Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page idd##.tmp.exe
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 09-03-2006, 11:39 AM   #1 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 6
OS: xp


idd##.tmp.exe
okay, got this virus, or multile ones actually. some of them include ishost.exe and ismini.exe which i got removed in safe mode. then there was some called srvnvo[1].exe which i can't find on the net anywhere. then theres bgates.exe win417.exe and a bunch of recurring idd##.tmp.exe. i keep deleting them, and i've deleted all the wierd things in the registry under run, runonce, and policies like the norton site had said. all looks good then suddenly norton tells me that it found new viruses. of course the only button is okay, which doesnt even solve the problem. stupid norton. anyway heres my hijackthis log if someone could PLEASE help me out. thanks!

Logfile of HijackThis v1.99.1
Scan saved at 12:32:12 PM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
D:\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Asus\Probe\AsusProb.exe
C:\WINDOWS\system32\Ma44Pan.Exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
D:\Mozilla Firefox\firefox.exe
D:\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
D:\WinRAR\WinRAR.exe
E:\Desktop\HijackThis.exe

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] d:\Asus\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Ma44Pan] Ma44Pan.Exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
iceblueorbitz is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 09-03-2006, 11:51 AM   #2 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


Hello iceblueorbitz and welcome to TSF,

As there are variants of infections that can interfere with the HijackThis tool, I'd like you to rename HijackThis.exe to ice-this.exe.
  • Navigate to C:\hjt\HijackThis.exe
  • Right click on HijackThis.exe
  • Select 'Rename'
  • Type in ice-this.exe
  • Press Enter.

Please run a scan with the newly renamed ice-this.exe and post the log here so we can get started.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-03-2006, 11:56 AM   #3 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 6
OS: xp


does the file have to be in that folder on the windows drive? cuz i was originally running it off the desktop, which is another partition. also, about every 15 minutes, i get like 4 popups of new viruses from norton. here's the new log. thanks.

Logfile of HijackThis v1.99.1
Scan saved at 12:54:59 PM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
D:\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Asus\Probe\AsusProb.exe
C:\WINDOWS\system32\Ma44Pan.Exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
D:\Mozilla Firefox\firefox.exe
D:\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\ice-this.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {9C24CCD8-862B-4E55-B6EA-EBE92C1E80CD} - C:\WINDOWS\system32\gebyx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] d:\Asus\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Ma44Pan] Ma44Pan.Exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
iceblueorbitz is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-03-2006, 12:26 PM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


The location of HJT is fine and the original location had nothing to do with the difference in the log output--the renaming of the hijackthis.exe did. The variant of the Vundo trojan present on this system targeted hijackthis.exe in order to hide from the scan.

While you will likely notice a marked improvement in your system after this first round--this isn't quite the end of it, so please return with all logs requested.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop. Do not run it yet.

------------

1. Download one of the two files below (they are the same, just download one of them) - **Important--save it to your desktop**

Combofix
or
Combofix



2. Go to <<Start>> then <<Run>> then paste in the single line command then click OK

"%userprofile%\desktop\combofix.exe" /v gebyx winjyg32

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you. Post that log in your next reply.

-----------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login on your usual account. Make sure to close any open browsers.

-----------------------------------

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually, into Normal Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
· "Security Info"
· "Warning Message"
· "Security Desktop"
· "Warning Homepage"
· "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

---------------------------

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

Then post the following logs in your next reply...

c:\rapport.txt
combofix log
New ice-this log
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-03-2006, 03:10 PM   #5 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 6
OS: xp


COMBOFIX:
Master - 06-09-03 13:34:06.92
ComboFix 06.08.30BT - Running from: E:\desktop

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\winjyg32.dll
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components


((((((((((((((((((((((((((((((( Files Created from 2006-08-03 to 2006-09-03 ))))))))))))))))))))))))))))))))))


2006-09-02 20:29 118,784 --a------ C:\WINDOWS\dsdxirmv.exe
2006-09-02 20:26 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2006-09-02 20:26 233,472 C:\WINDOWS\system32REX Shared Library.dll
2006-09-02 20:21 40,973 ---hs---- C:\WINDOWS\system32\rqropmk.dll
2006-09-02 19:33 45,056 -ra------ C:\WINDOWS\system32\Ma44Asio.dll
2006-09-02 19:33 311,296 -ra------ C:\WINDOWS\system32\Ma44Pan.exe
2006-08-31 13:13 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2006-08-31 13:13 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-08-31 13:13 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2006-08-26 13:03 73 --a------ C:\WINDOWS\system32\ssprs.dll
2006-08-26 13:03 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2006-08-26 13:03 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2006-08-26 13:03 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2006-08-26 13:03 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
2006-08-25 23:58 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-08-25 23:52 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2006-08-25 18:30 86,016 --a------ C:\WINDOWS\system32\CNMCP5c.exe
2006-08-25 18:30 6,656 --a------ C:\WINDOWS\system32\CNMVS5c.DLL
2006-08-25 18:30 105,984 --a------ C:\WINDOWS\system32\CNMLM5c.DLL
2006-08-22 11:18 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2006-08-22 11:17 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll
2006-08-20 17:48 98,304 --a------ C:\WINDOWS\system32\DUNZIP32.DLL
2006-08-20 17:48 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2006-08-20 17:48 86,016 --a------ C:\WINDOWS\UnMpiWiz.exe
2006-08-20 17:48 86,016 --a------ C:\WINDOWS\system32\GAPI32.DLL
2006-08-20 17:48 684,032 --a------ C:\WINDOWS\system32\ltmm_n.dll
2006-08-20 17:48 640,512 --a------ C:\WINDOWS\system32\Oc30.dll
2006-08-20 17:48 415,504 --a------ C:\WINDOWS\system32\MSREPL35.DLL
2006-08-20 17:48 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2006-08-20 17:48 36,864 --a------ C:\WINDOWS\system32\FlatControls.dll
2006-08-20 17:48 252,176 --a------ C:\WINDOWS\system32\MSRD2X35.DLL
2006-08-20 17:48 24,848 --a------ C:\WINDOWS\system32\MSJTER35.DLL
2006-08-20 17:48 149,504 --a------ C:\WINDOWS\system32\MFCANS32.DLL
2006-08-20 17:48 125,440 --a------ C:\WINDOWS\system32\DZIP32.DLL
2006-08-20 17:48 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2006-08-20 17:48 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll
2006-08-20 17:48 1,046,288 --a------ C:\WINDOWS\system32\MSJET35.DLL
2006-08-20 12:57 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-08-20 12:57 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-08-19 14:30 299,520 --a------ C:\WINDOWS\uninst.exe
2006-08-19 00:27 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-08-18 11:35 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-08-18 11:27 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-08-18 01:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-17 17:31 1,262,956 --------- C:\WINDOWS\system32\XMNT2001.EXE
2006-08-17 17:17 98,304 -ra------ C:\WINDOWS\system32\SStrmSK.dll
2006-08-17 17:17 98,304 -ra------ C:\WINDOWS\system32\SStrmPTB.dll
2006-08-17 17:17 98,304 -ra------ C:\WINDOWS\system32\SStrmDA.dll
2006-08-17 17:17 94,208 -ra------ C:\WINDOWS\system32\SStrmTR.dll
2006-08-17 17:17 94,208 -ra------ C:\WINDOWS\system32\SStrmTH.dll
2006-08-17 17:17 94,208 -ra------ C:\WINDOWS\system32\SStrmSV.dll
2006-08-17 17:17 94,208 -ra------ C:\WINDOWS\system32\SStrmPT.dll
2006-08-17 17:17 94,208 -ra------ C:\WINDOWS\system32\SStrmNO.dll
2006-08-17 17:17 94,208 -ra------ C:\WINDOWS\system32\SStrmFI.dll
2006-08-17 17:17 94,208 -ra------ C:\WINDOWS\system32\sstrmenu.dll
2006-08-17 17:17 94,208 -ra------ C:\WINDOWS\system32\SStrmENG.dll
2006-08-17 17:17 94,208 -ra------ C:\WINDOWS\system32\SStrmCS.dll
2006-08-17 17:17 90,112 -ra------ C:\WINDOWS\system32\SStrmSL.dll
2006-08-17 17:17 86,016 -ra------ C:\WINDOWS\system32\SStrmHE.dll
2006-08-17 17:17 86,016 -ra------ C:\WINDOWS\system32\SStrmAR.dll
2006-08-17 17:17 73,728 -ra------ C:\WINDOWS\system32\sstray.exe
2006-08-17 17:17 69,632 -ra------ C:\WINDOWS\system32\SStrmKO.dll
2006-08-17 17:17 69,632 -ra------ C:\WINDOWS\system32\SStrmJA.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SStrmZHT.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraZHT.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraZHC.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraTR.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraTH.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraSV.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraSL.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraSK.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraRU.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraPTB.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraPT.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraPL.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraNO.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraNL.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraKO.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraJA.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraIT.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraHU.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraHE.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraFR.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraFI.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraES.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraENG.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraEL.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraDE.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraDA.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraCS.dll
2006-08-17 17:17 61,440 -ra------ C:\WINDOWS\system32\SSTraAR.dll
2006-08-17 17:17 57,344 -ra------ C:\WINDOWS\system32\SStrmZHC.dll
2006-08-17 17:17 509,984 -ra------ C:\WINDOWS\50comupd.exe
2006-08-17 17:17 491,599 -ra------ C:\WINDOWS\system32\sndstorm.exe
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplZHT.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplZHC.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplTR.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplTH.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplSV.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplSL.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplSK.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplRU.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplPTB.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplPT.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplPL.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplNO.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplNL.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplKO.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplJA.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplIT.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplHU.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplHE.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplFR.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplFI.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplES.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplENG.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplEL.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplDE.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplDA.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplCS.dll
2006-08-17 17:17 36,864 -ra------ C:\WINDOWS\system32\SSCplAR.dll
2006-08-17 17:17 176,128 --a------ C:\WINDOWS\system32\NVUninst.exe
2006-08-17 17:17 176,128 --a------ C:\WINDOWS\system32\nvuautl.exe
2006-08-17 17:17 102,400 -ra------ C:\WINDOWS\system32\SStrmRU.dll
2006-08-17 17:17 102,400 -ra------ C:\WINDOWS\system32\SStrmPL.dll
2006-08-17 17:17 102,400 -ra------ C:\WINDOWS\system32\SStrmNL.dll
2006-08-17 17:17 102,400 -ra------ C:\WINDOWS\system32\SStrmIT.dll
2006-08-17 17:17 102,400 -ra------ C:\WINDOWS\system32\SStrmHU.dll
2006-08-17 17:17 102,400 -ra------ C:\WINDOWS\system32\SStrmFR.dll
2006-08-17 17:17 102,400 -ra------ C:\WINDOWS\system32\SStrmES.dll
2006-08-17 17:17 102,400 -ra------ C:\WINDOWS\system32\SStrmEL.dll
2006-08-17 17:17 102,400 -ra------ C:\WINDOWS\system32\SStrmDE.dll
2006-08-17 17:17 1,589,248 -ra------ C:\WINDOWS\system32\sstrmres.dll
2006-08-17 17:16 7,168 --a------ C:\WINDOWS\system32\nvack.dll
2006-08-17 17:16 53,760 --a------ C:\WINDOWS\system32\nvopenal.dll
2006-08-17 17:16 5,120 --a------ C:\WINDOWS\system32\ALut.dll
2006-08-17 17:16 30,208 --a------ C:\WINDOWS\system32\nvasio.dll
2006-08-17 17:16 21,504 --a------ C:\WINDOWS\system32\OpenAL32.dll
2006-08-17 17:16 176,128 --a------ C:\WINDOWS\system32\nvusmb.exe
2006-08-17 17:16 176,128 --a------ C:\WINDOWS\system32\nvuide.exe
2006-08-17 17:16 176,128 --a------ C:\WINDOWS\system32\nvugart.exe
2006-08-17 17:16 176,128 --a------ C:\WINDOWS\system32\nvuenet.exe
2006-08-17 17:16 176,128 --a------ C:\WINDOWS\system32\nvuaudio.exe
2006-08-17 17:09 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-08-17 17:09 0 -rahs---- C:\MSDOS.SYS
2006-08-17 17:09 0 -rahs---- C:\IO.SYS
2006-08-17 17:09 0 --a------ C:\CONFIG.SYS
2006-08-17 17:09 0 --a------ C:\AUTOEXEC.BAT
2006-08-17 17:07 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-08-17 17:07 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-08-17 17:07 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-08-17 17:07 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-08-17 17:07 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-08-17 17:07 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-08-17 17:07 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-08-17 17:07 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-08-17 17:07 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-08-17 17:07 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-08-17 17:07 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-08-17 17:07 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-08-17 17:07 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-08-17 17:07 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-08-17 17:07 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-08-17 17:07 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-08-17 17:07 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-08-17 17:06 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-08-17 17:06 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-08-17 17:06 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-08-17 17:06 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-08-17 17:06 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-08-17 17:06 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-08-17 17:06 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-08-17 17:06 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-08-17 17:06 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-08-17 17:06 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-08-17 17:06 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-08-17 17:06 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-08-17 17:06 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-08-17 17:06 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-08-17 17:06 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-08-17 17:06 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-08-17 17:06 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-08-17 17:06 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-08-17 17:06 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-08-17 17:06 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-08-17 17:06 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-08-17 17:06 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-08-17 17:06 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-08-17 17:06 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-17 17:06 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-08-17 17:06 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-08-17 17:05 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-08-17 17:05 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-08-17 17:05 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-08-17 17:05 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-08-17 17:05 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-08-17 17:05 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-08-17 17:05 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-08-17 17:05 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-08-17 17:05 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-08-17 17:05 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-08-17 17:05 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-08-17 17:05 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-08-17 17:05 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-08-17 17:05 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-08-17 17:05 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-08-17 17:05 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-08-17 17:05 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-08-17 17:05 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-08-17 17:05 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-08-17 17:05 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-08-17 17:05 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-08-17 17:05 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-08-17 17:05 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-08-17 17:05 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-08-17 17:05 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-08-17 17:05 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-08-17 17:05 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-08-17 17:05 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-08-17 17:05 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-08-17 17:05 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-08-17 17:05 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-08-17 17:05 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-08-17 17:05 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-08-17 17:05 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-08-17 17:05 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-08-17 17:05 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-08-17 17:05 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-08-17 17:05 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-08-17 17:05 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-08-17 17:05 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-08-17 17:05 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-08-17 17:05 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-08-17 17:05 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-08-17 17:05 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-08-17 17:05 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-08-17 17:05 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-08-17 17:05 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-08-17 17:05 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-08-17 17:05 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-08-17 17:05 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-08-17 17:05 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-08-17 17:05 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-08-17 17:05 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-08-17 17:05 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-08-17 17:05 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-08-17 17:05 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-08-17 17:05 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-08-17 17:05 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-08-17 17:05 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-08-17 17:05 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-08-17 17:05 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-08-17 17:05 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-08-17 17:05 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-08-17 17:05 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-08-17 17:05 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-08-17 17:05 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-08-17 17:05 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-08-17 17:05 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-08-17 17:05 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-08-17 17:05 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-08-17 17:05 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-08-17 17:05 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-08-17 17:05 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-08-17 17:05 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-08-17 17:05 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-08-17 17:05 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-08-17 17:05 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-08-17 17:05 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-08-17 17:05 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-08-17 11:50 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-08-17 11:50 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-08-17 11:49 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2006-08-17 11:49 32,285 --a------ C:\WINDOWS\system32\HSFCISP2.dll
2006-08-17 11:49 3,980,288 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-17 11:48 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-08-17 11:47 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2006-08-17 11:47 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2006-08-17 11:47 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-08-17 11:47 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2006-08-17 11:47 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2006-08-17 11:47 6,144 -ra------ C:\WINDOWS\system32\kbdth3.dll
2006-08-17 11:47 6,144 -ra------ C:\WINDOWS\system32\kbdth2.dll
2006-08-17 11:47 6,144 -ra------ C:\WINDOWS\system32\kbdinpun.dll
2006-08-17 11:47 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbdvntc.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbdurdu.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbdth1.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbdth0.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbdsyr2.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbdsyr1.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbdintel.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbdintam.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbdinmar.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbdinkan.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbdinhin.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbdinguj.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbdindev.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbdheb.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbdfa.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbddiv2.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbddiv1.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbda3.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbda2.dll
2006-08-17 11:47 5,632 -ra------ C:\WINDOWS\system32\kbda1.dll
2006-08-17 11:47 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2006-08-17 11:47 5,120 -ra------ C:\WINDOWS\system32\kbdgeo.dll
2006-08-17 11:47 5,120 -ra------ C:\WINDOWS\system32\kbdarmw.dll
2006-08-17 11:47 5,120 -ra------ C:\WINDOWS\system32\kbdarme.dll
2006-08-17 11:47 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2006-08-17 11:47 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2006-08-17 11:47 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2006-08-17 11:46 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2006-08-17 11:46 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-08-17 11:46 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-08-17 11:46 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-08-17 11:46 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2006-08-17 11:46 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2006-08-17 11:46 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2006-08-17 11:46 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2006-08-17 11:46 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-08-17 11:46 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2006-08-17 11:46 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2006-08-17 11:46 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-08-17 11:46 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-08-17 11:46 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-08-17 11:46 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-08-17 11:46 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2006-08-17 11:46 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2006-08-17 11:46 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2006-08-17 11:46 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-08-17 11:46 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-08-17 11:46 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-08-17 11:46 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2006-08-17 11:46 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-08-17 11:46 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-08-17 11:46 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-08-17 11:46 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2006-08-17 11:45 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-08-17 11:45 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-08-17 11:45 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-08-17 11:45 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-08-17 11:45 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-08-17 11:45 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-08-17 11:45 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-08-17 11:45 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-08-17 11:45 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-08-17 11:45 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-08-17 11:45 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-08-17 11:45 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-08-17 11:45 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-08-17 11:45 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-08-17 11:45 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-08-17 11:45 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-08-17 11:45 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-08-17 11:45 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-08-17 11:45 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-08-17 11:45 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-08-17 11:45 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-08-17 11:45 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-08-17 11:45 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-08-17 11:45 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-08-17 11:45 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-08-17 11:45 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-08-17 11:45 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-03 13:28 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-03 12:15 -------- d-------- C:\Documents and Settings\Master\Application Data\Lavasoft
2006-09-03 10:51 -------- d-------- C:\Program Files\Common Files
2006-09-03 02:41 -------- d-------- C:\Documents and Settings\Master\Application Data\uTorrent
2006-09-02 20:34 -------- d-------- C:\Documents and Settings\Master\Application Data\Identities
2006-09-02 20:34 -------- d-------- C:\Documents and Settings\Master\Application Data\Cakewalk
2006-09-02 11:56 -------- d-------- C:\Documents and Settings\Master\Application Data\Real
2006-08-31 13:35 -------- d-------- C:\Documents and Settings\Master\Application Data\Publish Providers
2006-08-31 13:35 -------- d-------- C:\Documents and Settings\Master\Application Data\NetMedia Providers
2006-08-31 13:12 -------- d-------- C:\Documents and Settings\Master\Application Data\Sony
2006-08-30 11:17 -------- d-------- C:\Documents and Settings\Master\Application Data\LimeWire
2006-08-30 03:16 -------- d-------- C:\Documents and Settings\Master\Application Data\AdobeUM
2006-08-27 01:50 -------- d---s---- C:\Documents and Settings\Master\Application Data\Microsoft
2006-08-25 01:32 28276 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2006-08-23 13:15 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-23 12:19 -------- d-------- C:\Documents and Settings\Master\Application Data\Adobe
2006-08-23 11:49 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-08-22 12:12 -------- d-------- C:\Documents and Settings\Master\Application Data\Macromedia
2006-08-22 11:45 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-08-22 11:19 -------- d-------- C:\Documents and Settings\Master\Application Data\InterVideo
2006-08-22 11:18 -------- d-------- C:\Program Files\Common Files\InterVideo
2006-08-20 12:13 875 --a------ C:\Documents and Settings\Master\Application Data\AdobeDLM.log
2006-08-20 12:13 0 --a------ C:\Documents and Settings\Master\Application Data\dm.ini
2006-08-19 18:58 -------- d-------- C:\Documents and Settings\Master\Application Data\Sun
2006-08-19 14:32 -------- d-------- C:\Program Files\Common Files\Voyetra
2006-08-19 14:32 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-18 23:43 -------- d-------- C:\Documents and Settings\Master\Application Data\OpenOffice.org2
2006-08-18 21:15 -------- d-------- C:\Program Files\Common Files\System
2006-08-18 16:02 -------- d-------- C:\Documents and Settings\Master\Application Data\Symantec
2006-08-18 11:36 4608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-08-18 00:58 -------- d-------- C:\Program Files\Common Files\Java
2006-08-17 20:16 -------- d-------- C:\Documents and Settings\Master\Application Data\Mozilla
2006-08-17 20:14 -------- d-------- C:\Program Files\Outlook Express
2006-08-17 20:13 -------- d-------- C:\Program Files\Movie Maker
2006-08-17 20:03 -------- d-------- C:\Documents and Settings\Master\Application Data\Help
2006-08-17 17:31 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-17 17:31 -------- d-------- C:\Program Files\PowerQuest
2006-08-17 17:14 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-17 17:14 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-17 17:09 -------- d-------- C:\Program Files\xerox
2006-08-17 17:09 -------- d-------- C:\Program Files\Windows Media Player
2006-08-17 17:09 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-17 17:08 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-17 17:08 -------- d-------- C:\Program Files\Internet Explorer
2006-08-17 17:07 -------- d-------- C:\Program Files\NetMeeting
2006-08-17 17:07 -------- d-------- C:\Program Files\Common Files\Services
2006-08-17 17:07 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-17 17:06 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-17 17:05 -------- d-------- C:\Program Files\Windows NT
2006-08-17 17:05 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-17 11:47 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-17 11:47 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-17 11:45 62 --ahs---- C:\Documents and Settings\Master\Application Data\desktop.ini
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-15 16:55 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-06-15 16:55 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-06-15 16:55 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-06-15 16:55 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-06-14 12:49 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-06-12 14:22 520192 --a------ C:\WINDOWS\system32\DivXsm.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"nForce Tray Options"="sstray.exe /r"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"SunJavaUpdateSched"="\"D:\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ASUS Probe"="d:\\Asus\\Probe\\AsusProb.exe"
"NWEReboot"=""
"Symantec NetDriver Monitor"="D:\\\\SYMNET~1\\SNDMon.exe /Consumer"
"Ma44Pan"="Ma44Pan.Exe"
"TraySantaCruz"="C:\\WINDOWS\\system32\\tbctray.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"NoNetworkConnections"=hex:01,00,00,00
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e1,00,00,00,00,00,00,00,1f,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Master.job

Completion time: Sun 09/03/2006 15:54:57.68
ComboFix.txt





RAPPORT:
SmitFraudFix v2.83

Scan done at 15:57:33.14, Sun 09/03/2006
Run from E:\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



HIJACKTHIS:
Logfile of HijackThis v1.99.1
Scan saved at 16:09, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
D:\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Asus\Probe\AsusProb.exe
C:\WINDOWS\system32\Ma44Pan.Exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hjt\ice-this.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] d:\Asus\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Ma44Pan] Ma44Pan.Exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
iceblueorbitz is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-03-2006, 06:11 PM   #6 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 6
OS: xp


is that all or is there more? norton isn't popping up anymore virus alerts.
iceblueorbitz is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-03-2006, 07:57 PM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


A bit more to take care of.

Reboot into Safe Mode.

---------------------------

Delete the following files:

C:\WINDOWS\system32\ rqropmk.dll
C:\WINDOWS\ uninst.exe

---------------------------

Reboot into Normal Mode.

As no one tool will reveal all malware present on a system, we still need one more scan to check for any files that may still be lurking:

Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
  • Click on see report. Then click Save report

Please post those results in your next reply.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-04-2006, 01:25 AM   #8 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 6
OS: xp


i deleted the uninst.exe, but the .dll was not in the system32 directory. here's the panda scan results:


Incident Status Location

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.adtech.de/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.belnk.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[hc2.humanclick.com/hc/34286487]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\dfs1cc58.default\cookies.txt[www.burstbeacon.com/]
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\rqropmk.dll
Potentially unwanted tool:Application/Processor Not disinfected E:\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected E:\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Adware:Adware/Cydoor Not disinfected Z:\ETC\JETAUDIO-AD\JETAUD.EXE
iceblueorbitz is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-04-2006, 05:34 AM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


Hello iceblueorbitz,

Download KillBox. (it's important that you get version v2.0.0.175)

Launch KillBox.exe & select the following options:
  • Delete on Reboot
  • All files (if available)
Copy the file path below and paste it into the 'Full Path of File to Delete' field:

C:\WINDOWS\system32\rqropmk.dll

Select/tick the following:
* Delete on Reboot
* End Explorer Shell While Killing File
* Unregister.dll Before Deleting" if it's not grayed out.
Click the RED X button.

Click Yes at the 'Delete on Reboot' prompt. Click Yes at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.
* If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to manually restart Windows.

-------------------------------

Clear Mozilla Firefox cookies:
Open the Mozilla Browser, (you do not need to be online to do this) Click Tools>Options>Privacy>Cookies>Clear

-------------------------------

Based on the Panda results, I also highly suggest you delete the following file:

Z:\ETC\JETAUDIO-AD\ JETAUD.EXE

-------------------------------

You should be all set now. If there aren't any more problems, please continue with these final instructions and helpful links.


Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Keep my computer up to date"
*Under Settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items .

Download Spyware Guard to catch and block spyware before it can execute.

Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, and save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list, by typing 2
Then return to the main menu.
Select option #4 - Add the old porn sites domain, by typing 4


Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Follow this list and your potential for being infected again will reduce dramatically.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-04-2006, 10:04 AM   #10 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 6
OS: xp


the rqrpomk.dll file was never in my system 32 folder as i could see... and i ran the killbox twice with no errors or misssing file notifications. so i don't know what that means. also, the jetaud.exe is a file on the driver cd for my audiotrak maya44 soundcard. so if that is all, thank you VERY VERY much, i appreciate this sooo much.
iceblueorbitz is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-04-2006, 09:21 PM   #11 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


That file was hidden. Instead of having you unhide system files, and possibly run into the file still being in use--I simply used Killbox to 'kill 2 birds with one stone'

As long as there are no more problems..that is all, and you're welcome.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 10:29 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85