Tech Support Forum - View Single Post

turntablist · 08-08-2007, 06:28 PM

firefox seems to be running faster now.... here are the logs

hijack this log....

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:25:44 PM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jason\My Documents\FILES\!ftp\appz\!save\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 5902 bytes

online scan............................

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, August 08, 2007 8:25:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 9/08/2007
Kaspersky Anti-Virus database records: 377293
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 84076
Number of viruses found: 5
Number of infected objects: 22
Number of suspicious objects: 0
Duration of the scan process: 01:16:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\history.dat Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\key3.db Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jason\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Desktop\[4]-Submit_2007-08-08_184220.57.zip/start.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\Jason\Desktop\[4]-Submit_2007-08-08_184220.57.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason\My Documents\FILES\!ftp\appz\!save\backups\backup-20070807-181900-293.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\Jason\My Documents\FILES\!ftp\appz\!save\serv-u.v4.1.0.3.professional.edition.repack-magnum.rar/Serv-U.v4.1.0.3.Professional.Edition.Repack-MAGNUM/mgmsur43.zip/MGMsusetup.rar/susetup.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.4103 skipped
C:\Documents and Settings\Jason\My Documents\FILES\!ftp\appz\!save\serv-u.v4.1.0.3.professional.edition.repack-magnum.rar/Serv-U.v4.1.0.3.Professional.Edition.Repack-MAGNUM/mgmsur43.zip/MGMsusetup.rar/susetup.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.4103 skipped
C:\Documents and Settings\Jason\My Documents\FILES\!ftp\appz\!save\serv-u.v4.1.0.3.professional.edition.repack-magnum.rar/Serv-U.v4.1.0.3.Professional.Edition.Repack-MAGNUM/mgmsur43.zip/MGMsusetup.rar Infected: not-a-virus:Server-FTP.Win32.Serv-U.4103 skipped
C:\Documents and Settings\Jason\My Documents\FILES\!ftp\appz\!save\serv-u.v4.1.0.3.professional.edition.repack-magnum.rar/Serv-U.v4.1.0.3.Professional.Edition.Repack-MAGNUM/mgmsur43.zip Infected: not-a-virus:Server-FTP.Win32.Serv-U.4103 skipped
C:\Documents and Settings\Jason\My Documents\FILES\!ftp\appz\!save\serv-u.v4.1.0.3.professional.edition.repack-magnum.rar RAR: infected - 4 skipped
C:\Documents and Settings\Jason\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jason\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\akjnegmv.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awidlnpm.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mnnpxlla.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ushnqjyw.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vbkhxidy.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\catchme2007-08-08_180403.73.zip/urqnnli.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\catchme2007-08-08_180403.73.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP8\A0001054.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP8\A0001055.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP8\A0001056.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP8\A0001060.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP8\A0001061.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP8\A0001073.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP9\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{1B0586AC-5599-426A-9FB2-EF270A042BFA}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

combo fix scan.....

ComboFix 07-08-09 - "Jason" 2007-08-08 18:42:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2910 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Jason\Desktop\CFScript.txt
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Jason\APPLIC~1\Viewpoint
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\456817750.swf
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\617478198.swf
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-299397824.swf
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-916845981.swf
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1054459834.swf
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1224228534.swf
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1300140075.mtz
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1624992797.swf
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1991437604.swf
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1859761695.swf
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\407034558.ini
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1054858782.gif
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1850579979.swf
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-192973655.mts
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1586664009.swf
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\805312437.gif
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx
C:\Documents and Settings\Jason\Start Menu\Programs\Startup\start.exe
C:\WINDOWS\system32\ahrfmuru.dll
C:\WINDOWS\system32\sikdivwr.dll

((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))

2007-08-08 17:53 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 18:44 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-07 18:44 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-07 18:32 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-07 18:26 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-06 18:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-05 21:06 <DIR> d-------- C:\Program Files\Ace Utilities
2007-08-05 15:02 <DIR> d-------- C:\WINDOWS\pss
2007-08-05 03:18 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-08-05 03:18 <DIR> d-------- C:\Program Files\FriendBlasterPro
2007-07-29 12:03 <DIR> d-------- C:\Program Files\mIRC
2007-07-29 11:59 <DIR> d-------- C:\Program Files\mresreg
2007-07-29 11:59 <DIR> d-------- C:\Program Files\MailFinder
2007-07-29 11:38 <DIR> d-------- C:\Program Files\Jvw Filter email
2007-07-25 23:13 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-07-25 23:13 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-25 23:13 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-07-25 23:13 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-07-25 23:13 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-07-25 23:13 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2007-07-25 23:13 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2007-07-25 23:13 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-07-25 23:13 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-07-25 23:13 217,073 --a------ C:\WINDOWS\meta4.exe
2007-07-25 23:13 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-07-25 22:12 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-07-25 22:12 <DIR> d-------- C:\WINDOWS\system32\RMBin
2007-07-25 22:12 <DIR> d-------- C:\Program Files\Apex
2007-07-25 22:03 <DIR> d-------- C:\Program Files\Any Video Converter
2007-07-17 22:09 <DIR> d-------- C:\Program Files\BuddyList Ops

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 18:33 --------- d-------- C:\Program Files\FlashFXP
2007-08-07 18:32 --------- d-------- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2007-08-05 20:34 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\Azureus
2007-08-04 17:25 --------- d-------- C:\Program Files\iTunes
2007-07-19 07:20 --------- d-------- C:\Program Files\Soulseek
2007-07-15 09:40 --------- d-------- C:\Program Files\Azureus
2007-06-17 15:18 --------- d-------- C:\Program Files\AIM6
2007-06-13 23:12 --------- d-------- C:\Program Files\Belarc
2007-05-16 11:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-10 16:30]
"nwiz"="nwiz.exe" [2006-03-10 16:30 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-10 16:30]
"SigmatelSysTrayApp"="sttray.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaPortal]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys
R2 WMP54GSSVC;WMP54GSSVC;"C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe"
R3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
R3 BlueletSCOAudio;Bluetooth SCO Audio Service;C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
R3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
R3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys
R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA;C:\WINDOWS\system32\drivers\sfng32.sys
R3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys
R3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys
R3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys
S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys
S3 c34nb4c5;c34nb4c5;\??\C:\DOCUME~1\Jason\LOCALS~1\Temp\96QmL
S3 ENUM1394;%1394\031887&040892.DeviceDesc%;C:\WINDOWS\system32\DRIVERS\enum1394.sys
S3 HidIr;Microsoft Infrared HID Driver;C:\WINDOWS\system32\DRIVERS\hidir.sys
S3 IrBus;Infrared bus filter driver for eHome remote controls;C:\WINDOWS\system32\DRIVERS\IrBus.sys
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\mxnic.sys

Contents of the 'Scheduled Tasks' folder
2007-08-06 17:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 18:44:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-08 18:46:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-08 18:46
C:\ComboFix2.txt ... 2007-08-08 18:05

--- E O F ---

08-08-2007, 06:28 PM	#9 (permalink)
turntablist Registered User Join Date: Aug 2007 Posts: 14 OS: xp	Re: Win AntiVirus Spyware 2007 firefox seems to be running faster now.... here are the logs hijack this log.... Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 8:25:44 PM, on 8/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Jason\My Documents\FILES\!ftp\appz\!save\HiJackThis_v2.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -- End of file - 5902 bytes online scan............................ ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, August 08, 2007 8:25:22 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 9/08/2007 Kaspersky Anti-Virus database records: 377293 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 84076 Number of viruses found: 5 Number of infected objects: 22 Number of suspicious objects: 0 Duration of the scan process: 01:16:28 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\cert8.db Object is locked skipped C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\formhistory.dat Object is locked skipped C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\history.dat Object is locked skipped C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\key3.db Object is locked skipped C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\parent.lock Object is locked skipped C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\search.sqlite Object is locked skipped C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Jason\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Jason\Desktop\[4]-Submit_2007-08-08_184220.57.zip/start.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\Documents and Settings\Jason\Desktop\[4]-Submit_2007-08-08_184220.57.zip ZIP: infected - 1 skipped C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\123g11a6.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Jason\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jason\My Documents\FILES\!ftp\appz\!save\backups\backup-20070807-181900-293.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\Documents and Settings\Jason\My Documents\FILES\!ftp\appz\!save\serv-u.v4.1.0.3.professional.edition.repack-magnum.rar/Serv-U.v4.1.0.3.Professional.Edition.Repack-MAGNUM/mgmsur43.zip/MGMsusetup.rar/susetup.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.4103 skipped C:\Documents and Settings\Jason\My Documents\FILES\!ftp\appz\!save\serv-u.v4.1.0.3.professional.edition.repack-magnum.rar/Serv-U.v4.1.0.3.Professional.Edition.Repack-MAGNUM/mgmsur43.zip/MGMsusetup.rar/susetup.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.4103 skipped C:\Documents and Settings\Jason\My Documents\FILES\!ftp\appz\!save\serv-u.v4.1.0.3.professional.edition.repack-magnum.rar/Serv-U.v4.1.0.3.Professional.Edition.Repack-MAGNUM/mgmsur43.zip/MGMsusetup.rar Infected: not-a-virus:Server-FTP.Win32.Serv-U.4103 skipped C:\Documents and Settings\Jason\My Documents\FILES\!ftp\appz\!save\serv-u.v4.1.0.3.professional.edition.repack-magnum.rar/Serv-U.v4.1.0.3.Professional.Edition.Repack-MAGNUM/mgmsur43.zip Infected: not-a-virus:Server-FTP.Win32.Serv-U.4103 skipped C:\Documents and Settings\Jason\My Documents\FILES\!ftp\appz\!save\serv-u.v4.1.0.3.professional.edition.repack-magnum.rar RAR: infected - 4 skipped C:\Documents and Settings\Jason\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Jason\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\QooBox\Quarantine\C\WINDOWS\system32\akjnegmv.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\QooBox\Quarantine\C\WINDOWS\system32\awidlnpm.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mnnpxlla.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ushnqjyw.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vbkhxidy.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\QooBox\Quarantine\catchme2007-08-08_180403.73.zip/urqnnli.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\QooBox\Quarantine\catchme2007-08-08_180403.73.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP8\A0001054.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP8\A0001055.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP8\A0001056.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP8\A0001060.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP8\A0001061.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP8\A0001073.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP9\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{1B0586AC-5599-426A-9FB2-EF270A042BFA}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. combo fix scan..... ComboFix 07-08-09 - "Jason" 2007-08-08 18:42:21.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2910 [GMT -4:00] Command switches used :: C:\Documents and Settings\Jason\Desktop\CFScript.txt * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Jason\APPLIC~1\Viewpoint C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\456817750.swf C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\617478198.swf C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-299397824.swf C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-916845981.swf C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1054459834.swf C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1224228534.swf C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1300140075.mtz C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1624992797.swf C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1991437604.swf C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1859761695.swf C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\407034558.ini C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1054858782.gif C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1850579979.swf C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-192973655.mts C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1586664009.swf C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\805312437.gif C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini C:\DOCUME~1\Jason\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx C:\Documents and Settings\Jason\Start Menu\Programs\Startup\start.exe C:\WINDOWS\system32\ahrfmuru.dll C:\WINDOWS\system32\sikdivwr.dll ((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 ))))))))))))))))))))))))))))))) 2007-08-08 17:53 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-07 18:44 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2007-08-07 18:44 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-08-07 18:32 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-07 18:26 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-06 18:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-08-05 21:06 <DIR> d-------- C:\Program Files\Ace Utilities 2007-08-05 15:02 <DIR> d-------- C:\WINDOWS\pss 2007-08-05 03:18 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL 2007-08-05 03:18 <DIR> d-------- C:\Program Files\FriendBlasterPro 2007-07-29 12:03 <DIR> d-------- C:\Program Files\mIRC 2007-07-29 11:59 <DIR> d-------- C:\Program Files\mresreg 2007-07-29 11:59 <DIR> d-------- C:\Program Files\MailFinder 2007-07-29 11:38 <DIR> d-------- C:\Program Files\Jvw Filter email 2007-07-25 23:13 719,872 --a------ C:\WINDOWS\system32\devil.dll 2007-07-25 23:13 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-07-25 23:13 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll 2007-07-25 23:13 66,560 --a------ C:\WINDOWS\MOTA113.exe 2007-07-25 23:13 502,784 --a------ C:\WINDOWS\x2.64.exe 2007-07-25 23:13 394,240 --a------ C:\WINDOWS\system32\Smab.dll 2007-07-25 23:13 318,976 --a------ C:\WINDOWS\system32\avisynth.dll 2007-07-25 23:13 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll 2007-07-25 23:13 240,128 --a------ C:\WINDOWS\system32\x.264.exe 2007-07-25 23:13 217,073 --a------ C:\WINDOWS\meta4.exe 2007-07-25 23:13 <DIR> d-------- C:\Program Files\AviSynth 2.5 2007-07-25 22:12 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll 2007-07-25 22:12 <DIR> d-------- C:\WINDOWS\system32\RMBin 2007-07-25 22:12 <DIR> d-------- C:\Program Files\Apex 2007-07-25 22:03 <DIR> d-------- C:\Program Files\Any Video Converter 2007-07-17 22:09 <DIR> d-------- C:\Program Files\BuddyList Ops (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-07 18:33 --------- d-------- C:\Program Files\FlashFXP 2007-08-07 18:32 --------- d-------- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster 2007-08-05 20:34 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\Azureus 2007-08-04 17:25 --------- d-------- C:\Program Files\iTunes 2007-07-19 07:20 --------- d-------- C:\Program Files\Soulseek 2007-07-15 09:40 --------- d-------- C:\Program Files\Azureus 2007-06-17 15:18 --------- d-------- C:\Program Files\AIM6 2007-06-13 23:12 --------- d-------- C:\Program Files\Belarc 2007-05-16 11:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 11:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 11:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 11:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 11:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-10 16:30] "nwiz"="nwiz.exe" [2006-03-10 16:30 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-10 16:30] "SigmatelSysTrayApp"="sttray.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaPortal] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys R2 WMP54GSSVC;WMP54GSSVC;"C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe" R3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys R3 BlueletSCOAudio;Bluetooth SCO Audio Service;C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys R3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys R3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys R3 sfng32;Sonic Focus Plugin for Sigmatel HDA;C:\WINDOWS\system32\drivers\sfng32.sys R3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys R3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys R3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys S3 c34nb4c5;c34nb4c5;\??\C:\DOCUME~1\Jason\LOCALS~1\Temp\96QmL S3 ENUM1394;%1394\031887&040892.DeviceDesc%;C:\WINDOWS\system32\DRIVERS\enum1394.sys S3 HidIr;Microsoft Infrared HID Driver;C:\WINDOWS\system32\DRIVERS\hidir.sys S3 IrBus;Infrared bus filter driver for eHome remote controls;C:\WINDOWS\system32\DRIVERS\IrBus.sys S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\mxnic.sys Contents of the 'Scheduled Tasks' folder 2007-08-06 17:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-08 18:44:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-08 18:46:25 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-08 18:46 C:\ComboFix2.txt ... 2007-08-08 18:05 --- E O F ---