006.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4009.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4017.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4041.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4044.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4056.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4061.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4066.tmp"
Wed 3 Dec 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4084.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4085.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4097.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4098.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4099.tmp"
Tue 2 Sep 2003 0 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!
 
ComboFix 09-03-19.02 - Damien 2009-03-21 1:48:40.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.2303.1830 [GMT -4:00]
Running from: c:\documents and settings\Damien\Desktop\ComboFix.exe
FW: Sygate Personal Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Damien\Local Settings\Tempals_inst.exe
c:\documents and settings\Grace\Local Settings\Temporary Internet Files\Tvm.log
c:\system32\HAL.DLL\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\system32\HAL.DLL\IE4 Error Log.txt
c:\system32\HAL.DLL\system32\abbawh.dll
c:\system32\HAL.DLL\system32\bbzohc.dll
c:\system32\HAL.DLL\system32\dujosiye.dll
c:\system32\HAL.DLL\system32\fatuzabe.dll
c:\system32\HAL.DLL\system32\gosofuwu.dll
c:\system32\HAL.DLL\system32\hszvum.dll
c:\system32\HAL.DLL\system32\kfgbaw.dll
c:\system32\HAL.DLL\system32\kifabibu.dll
c:\system32\HAL.DLL\system32\mutelupo.dll
c:\system32\HAL.DLL\system32\nawowami.dll
c:\system32\HAL.DLL\system32\neyiwafu.dll
c:\system32\HAL.DLL\system32\nukivupu.dll
c:\system32\HAL.DLL\system32\pokihuyi.dll
c:\system32\HAL.DLL\system32\qfefyx.dll
c:\system32\HAL.DLL\system32\tumazuba.dll
c:\system32\HAL.DLL\system32\uuubop.dll
c:\system32\HAL.DLL\system32\vimunama.dll
c:\system32\HAL.DLL\system32\vufosesa.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF


((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 )))))))))))))))))))))))))))))))
.

2009-03-20 20:19 . 2009-03-20 20:19 578,560 --a--c--- c:\system32\HAL.DLL\system32\dllcache\user32.dll
2009-03-20 20:08 . 2009-03-20 23:01 <DIR> d-------- C:\SDFix
2009-03-14 18:36 . 2009-03-14 18:35 410,984 --a------ c:\system32\HAL.DLL\system32\deploytk.dll
2009-03-14 18:36 . 2009-03-14 18:35 73,728 --a------ c:\system32\HAL.DLL\system32\javacpl.cpl
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> dr------- c:\system32\HAL.DLL\Web
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\twain_32
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\XPSViewer
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\Resource
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\MsDtc
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d---s---- c:\system32\HAL.DLL\system32\Microsoft
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\DRVSTORE
2009-03-13 02:30 . 2009-03-13 02:30 <DIR> d-------- c:\system32\HAL.DLL\Tasks(2)
2009-03-13 02:29 . 2009-03-13 13:33 <DIR> d---s---- c:\system32\HAL.DLL\system32\Microsoft(2)
2009-03-13 02:25 . 2009-03-13 02:25 <DIR> d-------- C:\_OTScanIt
2009-03-10 07:35 . 2009-03-10 07:35 <DIR> d-------- c:\system32\HAL.DLL\ERUNT
2009-03-09 22:22 . 2009-03-09 22:22 <DIR> d-------- C:\rsit
2009-03-09 13:41 . 2009-03-12 03:21 1,374 --a------ c:\system32\HAL.DLL\imsins.BAK
2009-03-09 13:33 . 2008-12-11 06:57 333,952 -----c--- c:\system32\HAL.DLL\system32\dllcache\srv.sys
2009-03-09 13:32 . 2008-08-14 06:11 2,189,184 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntoskrnl.exe
2009-03-09 13:32 . 2008-08-14 06:09 2,145,280 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntkrnlmp.exe
2009-03-09 13:32 . 2008-08-14 05:33 2,066,048 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntkrnlpa.exe
2009-03-09 13:32 . 2008-08-14 05:33 2,023,936 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntkrpamp.exe
2009-03-09 13:32 . 2008-09-15 08:12 1,846,400 -----c--- c:\system32\HAL.DLL\system32\dllcache\win32k.sys
2009-03-09 13:32 . 2008-09-04 13:15 1,106,944 -----c--- c:\system32\HAL.DLL\system32\dllcache\msxml3.dll
2009-03-09 13:32 . 2008-10-24 07:21 455,296 -----c--- c:\system32\HAL.DLL\system32\dllcache\mrxsmb.sys
2009-03-09 13:32 . 2008-10-15 12:34 337,408 -----c--- c:\system32\HAL.DLL\system32\dllcache\netapi32.dll
2009-03-09 13:31 . 2008-04-11 15:04 691,712 --a--c--- c:\system32\HAL.DLL\system32\dllcache\inetcomm.dll
2009-03-09 13:27 . 2008-10-16 14:07 23,576 --a------ c:\system32\HAL.DLL\system32\wuapi.dll.mui
2009-03-09 01:59 . 2009-03-09 02:20 1,835,082 ---hs---- c:\system32\HAL.DLL\system32\abuzamut.ini
2009-03-08 16:09 . 2009-03-08 16:09 <DIR> d-------- C:\VundoFix Backups
2009-03-08 13:58 . 2009-03-08 13:58 0 --a------ C:\-401084628
2009-03-08 01:59 . 2009-03-08 02:20 1,835,082 ---hs---- c:\system32\HAL.DLL\system32\ayufusel.ini
2009-03-07 18:42 . 2009-03-07 18:42 <DIR> d-------- c:\program files\ERUNT
2009-03-07 18:16 . 2009-03-17 23:19 <DIR> d-------- c:\program files\SpywareBlaster
2009-03-06 13:57 . 2009-03-06 13:57 2,713 ---hs---- c:\system32\HAL.DLL\system32\felazako.exe
2009-03-05 13:53 . 2009-03-09 19:40 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 13:53 . 2009-03-05 13:53 <DIR> d-------- c:\documents and settings\Damien\Application Data\Malwarebytes
2009-03-05 13:53 . 2009-03-05 13:53 <DIR> d-------- c:\documents and settings\All Users.HAL.DLL\Application Data\Malwarebytes
2009-03-05 13:53 . 2009-02-11 10:19 38,496 --a------ c:\system32\HAL.DLL\system32\drivers\mbamswissarmy.sys
2009-03-05 13:53 . 2009-02-11 10:19 15,504 --a------ c:\system32\HAL.DLL\system32\drivers\mbam.sys
2009-03-05 00:18 . 2009-03-17 23:18 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-05 00:18 . 2009-03-07 03:18 <DIR> d-------- c:\documents and settings\All Users.HAL.DLL\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 05:52 --------- d-----w c:\program files\SPAMfighter
2009-03-21 05:52 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet
2009-03-21 05:52 --------- d-----w c:\documents and settings\Damien\Application Data\WTablet
2009-03-19 02:39 --------- d---a-w c:\documents and settings\All Users.HAL.DLL\Application Data\TEMP
2009-03-14 22:34 --------- d-----w c:\program files\Java
2009-03-08 02:13 --------- d-----w c:\documents and settings\Damien\Application Data\dvdcss
2009-02-21 06:12 --------- d-----w c:\program files\Bonjour
2009-02-01 10:02 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-01 10:02 --------- d-----w c:\program files\Windows Live
2009-02-01 10:02 --------- d-----w c:\program files\Microsoft
2009-02-01 09:59 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-30 23:05 --------- d-----w c:\program files\MSECACHE
2009-01-30 22:50 --------- d-----w c:\program files\Common Files\Application
2007-12-31 03:06 22,328 -c--a-w c:\documents and settings\Damien\Application Data\PnkBstrK.sys
2007-08-24 04:45 9,228,440 -c--a-w c:\program files\sygate562808.exe
2005-04-07 19:54 85 -c--a-w c:\documents and settings\Damien\delsmltr.bat
2005-04-05 22:14 2,513,056 -c--a-w c:\program files\spywareblastersetup33.exe
2005-04-05 21:44 2,636,408 -c--a-w c:\program files\aawsepersonal.exe
2005-03-21 13:42 85 -c--a-w c:\documents and settings\Little Bear\delsmltr.bat
2008-12-19 01:15 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 01:15 54,368 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 01:15 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 01:15 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 01:15 172,136 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-21 20:28 32,768 -csha-w c:\system32\HAL.DLL\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082120080822\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 2.6"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2003-07-16 913408]
"igndlm.exe"="c:\program files\IGN\Download Manager\dlm.exe" [2008-08-01 1103216]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\system32\HAL.DLL\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\system32\HAL.DLL\UpdReg.EXE" [2000-05-11 90112]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"WinampAgent"="c:\progra~1\winamp\winampa.exe" [2008-01-15 37376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-01-28 325768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]

c:\documents and settings\Damien\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users.HAL.DLL\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-07-16 114688]
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2006-07-15 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\system32\HAL.DLL\system32\ctmp3.acm
"msacm.divxa32"= msaud32_divx.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Damien\\My Documents\\HydraIRC\\HydraIRC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Games\\Steam\\SteamApps\\4davii\\counter-strike source\\hl2.exe"=
"c:\\Documents and Settings\\Damien\\My Documents\\Starcraft\\StarCraft.exe"=
"c:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrA.exe"=
"c:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrB.exe"=
"h:\\NOMADAPP\\Portable Programs\\W32\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\SYSTEM32\\HAL.DLL\\system32\\spoolsv.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-28 184968]
R2 TabletServicePen;TabletServicePen;c:\system32\HAL.DLL\system32\Pen_Tablet.exe [2007-12-19 1373480]
S3 NPF;NetGroup Packet Filter Driver;c:\system32\HAL.DLL\system32\drivers\npf.sys [2007-11-06 34064]
S3 npkycryp;npkycryp;\??\i:\games\RO\npkycryp.sys --> i:\games\RO\npkycryp.sys [?]
S3 serb1;serb1;\??\c:\documents and settings\Damien\Desktop\MS\SerbioEngine\serbio.sys --> c:\documents and settings\Damien\Desktop\MS\SerbioEngine\serbio.sys [?]
S3 XDva020;XDva020;\??\c:\system32\HAL.DLL\system32\XDva020.sys --> c:\system32\HAL.DLL\system32\XDva020.sys [?]
S3 XDva090;XDva090;\??\c:\system32\HAL.DLL\system32\XDva090.sys --> c:\system32\HAL.DLL\system32\XDva090.sys [?]
S3 XDva190;XDva190;\??\c:\system32\HAL.DLL\system32\XDva190.sys --> c:\system32\HAL.DLL\system32\XDva190.sys [?]
S3 XDva234;XDva234;\??\c:\system32\HAL.DLL\system32\XDva234.sys --> c:\system32\HAL.DLL\system32\XDva234.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\ONSPCLCK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\ONSPCLCK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e8acf68-fd02-11dc-835a-001225f5bd63}]
\Shell\AutoRun\command - I:\ONSPCLCK.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{f11e4ae0-fa5c-4387-8e12-f2a5ea40af58} - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
Handler: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - c:\program files\TAXWIZ 2005\TW2005\ic2005pp.dll
DPF: DirectAnimation Java Classes - file://c:\system32\HAL.DLL\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\system32\HAL.DLL\Java\classes\xmldso.cab
DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab
DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} - hxxp://www.netmarble.jp/_common/cab/NMJTransX.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://ge.clubhanbit.jp/launcher/GELauncher.cab
DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} - hxxp://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
FF - ProfilePath - c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\tfover0z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ocad.ca/home.htm
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 01:53:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\OLE\J0c0q0D0n0虐€4*8*]
"Order"=hex:08,00,00,00,02,00,00,00,96,01,00,00,01,00,00,00,03,00,00,00,74,00,
00,00,00,00,00,00,66,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,54,00,32,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="A6AD13F8A5DCC26F98683400B69FE63ED6F8405D8A1698CDBAB673F6A1A74C97AC61B4C19DF3310C856D8D60654BA1120735AB0FE807BF62D56E7E5FE2A2072310F1D645363105E4F2D3A1F3591D11E0064EAE8953B59D9164F7830DBE9217168CD0C5BA6B4651634211AF9B8757874F01DB16FB5498E560FDB3829D7A4631EFC041534B5DF36C26BCEE79B105531B3986CE388B9EBE91039BD480A3011ECE65AE5E57184C136FFD0C0CC6808FFD29AD8DE86BD285495BE8996207A36012AC5F3C1328B4228E3970C1D9E0C8865550EC6C408A5D836DC4AE3B39A11AC82CCC7A3421A62566656B37CE1D973FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452C038D530D6EB3452A2D97226D213B5554F6EBEBADED40E0E6034C7CF6A55B3870D469CB474D1000C3561F023DE95E06724964286395FB42CA302C2B5ACBBBD4CAEC5DDF26932AA88245F44C22CB52B299844870FCCF1190FA9D3CC1DE4622A8E6F9807D17D3EBC99F1D94B44D9A9AABEB5782B263E462EF655209FF4DD855D3B2DCC13FD45562DFA1514E234621986512B4A07D612686F14ADF3BBE347374431E680C0D9B8B3F75725E02BD0A9FEEAF7C9E43F5DB43BDA905DEC6143B45F4DC4406914FCB5DF1B51DFAA870E732D8BC208853728F2F07105333F96201DB3E9BE814ED232F9BA9CFC27EE211469C49932FE7F975E7E15B702A2B1263D5C459059168D0AF6ABF483E27DBEE2BD1ABF50BD6D374F56EF81398943209D0FB2F3BC478E9586FDD218DA028CBFFC1A75E86B4EB4A80F9EC0E703134DF850404177ED2A1E6C5DAEDCFCB2C9A1A9656D525F2A42DAE2CAF64F4E260AA1BF542C12D7259B1D29E5A218D21E202F4BD2AF6819536B89843DD2DD8CB84D448C02668D736AA607F639A83B9CB55C4785418B565B2F900FC7E15B92CF532F590AF9B4067BC6CB7C98B7C35D31154DA44E71611DC389EADD757BED78981677AD771C0EAC77CAFEC1E0052A7ABADA33242EE7C3A241B3A88AEA0F1A7D3B216130A88FA29ABF88A8BC3908C5F3382C444541EB7A309781EC4F1B64A5F460199AF104BE52CA0295A3FB9CEA360EFCAE28AEBA0A01F15F4CCB8B0D09079307A9482C05D7341CC08CC1AC9B9E4DF03010FB285F12877A0370D040DA4F6CF4FC7F7FB83BCC90D1D10F4525D95591294BFDD11F8819F0BFC24F799132CB371868CBCB964A536593DE3B675C12853DA69E2EADA423F5D419334D384CD4D6785DC2442C686966636D64BBD3EC0E6ABF3ECAD688EC31C57FC6BB52F1DC1A8EFB8DD7A415F4624371CDB539AA19AE843BA848344FD046696FE697CA82D3EB543E51C8276BA795EC2888F7E1FE4369960781610664CD0D035802D62936E9C84CEC"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\system32\HAL.DLL\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\system32\HAL.DLL\system32\ati2evxx.exe
c:\system32\HAL.DLL\system32\ati2evxx.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\system32\HAL.DLL\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\system32\HAL.DLL\system32\PnkBstrA.exe
c:\system32\HAL.DLL\system32\MsPMSPSv.exe
c:\system32\HAL.DLL\system32\WTablet\Pen_TabletUser.exe
c:\system32\HAL.DLL\system32\conime.exe
c:\system32\HAL.DLL\system32\wscntfy.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\system32\HAL.DLL\system32\msiexec.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-03-21 2:02:13 - machine was rebooted [Damien]
ComboFix-quarantined-files.txt 2009-03-21 06:02:10

Pre-Run: 38,001,938,432 bytes free
Post-Run: 38,004,625,408 bytes free

275 --- E O F --- 2007-11-30 04:41:51


~~~~~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:34 AM, on 21/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\SYSTEM32\HAL.DLL\System32\smss.exe
C:\SYSTEM32\HAL.DLL\system32\winlogon.exe
C:\SYSTEM32\HAL.DLL\system32\services.exe
C:\SYSTEM32\HAL.DLL\system32\lsass.exe
C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
C:\SYSTEM32\HAL.DLL\system32\MsPMSPSv.exe
C:\SYSTEM32\HAL.DLL\system32\WTablet\Pen_TabletUser.exe
C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
C:\SYSTEM32\HAL.DLL\system32\conime.exe
C:\SYSTEM32\HAL.DLL\system32\wscntfy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\progra~1\winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\SYSTEM32\HAL.DLL\explorer.exe
C:\Documents and Settings\Damien\Desktop\Damien.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\SYSTEM32\HAL.DLL\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [WinampAgent] c:\progra~1\winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236619636953
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://ge.clubhanbit.jp/launcher/GELauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} (NeffyManSpLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - C:\Program Files\TAXWIZ 2005\TW2005\ic2005pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe

--
End of file - 12245 bytes
 
Hi 4daVii

1 - Run CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\system32\HAL.DLL\system32\abuzamut.ini
C:\-401084628
c:\system32\HAL.DLL\system32\ayufusel.ini
c:\system32\HAL.DLL\system32\felazako.exe
C:\SYSTEM32\HAL.DLL\system32\simonuha.dll
Click to expand...

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

2 - Run Malwarebytes' Anti-Malware

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Perform full scan, then click on Scan.
  • Leave the default options as it is and click on Start Scan.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Checked (ticked) all items except items in the System Volume Information folder and click on Remove Selected.

    mbam1.png

  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. the Malwarebytes' Anti-Malware Log
3. a fresh HijackThis log

Thanks peku006
 
Sorry, about the confusion, I didn't read the entire step when you posted Run CFScript, I thought it was a program at first. :red:

ComboFix 09-03-22.01 - Damien 2009-03-23 12:06:14.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.2303.1830 [GMT -4:00]
Running from: c:\documents and settings\Damien\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Damien\Desktop\CFScript.txt
FW: Sygate Personal Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.

2009-03-20 20:19 . 2009-03-20 20:19 578,560 --a--c--- c:\system32\HAL.DLL\system32\dllcache\user32.dll
2009-03-20 20:08 . 2009-03-20 23:01 <DIR> d-------- C:\SDFix
2009-03-14 18:36 . 2009-03-14 18:35 410,984 --a------ c:\system32\HAL.DLL\system32\deploytk.dll
2009-03-14 18:36 . 2009-03-14 18:35 73,728 --a------ c:\system32\HAL.DLL\system32\javacpl.cpl
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> dr------- c:\system32\HAL.DLL\Web
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\twain_32
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\XPSViewer
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\Resource
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\MsDtc
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d---s---- c:\system32\HAL.DLL\system32\Microsoft
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\DRVSTORE
2009-03-13 02:30 . 2009-03-13 02:30 <DIR> d-------- c:\system32\HAL.DLL\Tasks(2)
2009-03-13 02:29 . 2009-03-13 13:33 <DIR> d---s---- c:\system32\HAL.DLL\system32\Microsoft(2)
2009-03-13 02:25 . 2009-03-13 02:25 <DIR> d-------- C:\_OTScanIt
2009-03-11 07:49 . 2009-01-09 15:19 1,089,593 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntprint.cat
2009-03-10 07:35 . 2009-03-10 07:35 <DIR> d-------- c:\system32\HAL.DLL\ERUNT
2009-03-09 22:22 . 2009-03-09 22:22 <DIR> d-------- C:\rsit
2009-03-09 13:41 . 2009-03-21 17:04 1,374 --a------ c:\system32\HAL.DLL\imsins.BAK
2009-03-09 13:33 . 2008-12-11 06:57 333,952 -----c--- c:\system32\HAL.DLL\system32\dllcache\srv.sys
2009-03-09 13:32 . 2008-08-14 06:11 2,189,184 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntoskrnl.exe
2009-03-09 13:32 . 2008-08-14 06:09 2,145,280 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntkrnlmp.exe
2009-03-09 13:32 . 2008-08-14 05:33 2,066,048 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntkrnlpa.exe
2009-03-09 13:32 . 2008-08-14 05:33 2,023,936 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntkrpamp.exe
2009-03-09 13:32 . 2009-02-09 07:13 1,846,784 -----c--- c:\system32\HAL.DLL\system32\dllcache\win32k.sys
2009-03-09 13:32 . 2008-09-04 13:15 1,106,944 -----c--- c:\system32\HAL.DLL\system32\dllcache\msxml3.dll
2009-03-09 13:32 . 2008-10-24 07:21 455,296 -----c--- c:\system32\HAL.DLL\system32\dllcache\mrxsmb.sys
2009-03-09 13:32 . 2008-10-15 12:34 337,408 -----c--- c:\system32\HAL.DLL\system32\dllcache\netapi32.dll
2009-03-09 13:31 . 2008-04-11 15:04 691,712 --a--c--- c:\system32\HAL.DLL\system32\dllcache\inetcomm.dll
2009-03-09 13:27 . 2008-10-16 14:07 23,576 --a------ c:\system32\HAL.DLL\system32\wuapi.dll.mui
2009-03-09 01:59 . 2009-03-09 02:20 1,835,082 ---hs---- c:\system32\HAL.DLL\system32\abuzamut.ini
2009-03-08 16:09 . 2009-03-08 16:09 <DIR> d-------- C:\VundoFix Backups
2009-03-08 13:58 . 2009-03-08 13:58 0 --a------ C:\-401084628
2009-03-08 01:59 . 2009-03-08 02:20 1,835,082 ---hs---- c:\system32\HAL.DLL\system32\ayufusel.ini
2009-03-07 18:42 . 2009-03-07 18:42 <DIR> d-------- c:\program files\ERUNT
2009-03-07 18:16 . 2009-03-17 23:19 <DIR> d-------- c:\program files\SpywareBlaster
2009-03-06 13:57 . 2009-03-06 13:57 2,713 ---hs---- c:\system32\HAL.DLL\system32\felazako.exe
2009-03-05 13:53 . 2009-03-09 19:40 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 13:53 . 2009-03-05 13:53 <DIR> d-------- c:\documents and settings\Damien\Application Data\Malwarebytes
2009-03-05 13:53 . 2009-03-05 13:53 <DIR> d-------- c:\documents and settings\All Users.HAL.DLL\Application Data\Malwarebytes
2009-03-05 13:53 . 2009-02-11 10:19 38,496 --a------ c:\system32\HAL.DLL\system32\drivers\mbamswissarmy.sys
2009-03-05 13:53 . 2009-02-11 10:19 15,504 --a------ c:\system32\HAL.DLL\system32\drivers\mbam.sys
2009-03-05 00:18 . 2009-03-17 23:18 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-05 00:18 . 2009-03-07 03:18 <DIR> d-------- c:\documents and settings\All Users.HAL.DLL\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 12:44 --------- d-----w c:\program files\SPAMfighter
2009-03-21 21:12 --------- d---a-w c:\documents and settings\All Users.HAL.DLL\Application Data\TEMP
2009-03-21 21:09 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet
2009-03-21 21:09 --------- d-----w c:\documents and settings\Damien\Application Data\WTablet
2009-03-21 07:30 --------- d-----w c:\documents and settings\Damien\Application Data\dvdcss
2009-03-21 06:14 --------- d-----w c:\program files\Winamp
2009-03-21 06:12 --------- d-----w c:\documents and settings\Damien\Application Data\Winamp
2009-03-14 22:34 --------- d-----w c:\program files\Java
2009-03-08 17:58 14,336 ----a-w c:\system32\HAL.DLL\system32\svchost.exe
2009-03-08 17:58 102,400 --sha-w c:\system32\HAL.DLL\system32\simonuha.dll
2009-02-21 06:12 --------- d-----w c:\program files\Bonjour
2009-02-11 02:43 98,304 -c--a-w c:\system32\HAL.DLL\system32\CmdLineExt.dll
2009-02-09 11:13 1,846,784 ----a-w c:\system32\HAL.DLL\system32\win32k.sys
2009-02-06 23:52 49,504 ----a-w c:\system32\HAL.DLL\system32\sirenacm.dll
2009-02-01 10:02 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-01 10:02 --------- d-----w c:\program files\Windows Live
2009-02-01 10:02 --------- d-----w c:\program files\Microsoft
2009-02-01 09:59 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-30 23:05 --------- d-----w c:\program files\MSECACHE
2009-01-30 22:50 --------- d-----w c:\program files\Common Files\Application
2007-12-31 03:06 22,328 -c--a-w c:\documents and settings\Damien\Application Data\PnkBstrK.sys
2007-08-24 04:45 9,228,440 -c--a-w c:\program files\sygate562808.exe
2005-04-07 19:54 85 -c--a-w c:\documents and settings\Damien\delsmltr.bat
2005-04-05 22:14 2,513,056 -c--a-w c:\program files\spywareblastersetup33.exe
2005-04-05 21:44 2,636,408 -c--a-w c:\program files\aawsepersonal.exe
2005-03-21 13:42 85 -c--a-w c:\documents and settings\Little Bear\delsmltr.bat
2008-12-19 01:15 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 01:15 54,368 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 01:15 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 01:15 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 01:15 172,136 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-21 20:28 32,768 -csha-w c:\system32\HAL.DLL\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082120080822\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-21_ 2.00.39.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 11:08:53 1,847,552 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:38:24 17,272 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:58:08 144,896 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-07-09 07:38:25 231,288 -c----w c:\system32\HAL.DLL\$NtUninstallKB958690$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\system32\HAL.DLL\$NtUninstallKB958690$\spuninst\updspapi.dll
+ 2008-09-15 12:12:56 1,846,400 -c----w c:\system32\HAL.DLL\$NtUninstallKB958690$\win32k.sys
+ 2007-07-27 13:41:48 231,288 -c----w c:\system32\HAL.DLL\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe
+ 2007-07-27 13:41:48 382,840 -c----w c:\system32\HAL.DLL\$NtUninstallKB959772_WM11$\spuninst\updspapi.dll
+ 2007-06-12 03:51:12 10,834,944 -c----w c:\system32\HAL.DLL\$NtUninstallKB959772_WM11$\wmp.dll
+ 2008-04-14 00:12:05 144,384 -c----w c:\system32\HAL.DLL\$NtUninstallKB960225$\schannel.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\system32\HAL.DLL\$NtUninstallKB960225$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\system32\HAL.DLL\$NtUninstallKB960225$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\system32\HAL.DLL\$NtUninstallKB961118$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\system32\HAL.DLL\$NtUninstallKB961118$\spuninst\updspapi.dll
+ 2008-12-05 06:54:55 144,896 -c----w c:\system32\HAL.DLL\system32\dllcache\schannel.dll
- 2009-03-19 02:33:22 1,641,208 ----a-w c:\system32\HAL.DLL\system32\FNTCACHE.DAT
+ 2009-03-21 21:09:27 1,641,208 ----a-w c:\system32\HAL.DLL\system32\FNTCACHE.DAT
- 2009-02-12 00:56:18 21,244,872 ----a-w c:\system32\HAL.DLL\system32\MRT.exe
+ 2009-02-25 20:54:59 24,768,960 ----a-w c:\system32\HAL.DLL\system32\MRT.exe
- 2007-07-30 23:19:04 207,736 ----a-w c:\system32\HAL.DLL\system32\muweb.dll
+ 2008-10-16 18:07:48 208,744 ----a-w c:\system32\HAL.DLL\system32\muweb.dll
- 2008-04-14 00:12:05 144,384 ----a-w c:\system32\HAL.DLL\system32\schannel.dll
+ 2008-12-05 06:54:55 144,896 ----a-w c:\system32\HAL.DLL\system32\schannel.dll
- 2008-07-09 07:38:24 17,272 ----a-w c:\system32\HAL.DLL\system32\spmsg.dll
+ 2007-07-27 13:41:40 16,760 ------w c:\system32\HAL.DLL\system32\spmsg.dll
- 2007-11-30 11:18:51 26,488 ----a-w c:\system32\HAL.DLL\system32\spupdsvc.exe
+ 2007-07-27 13:41:38 26,488 ----a-w c:\system32\HAL.DLL\system32\spupdsvc.exe
- 2007-06-12 03:51:12 10,834,944 ------w c:\system32\HAL.DLL\system32\wmp.dll
+ 2008-11-11 22:34:42 10,838,016 ------w c:\system32\HAL.DLL\system32\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 2.6"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2003-07-16 913408]
"igndlm.exe"="c:\program files\IGN\Download Manager\dlm.exe" [2008-08-01 1103216]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\system32\HAL.DLL\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\system32\HAL.DLL\UpdReg.EXE" [2000-05-11 90112]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-01-28 325768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]

c:\documents and settings\Damien\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users.HAL.DLL\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-07-16 114688]
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2006-07-15 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\system32\HAL.DLL\system32\ctmp3.acm
"msacm.divxa32"= msaud32_divx.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Damien\\My Documents\\HydraIRC\\HydraIRC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Games\\Steam\\SteamApps\\4davii\\counter-strike source\\hl2.exe"=
"c:\\Documents and Settings\\Damien\\My Documents\\Starcraft\\StarCraft.exe"=
"c:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrA.exe"=
"c:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrB.exe"=
"h:\\NOMADAPP\\Portable Programs\\W32\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\SYSTEM32\\HAL.DLL\\system32\\spoolsv.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-28 184968]
R3 XDva190;XDva190;\??\c:\system32\HAL.DLL\system32\XDva190.sys --> c:\system32\HAL.DLL\system32\XDva190.sys [?]
S2 TabletServicePen;TabletServicePen;c:\system32\HAL.DLL\system32\Pen_Tablet.exe [2007-12-19 1373480]
S3 NPF;NetGroup Packet Filter Driver;c:\system32\HAL.DLL\system32\drivers\npf.sys [2007-11-06 34064]
S3 npkycryp;npkycryp;\??\i:\games\RO\npkycryp.sys --> i:\games\RO\npkycryp.sys [?]
S3 serb1;serb1;\??\c:\documents and settings\Damien\Desktop\MS\SerbioEngine\serbio.sys --> c:\documents and settings\Damien\Desktop\MS\SerbioEngine\serbio.sys [?]
S3 XDva020;XDva020;\??\c:\system32\HAL.DLL\system32\XDva020.sys --> c:\system32\HAL.DLL\system32\XDva020.sys [?]
S3 XDva090;XDva090;\??\c:\system32\HAL.DLL\system32\XDva090.sys --> c:\system32\HAL.DLL\system32\XDva090.sys [?]
S3 XDva234;XDva234;\??\c:\system32\HAL.DLL\system32\XDva234.sys --> c:\system32\HAL.DLL\system32\XDva234.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\ONSPCLCK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\ONSPCLCK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e8acf68-fd02-11dc-835a-001225f5bd63}]
\Shell\AutoRun\command - I:\ONSPCLCK.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
Handler: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - c:\program files\TAXWIZ 2005\TW2005\ic2005pp.dll
DPF: DirectAnimation Java Classes - file://c:\system32\HAL.DLL\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\system32\HAL.DLL\Java\classes\xmldso.cab
DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab
DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} - hxxp://www.netmarble.jp/_common/cab/NMJTransX.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://ge.clubhanbit.jp/launcher/GELauncher.cab
DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} - hxxp://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
FF - ProfilePath - c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\tfover0z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ocad.ca/home.htm
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 12:13:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\OLE\J0c0q0D0n0虐€4*8*]
"Order"=hex:08,00,00,00,02,00,00,00,96,01,00,00,01,00,00,00,03,00,00,00,74,00,
00,00,00,00,00,00,66,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,54,00,32,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="A6AD13F8A5DCC26F98683400B69FE63ED6F8405D8A1698CDBAB673F6A1A74C97AC61B4C19DF3310C856D8D60654BA1120735AB0FE807BF62D56E7E5FE2A2072310F1D645363105E4F2D3A1F3591D11E0064EAE8953B59D9164F7830DBE9217168CD0C5BA6B4651634211AF9B8757874F01DB16FB5498E560FDB3829D7A4631EFC041534B5DF36C26BCEE79B105531B3986CE388B9EBE91039BD480A3011ECE65AE5E57184C136FFD0C0CC6808FFD29AD8DE86BD285495BE8996207A36012AC5F3C1328B4228E3970C1D9E0C8865550EC6C408A5D836DC4AE3B39A11AC82CCC7A3421A62566656B37CE1D973FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452C038D530D6EB3452A2D97226D213B5554F6EBEBADED40E0E6034C7CF6A55B3870D469CB474D1000C3561F023DE95E06724964286395FB42CA302C2B5ACBBBD4CAEC5DDF26932AA88245F44C22CB52B299844870FCCF1190FA9D3CC1DE4622A8E6F9807D17D3EBC99F1D94B44D9A9AABEB5782B263E462EF655209FF4DD855D3B2DCC13FD45562DFA1514E234621986512B4A07D612686F14ADF3BBE347374431E680C0D9B8B3F75725E02BD0A9FEEAF7C9E43F5DB43BDA905DEC6143B45F4DC4406914FCB5DF1B51DFAA870E732D8BC208853728F2F07105333F96201DB3E9BE814ED232F9BA9CFC27EE211469C49932FE7F975E7E15B702A2B1263D5C459059168D0AF6ABF483E27DBEE2BD1ABF50BD6D374F56EF81398943209D0FB2F3BC478E9586FDD218DA028CBFFC1A75E86B4EB4A80F9EC0E703134DF850404177ED2A1E6C5DAEDCFCB2C9A1A9656D525F2A42DAE2CAF64F4E260AA1BF542C12D7259B1D29E5A218D21E202F4BD2AF6819536B89843DD2DD8CB84D448C02668D736AA607F639A83B9CB55C4785418B565B2F900FC7E15B92CF532F590AF9B4067BC6CB7C98B7C35D31154DA44E71611DC389EADD757BED78981677AD771C0EAC77CAFEC1E0052A7ABADA33242EE7C3A241B3A88AEA0F1A7D3B216130A88FA29ABF88A8BC3908C5F3382C444541EB7A309781EC4F1B64A5F460199AF104BE52CA0295A3FB9CEA360EFCAE28AEBA0A01F15F4CCB8B0D09079307A9482C05D7341CC08CC1AC9B9E4DF03010FB285F12877A0370D040DA4F6CF4FC7F7FB83BCC90D1D10F4525D95591294BFDD11F8819F0BFC24F799132CB371868CBCB964A536593DE3B675C12853DA69E2EADA423F5D419334D384CD4D6785DC2442C686966636D64BBD3EC0E6ABF3ECAD688EC31C57FC6BB52F1DC1A8EFB8DD7A415F4624371CDB539AA19AE843BA848344FD046696FE697CA82D3EB543E51C8276BA795EC2888F7E1FE4369960781610664CD0D035802D62936E9C84CEC"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\system32\HAL.DLL\system32\Ati2evxx.dll
.
Completion time: 2009-03-23 12:17:41
ComboFix-quarantined-files.txt 2009-03-23 16:16:59
ComboFix2.txt 2009-03-21 06:02:16

Pre-Run: 44,157,259,776 bytes free
Post-Run: 44,153,257,984 bytes free

272 --- E O F --- 2007-11-30 04:41:51

-----------------------------------------------------

Malwarebytes' Anti-Malware 1.34
Database version: 1890
Windows 5.1.2600 Service Pack 3

23/03/2009 10:39:07 PM
mbam-log-2009-03-23 (22-39-07).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|G:\|H:\|X:\|Y:\|Z:\|)
Objects scanned: 298566
Time elapsed: 2 hour(s), 32 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:59 PM, on 23/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\SYSTEM32\HAL.DLL\System32\smss.exe
C:\SYSTEM32\HAL.DLL\system32\winlogon.exe
C:\SYSTEM32\HAL.DLL\system32\services.exe
C:\SYSTEM32\HAL.DLL\system32\lsass.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\MsPMSPSv.exe
C:\SYSTEM32\HAL.DLL\system32\wscntfy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\SYSTEM32\HAL.DLL\system32\conime.exe
C:\SYSTEM32\HAL.DLL\explorer.exe
C:\SYSTEM32\HAL.DLL\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\SYSTEM32\HAL.DLL\system32\NOTEPAD.EXE
C:\Documents and Settings\Damien\Desktop\Damien.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\SYSTEM32\HAL.DLL\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236619636953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237669362437
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://ge.clubhanbit.jp/launcher/GELauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} (NeffyManSpLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - C:\Program Files\TAXWIZ 2005\TW2005\ic2005pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe

--
End of file - 11721 bytes
 
Hi
Sorry, about the confusion, I didn't read the entire step when you posted Run CFScript, I thought it was a program at first.
Click to expand...
seems to be problems with the CFScript, we can use another tool

Download and Run OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe.
  • Copy the lines in the codebox below.
Code: 
:files
c:\system32\HAL.DLL\system32\abuzamut.ini
C:\-401084628
c:\system32\HAL.DLL\system32\ayufusel.ini
c:\system32\HAL.DLL\system32\felazako.exe
C:\SYSTEM32\HAL.DLL\system32\simonuha.dll
  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

Please reply with

the OTMoveIt3 log

Thanks peku006
 
========== FILES ==========
c:\system32\HAL.DLL\system32\abuzamut.ini moved successfully.
C:\-401084628 moved successfully.
c:\system32\HAL.DLL\system32\ayufusel.ini moved successfully.
c:\system32\HAL.DLL\system32\felazako.exe moved successfully.
DllUnregisterServer procedure not found in C:\SYSTEM32\HAL.DLL\system32\simonuha.dll
C:\SYSTEM32\HAL.DLL\system32\simonuha.dll NOT unregistered.
C:\SYSTEM32\HAL.DLL\system32\simonuha.dll moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03242009_074038
 
Hi 4daVii

Looking good
We will run one online scan to be sure that there is nothing left.

1 - F-Secure Online Scan

  1. Please go to F-Secure website to perform an online scan. Click on Start scanning at the bottom of the page.
  2. You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
  3. Click on Accept to accept the License Agreement.
  4. Click on Custom Scan.
    • Under Virus Scan Options, select the Scan whole system option.
    • Under Other Scan Options, select these options:
      • Scan all files
      • Scan whole system for rootkits
      • Scan whole system for spyware
      • Scan inside archives
      • Use advanced heuristics
  5. Click Start.
  6. It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
  7. Click on I want decide item by item.
  8. Under Actions, select None for all infections found.
  9. Click Next.
  10. Click on Show Report.
  11. Please copy and paste this report in your next reply.
  12. Click Finish.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the F-Secure online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?

Thanks peku006
 
Hi peku006,

I'm having trouble with the F-Secure Online Scanner, I followed the directions and let it run, however around 3-4 hours later, I receive the notice "An error has occured! Please close the scanner and your browser, then try again. (Id: 12)." I have tried twice already with the same error message appearing.

I'm pretty sure my computer has the requirements necessary to run this scan.
Using Pentium IV 2.40GHz, 2.25 GB of RAM, Windows XP Home Edition Version 2002 SP3, Internet Explorer 7.0.5730.11.

Any advice on how to successfully finish the scan?
 
Hi Spawn
Let`s run Kaspersky again........

1 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the Kaspersky online scanner report
2. a fresh HijackThis log

Thanks peku006
 
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 27, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, March 27, 2009 04:59:01
Records in database: 1975196
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
X:\
Y:\
Z:\

Scan statistics:
Files scanned: 190331
Threat name: 5
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 16:47:13


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\SYSTEM32\HAL.DLL\system32\vufosesa.dll.vir Infected: Trojan.Win32.Agent2.erm 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP386\A0075405.dll Infected: Trojan.Win32.Agent2.erm 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP386\A0075411.dll Infected: Trojan.Win32.Agent2.erm 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP389\A0075577.exe Infected: Trojan.Win32.Inject.pum 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP391\A0075704.dll Infected: Trojan.Win32.Agent2.erm 1
C:\WINDOWS\SYSTEM32\iocea.dll Infected: Trojan-Spy.Win32.Briss.s 1
C:\WINDOWS\SYSTEM32\touuuin.dll Infected: not-a-virus:AdWare.Win32.AdultIt.a 1
H:\MiSc\BSINSTALL.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1

The selected area was scanned.

~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:49 PM, on 27/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\SYSTEM32\HAL.DLL\System32\smss.exe
C:\SYSTEM32\HAL.DLL\system32\winlogon.exe
C:\SYSTEM32\HAL.DLL\system32\services.exe
C:\SYSTEM32\HAL.DLL\system32\lsass.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\MsPMSPSv.exe
C:\SYSTEM32\HAL.DLL\system32\wscntfy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\SYSTEM32\HAL.DLL\system32\conime.exe
C:\SYSTEM32\HAL.DLL\explorer.exe
C:\SYSTEM32\HAL.DLL\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Damien\Local Settings\temp\jkos-Damien\binaries\ScanningProcess.exe
C:\Documents and Settings\Damien\Desktop\Damien.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\SYSTEM32\HAL.DLL\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236619636953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237669362437
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://ge.clubhanbit.jp/launcher/GELauncher.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} (NeffyManSpLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - C:\Program Files\TAXWIZ 2005\TW2005\ic2005pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe

--
End of file - 11898 bytes
 
Hi 4daVii

1 - Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

2 - Run OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe.
  • Copy the lines in the codebox below.
Code: 
:files
C:\WINDOWS\SYSTEM32\iocea.dll 
C:\WINDOWS\SYSTEM32\touuuin.dll
  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with


1. the OTMoveIt3 log
2. a fresh HijackThis log
How's the computer running now?

Thanks peku006
 
You must log in or register to reply here.
Back
Top