Jump to content

robunicu

Members
  • Content Count

    57
  • Joined

  • Last visited

About robunicu

  • Rank
    Member
  1. hey man, the computer ran fine for about an hour but now its back to using 100% of its resources. Anything i can do?
  2. new HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:37:58 PM, on 11/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\svchost..exe C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\svchost..exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Beast\Desktop\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\system32\svchost..exe O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7164 bytes thank you very much Jintan, u have not idea how much help you being rite now.
  3. combofix report ComboFix 07-11-19.3 - Beast 2007-11-23 18:33:55.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.527 [GMT -8:00] Running from: C:\Documents and Settings\Beast\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))) . 2007-11-23 14:14 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-10 09:35 <DIR> d-------- C:\Documents and Settings\Beast\Application Data\acccore 2007-11-10 09:33 <DIR> d-------- C:\Program Files\Viewpoint 2007-11-10 09:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint 2007-11-10 09:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP 2007-11-10 09:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL 2007-11-10 09:30 <DIR> d-------- C:\Program Files\Common Files\AOL 2007-11-10 09:29 <DIR> d-------- C:\Program Files\AIM6 2007-11-10 09:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AntiVir PersonalEdition Classic 2007-11-07 10:08 <DIR> d---s---- C:\Documents and Settings\Guest\UserData 2007-10-27 20:59 <DIR> d-------- C:\Program Files\Avira 2007-10-27 20:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira 2007-10-27 20:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2007-10-25 21:48 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-10-25 21:48 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-10-25 21:48 13,668 --a------ C:\WINDOWS\system32\ikhcore.log 2007-10-25 21:46 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-10-25 21:46 <DIR> d-------- C:\Documents and Settings\Beast\Application Data\PC Tools . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-24 02:35 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2007-11-24 02:14 --------- d-----w C:\Program Files\Steam 2007-11-19 11:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2007-11-11 05:06 --------- d-----w C:\Documents and Settings\Beast\Application Data\LimeWire 2007-10-21 22:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Eset 2007-10-21 20:38 790,528 ----a-w C:\WINDOWS\system32\svchost..exe 2007-10-19 08:51 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-19 08:51 --------- d-----w C:\Program Files\Google 2007-10-17 03:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-16 08:56 --------- d-----w C:\Documents and Settings\Beast\Application Data\Apple Computer 2007-10-16 01:39 --------- d-----w C:\Program Files\LimeWire 2007-10-06 20:43 --------- d-----w C:\Program Files\DivX 2007-10-02 05:44 --------- d-----w C:\Program Files\Atomic Alarm Clock 2007-09-27 22:45 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-09-27 22:42 --------- d-----w C:\Program Files\HP 2007-09-27 21:55 --------- d-----w C:\Program Files\Apple Software Update . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files\Steam\Steam.exe" [2007-11-15 06:31] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-12-02 01:00] "SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-09-10 13:24] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-10-25 21:52] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 07:20] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 22:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-12 20:05] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 08:06 C:\WINDOWS\AGRSMMSG.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 09:00] "explorer.exe"="C:\WINDOWS\system32\svchost..exe" [2007-10-21 12:38] "egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" [2007-09-21 08:16] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-10-25 21:52] C:\Documents and Settings\Guest\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54] C:\Documents and Settings\Beast\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54] R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;"C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe" S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\DigitalKeys.exe *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-11-24 00:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-23 18:35:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-23 18:36:45 . --- E O F ---
  4. im sorry i was really frustrated. here goes the report for sdfix: SDFix: Version 1.115 Run by Beast on Fri 11/23/2007 at 05:55 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-23 18:07:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\01\10-{DE180218-B44A-6359-48E2-A2B2350ACFB2}-v1-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\11\11-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v11-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 20316 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\11\11-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v11-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1470 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\11\11-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v11-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2248 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\13\13-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v13-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 107148 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\13\13-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v13-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 7662 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\13\13-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v13-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 11952 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\14\14-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v14-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1002 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\14\14-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v14-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 128 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\15\25-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v15-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2262 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\15\25-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v15-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 280 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\16\16-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v16-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1578 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\16\16-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v16-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 192 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\17\17-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v17-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2766 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\17\17-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v17-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 320 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\18\18-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v18-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1740 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\18\18-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v18-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 216 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\18\35-{54B35816-72F9-4EB7-BD9F-788FC557EE67}-v18-{953FB43E-C9CA-4263-831C-15CDA6316F8E}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\19\19-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v19-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1524 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\19\19-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v19-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 184 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\20\20-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v20-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2622 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\20\20-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v20-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 312 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\20\20-{54B35816-72F9-4EB7-BD9F-788FC557EE67}-v20-{54B35816-72F9-4EB7-BD9F-788FC557EE67}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\21\21-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v21-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2730 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\21\21-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v21-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\21\21-{54B35816-72F9-4EB7-BD9F-788FC557EE67}-v21-{54B35816-72F9-4EB7-BD9F-788FC557EE67}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 624 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\22\22-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v22-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2712 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\22\22-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v22-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\23\23-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v23-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2154 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\23\23-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v23-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 296 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\24\24-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v24-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2136 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\24\24-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v24-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 312 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\30\30-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v30-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 18228 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\30\30-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v30-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1362 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\30\30-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v30-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2184 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\31\31-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v31-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2910 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\31\31-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v31-{4A73B0CE-B1E3-431A-AB84-C1E7A7348B2E}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 320 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\37\37-{953FB43E-C9CA-4263-831C-15CDA6316F8E}-v37-{953FB43E-C9CA-4263-831C-15CDA6316F8E}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 256 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\39\39-{54B35816-72F9-4EB7-BD9F-788FC557EE67}-v39-{54B35816-72F9-4EB7-BD9F-788FC557EE67}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\40\40-{54B35816-72F9-4EB7-BD9F-788FC557EE67}-v40-{54B35816-72F9-4EB7-BD9F-788FC557EE67}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\45\45-{953FB43E-C9CA-4263-831C-15CDA6316F8E}-v45-{953FB43E-C9CA-4263-831C-15CDA6316F8E}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5240 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\70\75-{953FB43E-C9CA-4263-831C-15CDA6316F8E}-v70-{953FB43E-C9CA-4263-831C-15CDA6316F8E}-v75-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 216 bytes hidden from API C:\Documents and Settings\Beast\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\76\80-{953FB43E-C9CA-4263-831C-15CDA6316F8E}-v76-{953FB43E-C9CA-4263-831C-15CDA6316F8E}-v80-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 384 bytes hidden from API C:\Documents and Settings\Beast\My Documents\Documents and Settings$\Compaq_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{84EEADAC-08EA-CEFE-8911-1656DB4DD618}\01\10-{84~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\Beast\My Documents\Documents and Settings$\Compaq_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\01\10-{DE~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\Beast\My Documents\Documents and Settings$\Compaq_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\15\15-{54~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1236 bytes hidden from API C:\Documents and Settings\Beast\My Documents\Documents and Settings$\Compaq_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\15\15-{54~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API C:\Documents and Settings\Beast\My Documents\Documents and Settings$\Compaq_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\18\35-{54~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API C:\Documents and Settings\Beast\My Documents\Documents and Settings$\Compaq_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\21\21-{54~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 5106 bytes hidden from API C:\Documents and Settings\Beast\My Documents\Documents and Settings$\Compaq_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\21\21-{54~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 624 bytes hidden from API C:\Documents and Settings\Beast\My Documents\Documents and Settings$\Compaq_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\36\36-{95~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API C:\Documents and Settings\Beast\My Documents\Documents and Settings$\Compaq_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\37\37-{95~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 256 bytes hidden from API C:\Documents and Settings\Beast\My Documents\Documents and Settings$\Compaq_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\39\39-{54~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 606 bytes hidden from API C:\Documents and Settings\Beast\My Documents\Documents and Settings$\Compaq_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\39\39-{54~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API C:\Documents and Settings\Beast\My Documents\Documents and Settings$\Compaq_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\40\40-{54~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 606 bytes hidden from API C:\Documents and Settings\Beast\My Documents\Documents and Settings$\Compaq_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\40\40-{54~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API C:\Documents and Settings\Beast\My Documents\Documents and Settings$\Compaq_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\40\40-{95~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1504 bytes hidden from API C:\Documents and Settings\Beast\My Documents\Documents and Settings$\Compaq_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DE180218-B44A-6359-48E2-A2B2350ACFB2}\41\41-{95~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4056 bytes hidden from API scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 58 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\Steam\\SteamApps\\robunicu\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\robunicu\\counter-strike source\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe"="C:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe:*:Enabled:WS_FTP Pro Application" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam" "C:\\WINDOWS\\system32\\svchost..exe"="C:\\WINDOWS\\system32\\svchost..exe:*:Enabled:Microst Windows Explorer" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Files with Hidden Attributes: Fri 23 Jun 2006 401,408 A.SH. --- "C:\Old_Disk\temp foto$\SIV37.tmp" Sat 8 Sep 2007 952 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Sat 26 Aug 2006 671,744 A.SH. --- "C:\Old_Disk\temp foto$\New Folder\SIV12A.tmp" Fri 16 Nov 2007 13,096 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 10,508 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 4,860 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 6,436 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 8,204 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 20,284 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 14,456 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 4,320 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 99,980 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 1,409 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 1,409 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 1,409 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 1,409 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 1,409 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 1,409 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 1,409 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 1,409 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Fri 16 Nov 2007 1,409 ...H. --- "C:\Documents and Settings\Guest\Local Settings\Temp\[email protected]" Sun 21 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\573b8bee2d25ffedabde94732ae6dbae\BIT3.tmp" Tue 27 Dec 2005 4,348 A..H. --- "C:\Documents and Settings\Beast\My Documents\My Music\License Backup\drmv1key.bak" Wed 10 Jan 2007 20 A..H. --- "C:\Documents and Settings\Beast\My Documents\My Music\License Backup\drmv1lic.bak" Tue 27 Dec 2005 400 A.SH. --- "C:\Documents and Settings\Beast\My Documents\My Music\License Backup\drmv2key.bak" Tue 27 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\Beast\My Documents\Documents and Settings$\All Users\DRM\DRMv1.bak" Sun 29 Jul 2007 0 A.SH. --- "C:\Documents and Settings\Beast\My Documents\Documents and Settings$\All Users\DRM\Cache\Indiv02.tmp" Finished!
  5. Someone please take a look at this HJT log, i really need help. cant to isht with my comp runnin so slow.
  6. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:12:42 PM, on 11/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\svchost..exe C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\svchost..exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Beast\Desktop\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\system32\svchost..exe O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7080 bytes
  7. Hi im having big problems with my comp. Its running extremtly slow, even when i type the letters are lagging. i had kaspersky but my subscription ran out and i didnt have any antivirus for like a week. so this happens, please help me.
  8. I swear man, you guys are awesome. I want to learn all of this to be able to help people like me too. Thank you Aflac and the rest of the HJT comunity. ill go ahead and do the above stated
  9. and the Rapport.txt SmitFraudFix v2.181 Scan done at 17:56:31.42, Tue 05/15/2007 Run from C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\Tasks\At?.job Deleted C:\WINDOWS\Tasks\At??.job Deleted C:\WINDOWS\system32\kernels32.exe Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E9168909-C5F8-4022-9935-6006F7ACA63A}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E9168909-C5F8-4022-9935-6006F7ACA63A}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CS3\Services\Tcpip\..\{E9168909-C5F8-4022-9935-6006F7ACA63A}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End
  10. and the HJT log. Logfile of HijackThis v1.99.1 Scan saved at 9:04:25 PM, on 5/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\SPYWAR~1\swdoctor.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HJT\HijackThis.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: H - {943CBD6C-F4DE-40e4-AA43-7B964FAE81F1} - C:\WINDOWS\system32\comi.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing) O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Webcam Enhance V2.1] C:\WINDOWS\runtfs32.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
  11. I was in the process to posting everyitng. its just that combofix took very long. so here it goes. my comp works lots faster now. thx Aflac "Compaq_Owner" - 2007-05-16 20:30:45 Service Pack 2 ComboFix 07-05.17.V - Running from: "C:\Documents and Settings\Compaq_Owner\Desktop\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\764.exe C:\Temp\17O7\tmpTF.log C:\DOCUME~1\COMPAQ~1\Desktop\internet.lnk C:\WINDOWS\system32\win32.exe C:\WINDOWS\system32\perfc000.dat C:\WINDOWS\system32\smpi1 C:\Temp\17O7 C:\Temp\tn3 C:\WINDOWS\system32\drivers\core.sys C:\WINDOWS\system32\perfc000.dat ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_CORE -------\core ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-16 )))))))))))))))))))))))))))))))))) 2007-05-16 18:41 1 --a------ C:\WINDOWS\system32\boa.dat 2007-05-16 18:38 1 --a------ C:\WINDOWS\system32\ps.dat 2007-05-16 18:38 1 --a------ C:\WINDOWS\system32\cookie.dat 2007-05-16 18:37 41,478 --a------ C:\WINDOWS\system32\comi.dll 2007-05-16 08:48 621 --a------ C:\WINDOWS\system32\wincrc32ie.dll 2007-05-16 08:48 40,448 --a------ C:\WINDOWS\system32\htmloeaoe.dll 2007-05-15 18:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-05-15 18:09 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\SUPERAntiSpyware.com 2007-05-15 18:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-05-15 18:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-15 17:42 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-05-15 16:15 337,781 --a------ C:\WINDOWS\system32\zippy2.exe 2007-05-15 16:15 179,200 --a------ C:\WINDOWS\system32\flash.exe 2007-05-15 16:15 177,152 --a------ C:\WINDOWS\system32\click.exe 2007-05-15 16:15 103,522 --a------ C:\WINDOWS\system32\cafes.exe 2007-05-15 16:14 52,736 --a------ C:\WINDOWS\system32\dnsersnd.exe 2007-05-15 16:14 34,816 --a------ C:\WINDOWS\rau001978.exe 2007-05-15 16:14 14,390 --a------ C:\WINDOWS\475x.exe 2007-05-15 16:14 109,307 --a------ C:\WINDOWS\system32\CmarP1083.exe 2007-05-14 18:50 70,720 --a------ C:\WINDOWS\system32\f8RBW13f.exe 2007-05-13 21:00 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-05-13 21:00 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-05-13 21:00 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-05-13 14:37 <DIR> d-------- C:\Program Files\HJT 2007-05-11 08:21 18,432 --a------ C:\WINDOWS\sysrlb32.exe 2007-05-11 08:04 4 --a------ C:\WINDOWS\system32\stfv.bin 2007-05-11 08:03 31,232 --a------ C:\WINDOWS\system32\vxddsk.exe 2007-05-11 08:03 30,720 --a------ C:\WINDOWS\system32\MSIXU.DLL 2007-05-11 08:03 30,208 --a------ C:\WINDOWS\bi.dll 2007-05-11 08:03 29,184 --a------ C:\WINDOWS\bjam.dll 2007-05-11 08:03 27,904 --a------ C:\WINDOWS\flt.dll 2007-05-11 08:03 22,528 --a------ C:\WINDOWS\2020search.dll 2007-05-11 08:03 21,760 --a------ C:\WINDOWS\wml.exe 2007-05-11 08:03 20,736 --a------ C:\WINDOWS\system32\wml.exe 2007-05-11 08:03 20,224 --a------ C:\WINDOWS\vxddsk.exe 2007-05-11 08:03 17,664 --a------ C:\WINDOWS\swin32.dll 2007-05-11 08:03 17,664 --a------ C:\WINDOWS\7search.dll 2007-05-11 08:03 13,824 --a------ C:\WINDOWS\mspphe.dll 2007-05-11 08:03 13,056 --a------ C:\WINDOWS\voiceip.dll 2007-05-11 08:03 12,544 --a------ C:\WINDOWS\pbar.dll 2007-05-11 08:03 12 --a------ C:\WINDOWS\system32\sl.bin 2007-05-11 08:03 10,752 --a------ C:\WINDOWS\cdsm32.dll 2007-05-11 08:02 25,600 --a------ C:\WINDOWS\saiemod.dll 2007-05-11 08:02 16,128 --a------ C:\WINDOWS\180ax.exe 2007-05-11 08:02 12,800 --a------ C:\WINDOWS\system32\wmvds32.dll 2007-05-11 08:02 12 --a------ C:\WINDOWS\system32\gtv_sd.bin 2007-05-11 08:02 10,759 --a------ C:\WINDOWS\341x.exe 2007-05-03 23:40 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Ulead Systems 2007-05-03 23:33 49,152 --------- C:\WINDOWS\system32\INETWH32.dll 2007-05-03 23:33 1,056,768 --------- C:\WINDOWS\system32\ROBOEX32.DLL 2007-05-03 23:33 <DIR> d-------- C:\Program Files\Ulead Systems 2007-05-03 23:33 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems 2007-05-03 23:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems 2007-04-21 10:39 <DIR> d-------- C:\TempDVD 2007-04-19 21:50 8,704 --a------ C:\WINDOWS\bmfcr43.dll 2007-04-19 21:50 7,168 --a------ C:\WINDOWS\kbdcan32.exe 2007-04-19 21:50 51,200 --a------ C:\WINDOWS\runtfs32.exe 2007-04-19 21:50 27,136 --a------ C:\WINDOWS\ntmaspi32.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-16 22:38:13 -------- d-----w C:\Program Files\Steam 2007-05-16 22:36:14 -------- d-----w C:\Program Files\Online Services 2007-05-16 22:36:14 -------- d-----w C:\Program Files\Movie Maker 2007-05-16 00:11:20 -------- d-----w C:\Program Files\WildGames 2007-05-15 21:57:38 3,040 ----a-w C:\WINDOWS\system32\tmp.reg 2007-05-04 03:33:42 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-04-30 23:16:28 -------- d-----w C:\Program Files\dvdSanta 2007-03-29 21:28:50 -------- d-----w C:\Program Files\BitComet 2007-03-29 20:40:42 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll 2007-03-10 16:54:56 -------- d-----w C:\Program Files\ICQLite (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll [2007-03-19 04:47] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [] {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2006-05-05 13:55] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}=C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 14:41] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 13:29] {943CBD6C-F4DE-40e4-AA43-7B964FAE81F1}=C:\WINDOWS\system32\comi.dll [2007-05-16 18:37] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [] {B56A7D7D-6927-48C8-A975-17DF180C71AC}=C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2007-05-13 21:01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 01:34] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 09:11] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-09 06:43] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54] "DXDllRegExe"="dxdllreg.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58] "ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 06:06] "kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 18:09] "@"="" [] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [] "Steam"="C:\Program Files\Steam\Steam.exe" [2007-01-08 23:31] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00] "Microsoft Webcam Enhance V2.1"="C:\WINDOWS\runtfs32.exe" [2007-04-19 21:50] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-01 09:29] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="C:\\Program Files\\ICQLite\\ICQLite.exe -trayboot" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\%s"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages msv1_0 Security Packages kerberos msv1_0 schannel wdigest Notification Packages scecli [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HTTPFilter HTTPFilter LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV NetworkService DnsCache DcomLaunch DcomLaunch TermService rpcss RpcSs imgsvc StiSvc termsvcs TermService Usnsvc usnsvc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}] Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070515-152711-537 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 1045-1083-2752-8385-3966-7569 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\A423E7F8937861FC.job C:\WINDOWS\tasks\WebReg 20051218200620.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-16 20:50:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-16 20:56:00 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-16 20:56 --- E O F ---
  12. ok so this is the SuperAntiSpyware Scan Log SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/16/2007 at 05:40 PM Application Version : 3.7.1018 Core Rules Database Version : 3239 Trace Rules Database Version: 1250 Scan type : Complete Scan Total Scan Time : 02:00:36 Memory items scanned : 495 Memory threats detected : 5 Registry items scanned : 7193 Registry threats detected : 71 File items scanned : 136661 File threats detected : 818 Trojan.Downloader-LiveWin C:\WINDOWS\SYSTEM32\MSDN_LIB.DLL C:\WINDOWS\SYSTEM32\MSDN_LIB.DLL HKLM\Software\Classes\CLSID\{7C2F2C76-1489-450D-B8FB-0B9692D788F9} HKCR\CLSID\{7C2F2C76-1489-450D-B8FB-0B9692D788F9} HKCR\CLSID\{7C2F2C76-1489-450D-B8FB-0B9692D788F9} HKCR\CLSID\{7C2F2C76-1489-450D-B8FB-0B9692D788F9}\Implemented Categories HKCR\CLSID\{7C2F2C76-1489-450D-B8FB-0B9692D788F9}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKCR\CLSID\{7C2F2C76-1489-450D-B8FB-0B9692D788F9}\InprocServer32 HKCR\CLSID\{7C2F2C76-1489-450D-B8FB-0B9692D788F9}\InprocServer32#ThreadingModel HKCR\CLSID\{7C2F2C76-1489-450D-B8FB-0B9692D788F9}\ProgID HKCR\CLSID\{7C2F2C76-1489-450D-B8FB-0B9692D788F9}\Programmable HKCR\CLSID\{7C2F2C76-1489-450D-B8FB-0B9692D788F9}\TypeLib HKCR\CLSID\{7C2F2C76-1489-450D-B8FB-0B9692D788F9}\VERSION HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C2F2C76-1489-450D-B8FB-0B9692D788F9} Trojan.ZQuest C:\PROGRAM FILES\MOVIE MAKER\QUKA.DLL C:\PROGRAM FILES\MOVIE MAKER\QUKA.DLL C:\PROGRAM FILES\ONLINE SERVICES\MEXOJASI.DLL C:\PROGRAM FILES\ONLINE SERVICES\MEXOJASI.DLL HKLM\Software\Classes\CLSID\{9408CCE2-E282-4878-9F84-3EA1C11E241B} HKCR\CLSID\{9408CCE2-E282-4878-9F84-3EA1C11E241B} HKCR\CLSID\{9408CCE2-E282-4878-9F84-3EA1C11E241B} HKCR\CLSID\{9408CCE2-E282-4878-9F84-3EA1C11E241B}\InProcServer32 HKCR\CLSID\{9408CCE2-E282-4878-9F84-3EA1C11E241B}\InProcServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22176052-02A0-42E0-3A85-78222A03265C} HKCR\CLSID\{22176052-02A0-42E0-3A85-78222A03265C} HKCR\CLSID\{22176052-02A0-42E0-3A85-78222A03265C}\InProcServer32 HKCR\CLSID\{22176052-02A0-42E0-3A85-78222A03265C}\InProcServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9408CCE2-E282-4878-9F84-3EA1C11E241B} C:\WINDOWS\KVTE66.EXE Trojan.Downloader-Gen/OFB C:\PROGRA~1\OFB11\OFB11.DLL C:\PROGRA~1\OFB11\OFB11.DLL HKLM\Software\Classes\CLSID\{3E1500AC-87A5-416b-A211-82E848649DA9} HKCR\CLSID\{3E1500AC-87A5-416B-A211-82E848649DA9} HKCR\CLSID\{3E1500AC-87A5-416B-A211-82E848649DA9} HKCR\CLSID\{3E1500AC-87A5-416B-A211-82E848649DA9}\InprocServer32 HKCR\CLSID\{3E1500AC-87A5-416B-A211-82E848649DA9}\InprocServer32#ThreadingModel HKCR\CLSID\{3E1500AC-87A5-416B-A211-82E848649DA9}\ProgID HKCR\CLSID\{3E1500AC-87A5-416B-A211-82E848649DA9}\Programmable HKCR\CLSID\{3E1500AC-87A5-416B-A211-82E848649DA9}\TypeLib HKCR\CLSID\{3E1500AC-87A5-416B-A211-82E848649DA9}\VersionIndependentProgID HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E1500AC-87A5-416b-A211-82E848649DA9} Trojan.IERedirector C:\WINDOWS\SYSTEM32\DNSERSND.DLL C:\WINDOWS\SYSTEM32\DNSERSND.DLL HKLM\Software\Classes\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}#AppID HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}\InprocServer32 HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}\InprocServer32#ThreadingModel HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}\ProgID HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}\Programmable HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}\TypeLib HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}\VersionIndependentProgID HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} Trojan.Downloader-Gen/RetAd [runner1] C:\WINDOWS\RETADPU1000106.EXE C:\WINDOWS\RETADPU1000106.EXE HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 ] Adware.180solutions/SurfAssistant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} Trojan.PBar HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b} Trojan.Downloader-Gen/BasicMath HKLM\System\ControlSet001\Services\Net Agent C:\WINDOWS\DLS0523PMW.EXE HKLM\System\ControlSet003\Services\Net Agent HKLM\System\CurrentControlSet\Services\Net Agent Adware.Tracking Cookie C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][3].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][2].txt C:\Documents and Settings\BMB\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected]media[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][4].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected].dtmpower[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected]m[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compa[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Big N\Cookies\big [email protected][2].txt C:\D_Old\Documents and Settings\Big N\Cookies\big [email protected][2].txt C:\D_Old\Documents and Settings\Big N\Cookies\big [email protected][1].txt C:\D_Old\Documents and Settings\Big N\Cookies\big [email protected][1].txt C:\D_Old\Documents and Settings\Big N\Cookies\big [email protected][1].txt C:\D_Old\Documents and Settings\Big N\Cookies\big [email protected][2].txt C:\D_Old\Documents and Settings\Big N\Cookies\big [email protected][2].txt C:\D_Old\Documents and Settings\Big N\Cookies\big [email protected][2].txt C:\D_Old\Documents and Settings\Big N\Cookies\big [email protected][2].txt C:\D_Old\Documents and Settings\Big N\Cookies\big [email protected][1].txt C:\D_Old\Documents and Settings\Big N\Cookies\big [email protected][1].txt C:\D_Old\Documents and Settings\Big N\Cookies\big [email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected]ervice[1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][1].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected][2].txt C:\D_Old\Documents and Settings\Nicu\Cookies\[email protected]
  13. http://forums.pcpitstop.com/index.php?show...=141292&hl= Logfile of HijackThis v1.99.1 Scan saved at 2:38:13 PM, on 5/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\twain_32\ca561a\SnapDetect.exe C:\WINDOWS\system32\msorcl32.exe C:\WINDOWS\system32\tmrsrv32.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\WINDOWS\sysrlb32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 1045-1083-2752-8385-3966-7569 O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file) O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file) O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file) O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file) O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file) O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing) O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Webcam Enhance V2.1] C:\WINDOWS\runtfs32.exe O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  14. just wondering if its normal? allways very very high.
×
×
  • Create New...