*hjt logs =/*(RESOLVED)
-
Re: *hjt logs =/*
hello neal,
after the scan and the reboot it did kill the annoying pop ups 
also feel like the computer is doing much better.here are my logs.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/19/2007 at 04:58 PM
Application Version : 3.9.1008
Core Rules Database Version : 3346
Trace Rules Database Version: 1347
Scan type : Complete Scan
Total Scan Time : 01:01:32
Memory items scanned : 526
Memory threats detected : 1
Registry items scanned : 6929
Registry threats detected : 141
File items scanned : 66982
File threats detected : 69
Adware.Vundo-Variant
C:\WINDOWS\SYSTEM32\PRLTVTJZ.DLL
C:\WINDOWS\SYSTEM32\PRLTVTJZ.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\prltvtjz
C:\PROGRAM FILES\HIJACKTHIS\FOOLYOU.EXE\BACKUPS\BACKUP-20071117-185955-856.DLL
C:\PROGRAM FILES\HIJACKTHIS\FOOLYOU.EXE\BACKUPS\BACKUP-20071117-193137-833.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140377.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140379.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP661\A0141511.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP662\A0141605.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP662\A0141615.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP662\A0141675.DLL
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{11A69AE4-FBED-4832-A2BF-45AF82825583}
Trojan.WinFixer
HKLM\Software\Classes\CLSID\{9865480B-92A4-44E2-ACC1-C8229DC9BC60}
HKCR\CLSID\{9865480B-92A4-44E2-ACC1-C8229DC9BC60}
HKCR\CLSID\{9865480B-92A4-44E2-ACC1-C8229DC9BC60}\InprocServer32
HKCR\CLSID\{9865480B-92A4-44E2-ACC1-C8229DC9BC60}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\MLLJG.DLL
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
Unclassified.Oreans32
HKLM\System\ControlSet001\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet002\Services\oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ORE ANS32\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Ty pe
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#St art
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Er rorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Im agePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Di splayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Se curity
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Se curity#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\En um
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\En um#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\En um#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\En um#NextInstance
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@bestsellerantivirus[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@2o7[2].txt
C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@ad.outerinfoads[1].txt
C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@atdmt[2].txt
C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@doubleclick[1].txt
C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@indextools[1].txt
Trojan.Security Toolbar
C:\Documents and Settings\Owner\Favorites\Antivirus Test Online.url
Dialer.VacPro
HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}
HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}\2.0
HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}\2.0\0
HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}\2.0\0\win32
HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}\2.0\FLAGS
HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}\2.0\HELPDIR
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Mod uleUsage\C:/WINDOWS/Downloaded Program Files/int_ver34.ocx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Mod uleUsage\C:/WINDOWS/Downloaded Program Files/int_ver34.ocx#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Mod uleUsage\C:/WINDOWS/Downloaded Program Files/int_ver34.ocx#{A1426AC5-8CE5-4A00-B71E-011D35709AC6}
Malware.VirusBurst
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}\1.0
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}\1.0\0
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}\1.0\0\win32
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}\1.0\FLAGS
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}\1.0\HELPDIR
HKCR\Interface\{0C25003B-F5C9-4C24-A5F8-5BEE543A562C}
HKCR\Interface\{0C25003B-F5C9-4C24-A5F8-5BEE543A562C}\ProxyStubClsid
HKCR\Interface\{0C25003B-F5C9-4C24-A5F8-5BEE543A562C}\ProxyStubClsid32
HKCR\Interface\{0C25003B-F5C9-4C24-A5F8-5BEE543A562C}\TypeLib
HKCR\Interface\{0C25003B-F5C9-4C24-A5F8-5BEE543A562C}\TypeLib#Version
HKCR\Interface\{3B021AD8-9999-4EFE-8203-36A5B09117D7}
HKCR\Interface\{3B021AD8-9999-4EFE-8203-36A5B09117D7}\ProxyStubClsid
HKCR\Interface\{3B021AD8-9999-4EFE-8203-36A5B09117D7}\ProxyStubClsid32
HKCR\Interface\{3B021AD8-9999-4EFE-8203-36A5B09117D7}\TypeLib
HKCR\Interface\{3B021AD8-9999-4EFE-8203-36A5B09117D7}\TypeLib#Version
HKCR\Interface\{3C975D06-9239-4A00-9F1A-C3C337912F22}
HKCR\Interface\{3C975D06-9239-4A00-9F1A-C3C337912F22}\ProxyStubClsid
HKCR\Interface\{3C975D06-9239-4A00-9F1A-C3C337912F22}\ProxyStubClsid32
HKCR\Interface\{3C975D06-9239-4A00-9F1A-C3C337912F22}\TypeLib
HKCR\Interface\{3C975D06-9239-4A00-9F1A-C3C337912F22}\TypeLib#Version
HKCR\Interface\{413D2FA5-98CD-4078-98C1-C3AE775EF050}
HKCR\Interface\{413D2FA5-98CD-4078-98C1-C3AE775EF050}\ProxyStubClsid
HKCR\Interface\{413D2FA5-98CD-4078-98C1-C3AE775EF050}\ProxyStubClsid32
HKCR\Interface\{413D2FA5-98CD-4078-98C1-C3AE775EF050}\TypeLib
HKCR\Interface\{413D2FA5-98CD-4078-98C1-C3AE775EF050}\TypeLib#Version
HKCR\Interface\{46722628-C282-4FDF-814D-5B819C78E067}
HKCR\Interface\{46722628-C282-4FDF-814D-5B819C78E067}\ProxyStubClsid
HKCR\Interface\{46722628-C282-4FDF-814D-5B819C78E067}\ProxyStubClsid32
HKCR\Interface\{46722628-C282-4FDF-814D-5B819C78E067}\TypeLib
HKCR\Interface\{46722628-C282-4FDF-814D-5B819C78E067}\TypeLib#Version
HKCR\Interface\{49A6D89F-4422-4474-A287-5FE1D6811A87}
HKCR\Interface\{49A6D89F-4422-4474-A287-5FE1D6811A87}\ProxyStubClsid
HKCR\Interface\{49A6D89F-4422-4474-A287-5FE1D6811A87}\ProxyStubClsid32
HKCR\Interface\{49A6D89F-4422-4474-A287-5FE1D6811A87}\TypeLib
HKCR\Interface\{49A6D89F-4422-4474-A287-5FE1D6811A87}\TypeLib#Version
HKCR\Interface\{66B01F8A-1D57-40E7-8C8D-D67D06662577}
HKCR\Interface\{66B01F8A-1D57-40E7-8C8D-D67D06662577}\ProxyStubClsid
HKCR\Interface\{66B01F8A-1D57-40E7-8C8D-D67D06662577}\ProxyStubClsid32
HKCR\Interface\{66B01F8A-1D57-40E7-8C8D-D67D06662577}\TypeLib
HKCR\Interface\{66B01F8A-1D57-40E7-8C8D-D67D06662577}\TypeLib#Version
HKCR\Interface\{7588C5E3-9C6E-4CFE-884F-71BF8383621A}
HKCR\Interface\{7588C5E3-9C6E-4CFE-884F-71BF8383621A}\ProxyStubClsid
HKCR\Interface\{7588C5E3-9C6E-4CFE-884F-71BF8383621A}\ProxyStubClsid32
HKCR\Interface\{7588C5E3-9C6E-4CFE-884F-71BF8383621A}\TypeLib
HKCR\Interface\{7588C5E3-9C6E-4CFE-884F-71BF8383621A}\TypeLib#Version
HKCR\Interface\{8122D5A8-DC59-4AB8-9C02-CF66E10641C2}
HKCR\Interface\{8122D5A8-DC59-4AB8-9C02-CF66E10641C2}\ProxyStubClsid
HKCR\Interface\{8122D5A8-DC59-4AB8-9C02-CF66E10641C2}\ProxyStubClsid32
HKCR\Interface\{8122D5A8-DC59-4AB8-9C02-CF66E10641C2}\TypeLib
HKCR\Interface\{8122D5A8-DC59-4AB8-9C02-CF66E10641C2}\TypeLib#Version
HKCR\Interface\{8FB11528-3A97-45FE-BEAA-1A1FC4EE45F5}
HKCR\Interface\{8FB11528-3A97-45FE-BEAA-1A1FC4EE45F5}\ProxyStubClsid
HKCR\Interface\{8FB11528-3A97-45FE-BEAA-1A1FC4EE45F5}\ProxyStubClsid32
HKCR\Interface\{8FB11528-3A97-45FE-BEAA-1A1FC4EE45F5}\TypeLib
HKCR\Interface\{8FB11528-3A97-45FE-BEAA-1A1FC4EE45F5}\TypeLib#Version
HKCR\Interface\{8FE88DC0-E1EC-43E3-B70E-D3246F4D1899}
HKCR\Interface\{8FE88DC0-E1EC-43E3-B70E-D3246F4D1899}\ProxyStubClsid
HKCR\Interface\{8FE88DC0-E1EC-43E3-B70E-D3246F4D1899}\ProxyStubClsid32
HKCR\Interface\{8FE88DC0-E1EC-43E3-B70E-D3246F4D1899}\TypeLib
HKCR\Interface\{8FE88DC0-E1EC-43E3-B70E-D3246F4D1899}\TypeLib#Version
HKCR\Interface\{A25F0022-C2FC-4EA0-ABBA-2BFE4635BD68}
HKCR\Interface\{A25F0022-C2FC-4EA0-ABBA-2BFE4635BD68}\ProxyStubClsid
HKCR\Interface\{A25F0022-C2FC-4EA0-ABBA-2BFE4635BD68}\ProxyStubClsid32
HKCR\Interface\{A25F0022-C2FC-4EA0-ABBA-2BFE4635BD68}\TypeLib
HKCR\Interface\{A25F0022-C2FC-4EA0-ABBA-2BFE4635BD68}\TypeLib#Version
HKCR\Interface\{BDC75AD7-A8A5-4F25-BE36-A4DB971C7541}
HKCR\Interface\{BDC75AD7-A8A5-4F25-BE36-A4DB971C7541}\ProxyStubClsid
HKCR\Interface\{BDC75AD7-A8A5-4F25-BE36-A4DB971C7541}\ProxyStubClsid32
HKCR\Interface\{BDC75AD7-A8A5-4F25-BE36-A4DB971C7541}\TypeLib
HKCR\Interface\{BDC75AD7-A8A5-4F25-BE36-A4DB971C7541}\TypeLib#Version
HKCR\Interface\{C49930C7-ABF8-43B4-A7B7-98013DD6ABE6}
HKCR\Interface\{C49930C7-ABF8-43B4-A7B7-98013DD6ABE6}\ProxyStubClsid
HKCR\Interface\{C49930C7-ABF8-43B4-A7B7-98013DD6ABE6}\ProxyStubClsid32
HKCR\Interface\{C49930C7-ABF8-43B4-A7B7-98013DD6ABE6}\TypeLib
HKCR\Interface\{C49930C7-ABF8-43B4-A7B7-98013DD6ABE6}\TypeLib#Version
HKCR\Interface\{ECA9FBFF-5415-4440-A92B-03E8CA7B9828}
HKCR\Interface\{ECA9FBFF-5415-4440-A92B-03E8CA7B9828}\ProxyStubClsid
HKCR\Interface\{ECA9FBFF-5415-4440-A92B-03E8CA7B9828}\ProxyStubClsid32
HKCR\Interface\{ECA9FBFF-5415-4440-A92B-03E8CA7B9828}\TypeLib
HKCR\Interface\{ECA9FBFF-5415-4440-A92B-03E8CA7B9828}\TypeLib#Version
HKCR\Interface\{F7996A4A-B172-4C1A-85D0-19AB61C9C512}
HKCR\Interface\{F7996A4A-B172-4C1A-85D0-19AB61C9C512}\ProxyStubClsid
HKCR\Interface\{F7996A4A-B172-4C1A-85D0-19AB61C9C512}\ProxyStubClsid32
HKCR\Interface\{F7996A4A-B172-4C1A-85D0-19AB61C9C512}\TypeLib
HKCR\Interface\{F7996A4A-B172-4C1A-85D0-19AB61C9C512}\TypeLib#Version
Adware.VSToolbar
HKU\S-1-5-21-181486688-3301028022-890924152-1003\Software\Search Toolbar Corp
Malware.LocusSoftware Inc/BestSellerAntivirus
C:\DOCUMENTS AND SETTINGS\K-SPARKY-K\LOCAL SETTINGS\TEMP\MOFUGCLQ.EXE
C:\DOCUMENTS AND SETTINGS\K-SPARKY-K\LOCAL SETTINGS\TEMP\QRJATYDI.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\QRJATYDI.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140455.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140464.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140469.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140479.EXE
Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1162OINUNINSTALLER.EXE.VIR
Adware.ClickSpring
C:\QooBox\Quarantine\C\WINDOWS\RACLE~1\ERVICE~1.VI R
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KJWSY.DLL. VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140372.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP660\A0141456.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP661\A0141501.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP661\A0141504.EXE
Malware.Ultimate Defender
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FIBAGBIA\F IBAGBIA1.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FIBAGBIA\F IBAGBIA2.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FIBAGBIA\F IBAGBIA3.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP656\A0140180.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP661\A0141498.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP661\A0141499.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP661\A0141500.EXE
Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINWLY32.D LL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140470.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP660\A0141461.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP661\A0141502.DLL
Malware.MalwareStopper
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140373.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140374.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140375.DLL
Rogue.MalwareAlarm-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140376.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP660\A0141458.EXE
Trojan.Downloader-SpyTool
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140380.DLL
Trojan.Downloader-Gen/DDC
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140381.EXE
Malware.Downloader-Gen/BestSellerAntiVirus
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140480.EXE
Trojan.Downloader-Gen/AVP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140487.EXE
Trojan.Downloader-Gen/MobRules
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140488.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140490.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP662\A0141602.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP662\A0141603.DLL
Adware.Vundo-Variant/Small
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP659\A0140492.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP662\A0141604.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP662\A0141606.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP662\A0141607.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP662\A0141608.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP662\A0141610.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP662\A0141611.DLL
Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP660\A0141462.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP660\A0141464.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP662\A0141609.DLL
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5
06 PM, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\hijackthis\foolyou.exe\foolyou.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet Cable
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 211.457.4514.4545:6114
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" *
O4 - HKLM\..\Run: [Windows Certificate Verification Service] "C:\WINDOWS\wcvs.exe" *
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-181486688-3301028022-890924152-1007\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User 'k-sparky-k')
O4 - HKUS\S-1-5-21-181486688-3301028022-890924152-1007\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'k-sparky-k')
O4 - HKUS\S-1-5-21-181486688-3301028022-890924152-1007\..\Run: [Gpole] C:\WINDOWS\?racle\?ervices.exe (User 'k-sparky-k')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" * (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: PenPower PenKeyboard.lnk = C:\WINPENJR\win32\penkeybd.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://beta.update.microsoft.com/mic...?1154591029609
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
--
End of file - 11252 bytes
Last edited by k-sparky-k; 19-11-2007 at 07:36 AM.
-
That program killed what I was wanting dead and a whole lot more.
But it looks like a new monster has reared it's ugly head, looks like a spywarequake infection or similiar as there are many variants of that infection.
If you have not removed smitfraudfix, go ahead and remove it and let's get a newer version of that tool and run it.
Please download http://siri.urz.free.fr/Fix/SmitfraudFix.zip (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Please do not run any other option until asked to do so, Thanks
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Please post a new hijackthis log and the smitfraudfix log. Thanks.
-
hello .
SmitFraudFix v2.253
Scan done at 16:24:44.00, Tue 20/11/2007
Run from C:\Documents and Settings\k-sparky-k\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\k-sparky-k
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\k-sparky-k\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\K-SPAR~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 203.2.75.132
DNS Server Search Order: 198.142.0.51
HKLM\SYSTEM\CCS\Services\Tcpip\..\{656E27D1-14DF-4635-84BF-711A006784B2}: DhcpNameServer=203.2.75.132 198.142.0.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{656E27D1-14DF-4635-84BF-711A006784B2}: DhcpNameServer=203.2.75.132 198.142.0.51
HKLM\SYSTEM\CS2\Services\Tcpip\..\{656E27D1-14DF-4635-84BF-711A006784B2}: DhcpNameServer=203.2.75.132 198.142.0.51
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=203.2.75.132 198.142.0.51
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=203.2.75.132 198.142.0.51
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=203.2.75.132 198.142.0.51
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:28 PM, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\notepad.exe
C:\Program Files\hijackthis\foolyou.exe\foolyou.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" *
O4 - HKLM\..\Run: [Windows Certificate Verification Service] "C:\WINDOWS\wcvs.exe" *
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Gpole] C:\WINDOWS\?racle\?ervices.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" * (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: PenPower PenKeyboard.lnk = C:\WINPENJR\win32\penkeybd.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://beta.update.microsoft.com/mic...?1154591029609
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
--
End of file - 10229 bytes
-
This below was showing in hijackthis, the reason for the smitfraudfix tool.
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
Now it is not showing and the option 1 on smitfraud is to find and verify before fixing.
Not showing now, weird.
But I did make a little mistake, delete the smitfraudfix tool and do this please:
Download SDFIX and save it to your Desktop.
Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
- In Safe Mode, right click the SDFix.zip folder and choose Extract All,
- Open the extracted folder and double click RunThis.bat to start the script.
- Type Y to begin the script.
- It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- Your system will take longer that normal to restart as the fixtool will be running and removing files.
- When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
- Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
-
hello neal,
SDFix: Version 1.115
Run by k-sparky-k on Wed 21/11/2007 at 05:25 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\K-SPAR~1\Desktop\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted
C:\AQJO.EXE - Deleted
C:\RKSMLTQJ.EXE - Deleted
C:\TLKREOAD.EXE - Deleted
C:\TQXI.EXE - Deleted
C:\WOSIWW.EXE - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-21 17:36:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:64a34a26
"s2"=dword:a4be532d
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:04,29,07,7a,75,59,7b,98,7c,4e,5f,a5,94 ,2b,3e,f8,86,f5,64,8a,15,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:b6,97,26,1c,9c,a3,9b,49,b9,8a,c4,96,49 ,a0,d1,74,2d,78,c5,e8,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001]
"a0"=hex:20,01,00,00,45,14,6f,cf,f2,8f,cc,fb,4d,6d ,ae,73,43,c4,b7,70,3b,..
"khjeh"=hex:97,fc,c7,dc,77,c0,05,c2,b5,33,b2,de,77 ,02,a9,51,4b,2d,b3,d9,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40]
"khjeh"=hex:64,62,02,00,70,b3,1b,00,20,99,77,00,e8 ,ff,ff,ff,e8,03,0a,49,2f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf41]
"khjeh"=hex:64,62,02,00,68,13,18,00,37,00,00,00,a8 ,ff,ff,ff,48,00,49,00,44,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:04,29,07,7a,75,59,7b,98,7c,4e,5f,a5,94 ,2b,3e,f8,86,f5,64,8a,15,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:b6,97,26,1c,9c,a3,9b,49,b9,8a,c4,96,49 ,a0,d1,74,2d,78,c5,e8,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,45,14,6f,cf,f2,8f,cc,fb,4d,6d ,ae,73,43,c4,b7,70,3b,..
"khjeh"=hex:97,fc,c7,dc,77,c0,05,c2,b5,33,b2,de,77 ,02,a9,51,4b,2d,b3,d9,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:64,62,02,00,38,bc,22,00,90,99,77,00,c8 ,ff,ff,ff,76,6b,19,00,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf41]
"khjeh"=hex:64,62,02,00,38,02,23,00,00,be,6f,00,e0 ,ff,ff,ff,76,6b,08,00,04,..
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\cchan_007@hotmail.com\DFSR\Staging \CS{9F6ED665-F1EA-0840-EEB5-0A4881625B1A}\01\76-{9F6ED665-F1EA-0840-EEB5-0A4881625B1A}-v1-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v76-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\cchan_007@hotmail.com\DFSR\Staging \CS{9F6ED665-F1EA-0840-EEB5-0A4881625B1A}\77\77-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v77-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v77-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1020 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\cchan_007@hotmail.com\DFSR\Staging \CS{9F6ED665-F1EA-0840-EEB5-0A4881625B1A}\77\77-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v77-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v77-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 104 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\cchan_007@hotmail.com\DFSR\Staging \CS{9F6ED665-F1EA-0840-EEB5-0A4881625B1A}\81\13-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v81-{026D9A32-C9E0-4493-9DC8-090F523E1B38}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 5304 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\cchan_007@hotmail.com\DFSR\Staging \CS{9F6ED665-F1EA-0840-EEB5-0A4881625B1A}\81\13-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v81-{026D9A32-C9E0-4493-9DC8-090F523E1B38}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 792 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\shin_gk1@hotmail.com\DFSR\Staging\ CS{6321A3BA-1248-6FF8-E47A-49F7047230D7}\01\13-{6321A3BA-1248-6FF8-E47A-49F7047230D7}-v1-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\tazo_was_here@hotmail.com\DFSR\Sta ging\CS{F1F25152-CD4A-C310-71E3-A8BC762219BD}\90\90-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v90-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v90-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 696 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\tazo_was_here@hotmail.com\DFSR\Sta ging\CS{F1F25152-CD4A-C310-71E3-A8BC762219BD}\90\90-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v90-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v90-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 80 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\00\600-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v600-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v600-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 904 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\01\10-{02798403-DF41-F436-10A8-8B7ADE292147}-v1-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\01\601-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v601-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v601-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 904 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\02\602-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v602-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v602-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1888 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\04\604-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v604-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v604-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 216 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\07\607-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v607-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v607-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1696 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\09\609-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v609-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v609-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\24\924-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v924-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v924-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 272 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\29\929-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v929-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v929-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\31\87-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v931-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v87-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8742 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\31\87-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v931-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v87-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 984 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\32\932-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v932-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v932-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 288 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\33\933-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v933-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v933-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 256 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\34\934-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v934-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v934-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 720 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\35\635-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v635-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v635-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\35\935-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v935-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v935-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 384 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\36\636-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v636-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v636-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\37\37-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v37-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 588 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\37\37-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v37-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 80 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\37\637-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v637-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v637-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\37\937-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v937-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v937-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 512 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\38\638-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v638-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v638-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\38\938-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v938-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v938-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 320 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\39\639-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v639-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v639-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 80 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\42\642-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v642-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v642-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1720 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\43\643-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v643-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v643-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1856 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\47\647-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v647-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v647-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 80 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\49\649-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v649-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v649-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 80 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\49\949-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v949-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v949-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\50\650-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v650-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v650-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\50\950-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v950-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v950-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 352 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\51\651-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v651-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v651-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\51\951-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v951-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v951-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 264 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\52\652-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v652-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v652-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 80 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\52\952-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v952-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v952-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 336 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\53\653-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v653-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v653-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 256 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\54\654-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v654-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v654-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\70\74-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v670-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v74-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8328 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\70\74-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v670-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v74-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 976 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\71\671-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v671-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v671-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 952 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\72\673-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v672-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v673-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 888 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\81\681-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v681-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v681-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 280 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\82\682-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v682-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v682-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 216 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\83\82-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v683-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 18336 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\83\82-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v683-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1344 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\83\82-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v683-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2040 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\83\83-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v83-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v83-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4746 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\83\83-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v83-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v83-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\84\84-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v84-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v84-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 714 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\84\84-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v84-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v84-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\85\585-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v585-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v585-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1936 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\85\85-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v85-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v85-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4134 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\85\85-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v85-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v85-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 472 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\86\586-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v586-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v586-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 17346 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\86\586-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v586-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v586-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1944 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\87\587-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v587-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v587-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1776 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\88\588-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v588-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v588-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1800 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\88\88-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v88-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v88-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 12360 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\88\88-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v88-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v88-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1384 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\89\589-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v589-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v589-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1816 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\92\592-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v592-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v592-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2184 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\93\593-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v593-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v593-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1896 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\94\594-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v594-{092A68AB-9A6A-4C5F-86C1-7E521E403217}-v594-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2304 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\96\96-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v96-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v96-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2424 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\kevin_yes917@hotmail.com\ SharingMetadata\wenli_love@hotmail.com\DFSR\Stagin g\CS{02798403-DF41-F436-10A8-8B7ADE292147}\96\96-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v96-{7129FB25-0B43-410E-BDA3-E19C8518D88B}-v96-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 272 bytes hidden from API
C:\Documents and Settings\k-sparky-k\Local Settings\Application Data\Microsoft\Messenger\people_these_days@hotmail .com\SharingMetadata\madeintaiwan81@hotmail.com\DF SR\Staging\CS{7F641644-51BB-ADBD-36EF-66E723C25F1E}\01\10-{7F641644-51BB-ADBD-36EF-66E723C25F1E}-v1-{9090290F-3698-4A1D-9F21-2E97B3294BE6}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 74
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\K-SPAR~1\Desktop\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 2 Jan 2005 196 A.SHR --- "C:\BOOT.BAK"
Mon 19 Nov 2007 20,810 ..SH. --- "C:\WINDOWS\system32\prltvtjz.dllbox"
Wed 15 Mar 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 9 May 2007 14,464 ...H. --- "C:\Documents and Settings\k-sparky-k\My Documents\~WRL1262.tmp"
Sat 10 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 29 Aug 2007 29,696 ...H. --- "C:\Documents and Settings\k-sparky-k\My Documents\My Received Files\~WRL0001.tmp"
Mon 3 Sep 2007 33,280 ...H. --- "C:\Documents and Settings\k-sparky-k\My Documents\My Received Files\~WRL0004.tmp"
Thu 30 Aug 2007 35,328 ...H. --- "C:\Documents and Settings\k-sparky-k\My Documents\My Received Files\~WRL0005.tmp"
Tue 4 Sep 2007 28,672 ...H. --- "C:\Documents and Settings\k-sparky-k\My Documents\My Received Files\~WRL2885.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico10.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico11.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico12.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico14.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico15.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico16.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico17.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico18.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico19.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico1A.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico1B.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico1C.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico1D.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico2.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico21.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico22.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico23.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico24.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico25.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico26.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico27.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico28.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico29.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico2A.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico2E.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico2F.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico3.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico30.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico31.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico32.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico3A.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico3B.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico3C.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico3D.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico3E.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico4.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico42.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico43.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico44.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico45.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico46.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico5.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico6.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico8.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\ico9.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\icoA.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\icoB.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\icoC.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\icoE.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\temp\icoF.tmp"
Sat 6 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\573b8bee 2d25ffedabde94732ae6dbae\BIT3D.tmp"
Sun 23 Oct 2005 0 A..H. --- "C:\Program Files\Bethesda Softworks\Morrowind\Data Files\Sound\Vo\n\m\WFXrepair.tmp"
Finished!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:17 PM, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\foolyou.exe\foolyou.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" *
O4 - HKLM\..\Run: [Windows Certificate Verification Service] "C:\WINDOWS\wcvs.exe" *
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Gpole] C:\WINDOWS\?racle\?ervices.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" * (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: PenPower PenKeyboard.lnk = C:\WINPENJR\win32\penkeybd.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://beta.update.microsoft.com/mic...?1154591029609
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
--
End of file - 10440 bytes
-
Do you know what this is:
O4 - HKCU\..\Run: [Gpole] C:\WINDOWS\?racle\?ervices.exe
Your computer should be feeling great now!!
Do me a favor:
Disconnect from the internet, pull the wire, plug ect.
Reboot into safe mode
Run super antispyware again please just in case.
Post the log please.
-
hello neal, thank you for helping me fix the computer
i have no idea whats
"O4 - HKCU\..\Run: [Gpole] C:\WINDOWS\?racle\?ervices.exe"
here are my logs.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/23/2007 at 09:01 AM
Application Version : 3.9.1008
Core Rules Database Version : 3259
Trace Rules Database Version: 1270
Scan type : Complete Scan
Total Scan Time : 01:18:34
Memory items scanned : 189
Memory threats detected : 0
Registry items scanned : 6870
Registry threats detected : 0
File items scanned : 65438
File threats detected : 14
Adware.Tracking Cookie
C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@videoegg.adbureau[2].txt
C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@atdmt[2].txt
C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@serving-sys[2].txt
C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@bs.serving-sys[2].txt
C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@statcounter[1].txt
C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@2o7[2].txt
C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@mediaplex[1].txt
C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@ad.yieldmanager[2].txt
C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@doubleclick[1].txt
C:\Documents and Settings\k-sparky-k\Cookies\k-sparky-k@ad.outerinfoads[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt
-
Excellent, nothing but cookies.
Run hijackthis and click on "scan system only" button and put checks next to these:
O4 - HKCU\..\Run: [Gpole] C:\WINDOWS\?racle\?ervices.exe
Everything closed out but hijackthis and click on "fix checked"
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):
DELETE FOLDERS
C:\WINDOWS\?racle your guess is as good as mine to what the first letters are to that folder
If you have trouble finding that folder you may have to show hidden files folders:
Go here to learn how to show hidden files/folders:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5
Re-hide after we are done
Are you good to go?
Last edited by Neal; 23-11-2007 at 05:35 PM.
-
i cant find the "C:\WINDOWS\?racle" folder , even if i search with hiden files.
-
Hijackthis may of got rid of it all.
Are you good to go.
