I've been having trouble with trojans, viruses, or something. When we run our AVG, Spybot or Malwarebytes, they detect different trojans than each other or even different trojans than was detected in an earlier scan. Sometimes the same trojan has come up after the "fix".
I've ran the logs and am posting them.
Thank you in advance for helping.
Malwarebytes' Anti-Malware 1.30
Database version: 1439
Windows 5.1.2600 Service Pack 3
12/1/2008 4:12:21 PM
mbam-log-2008-12-01 (16-12-21).txt
Scan type: Quick Scan
Objects scanned: 73597
Time elapsed: 16 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-12-01 19:52:47
PROTECTIONS: 1
MALWARE: 26
SUSPECTS: 3
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
AVG Anti-Virus Free 8.0 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip
00034463 adware/wupd Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205FF73B-CA67-11D5-99DD-444553540013}
00065327 adware/coolsavings Adware No 0 Yes No hkey_classes_root\cpnmgr.cmv5.3
00065327 adware/coolsavings Adware No 0 Yes No hkey_classes_root\clsid\{549f957e-2f89-11d6-8cfe-00c04f52b225}
00065327 adware/coolsavings Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/cpnmgr.dll
00065327 adware/coolsavings Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{549f957e-2f89-11d6-8cfe-00c04f52b225}
00065327 adware/coolsavings Adware No 0 Yes No c:\windows\downloaded program files\cpnmgr.dll
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ccbill[1].txt
00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@kinghost[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-2639334511-854362244-4073450523-1009\Dc112.txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@toplist[1].txt
00167767 Cookie/WegCash TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@programs.wegcash[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-2639334511-854362244-4073450523-1009\Dc243.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-2639334511-854362244-4073450523-1009\Dc189.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-2639334511-854362244-4073450523-1009\Dc60.txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-2639334511-854362244-4073450523-1009\Dc99.txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-2639334511-854362244-4073450523-1009\Dc270.txt
00241796 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL
00241834 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\MyWebSearchWB\bar\1.bin\NPMYSRWB.DLL
00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\TropixSetup-dm[1].exe
00289207 Application/FunWeb HackTools No 0 Yes No C:\Program Files\MSN Messenger\msimg32.dll
00466631 Application/KillApp.S HackTools No 0 Yes No C:\hp\bin\KillIt.exe
00523287 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\MyWebSearchWB\bar\1.bin\W6WBTEMP.DLL
01162707 HackTool/KillProcWin.A HackTools No 0 No No C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\3A.dat[simple_killw.exe]
01343147 Application/MyWay HackTools No 0 Yes No D:\I386\Apps\APP08756\SRC\HPSummer2005.exe
03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1096\A0133859.sys
03983016 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\Updates from HP\9972322\Program\Interop.SHDocVw.dll
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location Ċ
;===============================================================================
================================================================================
=
===================
No C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\ViewBar.dll Ċ
No C:\Program Files\Online Services\NetscapeOnline\NSSetupMV.exe Ċ
No C:\WINDOWS\system32\riplpslggisbk.dll Ċ
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description Ċ
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:56 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.rvschools.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7ed5b7a6-dfb1-4e96-85c5-0e99c4466200} - C:\WINDOWS\system32\sotugulu.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Search - ?p=ZSzed029YYUS_ZZzer000
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://couponmom.coupons.smartsource.com/d...oad/cscmv5X.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161876157234
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,C:\WINDOWS\system32\yipiveto.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 14840 bytes
Full Version: Help Please!
Please disable Tea Timer:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
Uninstall these:
Acrobat 7.0 Out dated...we will install the latest version later
Java (jre1.6.0_07) Out dated...we will install the latest version later
MyWebSearch
Viewpoint Toolbar
WeatherBug Browser Bar
Reboot once more when finished uninstalling.
Run Hijackthis click--> "Open the Misc Tools section" then -->"delete file on reboot"
Copy/Paste the line below in bold into the File name box then click Open,
C:\WINDOWS\system32\yipiveto.dll
Answer yes to the prompt to reboot the PC. When the system comes back up, update your mbam and scan again.
Post backTHAT log along with a fresh HijackThis log. Thanks!
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
Uninstall these:
Acrobat 7.0 Out dated...we will install the latest version later
Java (jre1.6.0_07) Out dated...we will install the latest version later
MyWebSearch
Viewpoint Toolbar
WeatherBug Browser Bar
Reboot once more when finished uninstalling.
Run Hijackthis click--> "Open the Misc Tools section" then -->"delete file on reboot"
Copy/Paste the line below in bold into the File name box then click Open,
C:\WINDOWS\system32\yipiveto.dll
Answer yes to the prompt to reboot the PC. When the system comes back up, update your mbam and scan again.
Post backTHAT log along with a fresh HijackThis log. Thanks!
I haven't finished all the instructions yet, because I ran into a small problem.
I disabled the teatimer.
When I tried to uninstall, I ran into a few problems.
I had no problem uninstalling Java or Viewpoint toolbar or Acrobat 7.0.
When I looked for MyWebSearch in the uninstall, I can't find it. I didn't find it in my programs on the start menu either.
When I tried to uninstall Weatherbug Browser Bar, I got the following message:
Error loading: C:\Progra~1\MyWebS~1\bar\1.bin\w6Bar.dll
Specified module could not be found
I did uninstall the Weatherbug but I still couldn't uninstall Weatherbug browser bar.
I restarted my computer.
This is where I stopped, until after I hear back from you about these programs not being uninstalled.
Thanks for taking time to help me!
I disabled the teatimer.
When I tried to uninstall, I ran into a few problems.
I had no problem uninstalling Java or Viewpoint toolbar or Acrobat 7.0.
When I looked for MyWebSearch in the uninstall, I can't find it. I didn't find it in my programs on the start menu either.
When I tried to uninstall Weatherbug Browser Bar, I got the following message:
Error loading: C:\Progra~1\MyWebS~1\bar\1.bin\w6Bar.dll
Specified module could not be found
I did uninstall the Weatherbug but I still couldn't uninstall Weatherbug browser bar.
I restarted my computer.
This is where I stopped, until after I hear back from you about these programs not being uninstalled.
Thanks for taking time to help me!
Regardless of the failed uninstall attempt, please continue with those instructions and post the requested logs. Thanks!
QUOTE (1972vet @ Dec 2 2008, 10:27 AM) 
Regardless of the failed uninstall attempt, please continue with those instructions and post the requested logs. Thanks!
Ok, I finished all your instructions and here are the new logs.
Malwarebytes' Anti-Malware 1.30
Database version: 1450
Windows 5.1.2600 Service Pack 3
12/2/2008 4:33:29 PM
mbam-log-2008-12-02 (16-33-29).txt
Scan type: Quick Scan
Objects scanned: 74872
Time elapsed: 16 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{7ed5b7a6-dfb1-4e96-85c5-0e99c4466200} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7ed5b7a6-dfb1-4e96-85c5-0e99c4466200} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ed5b7a6-dfb1-4e96-85c5-0e99c4466200} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:10 PM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.rvschools.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Search - ?p=ZSzed029YYUS_ZZzer000
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://couponmom.coupons.smartsource.com/d...oad/cscmv5X.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161876157234
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,C:\WINDOWS\system32\yipiveto.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 13650 bytes
Please download combofix from This Webpage...and read through the instructions there for running the tool.
***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.
The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.
Once installed, a blue screen prompt should appear that reads as follows:
The Recovery Console was successfully installed.
When you see that screen, please continue as follows:
When the tool is finished, it will produce a report for you.
Please post back the following on your next reply:
C:\ComboFix.txt
New HijackThis log.
***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.
The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.
Once installed, a blue screen prompt should appear that reads as follows:
The Recovery Console was successfully installed.
When you see that screen, please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please post back the following on your next reply:
C:\ComboFix.txt
New HijackThis log.
I've completed everything you've said up to now. Here are the two logs you've asked for.
ComboFix 08-12-01.03 - HP_Owner 2008-12-02 22:47:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.128 [GMT -6:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\HP_Owner\nah_log.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\itibowan.ini
c:\windows\system32\riplpslggisbk.dll
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://77.74.48.101
c:\windows\system32\winlogon.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.
2008-12-01 19:58 . 2008-12-01 19:58 <DIR> d-------- c:\program files\Trend Micro
2008-12-01 16:54 . 2008-12-01 16:54 <DIR> d-------- c:\program files\Panda Security
2008-12-01 16:54 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-30 16:54 . 2008-11-30 16:54 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2008-11-30 16:53 . 2008-11-30 16:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 16:53 . 2008-11-30 16:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 16:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 16:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-29 14:09 . 2008-11-30 16:45 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-29 14:09 . 2008-11-29 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-29 09:19 . 2008-11-29 09:20 <DIR> d-------- c:\program files\iTunes
2008-11-29 09:19 . 2008-11-29 09:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 09:15 . 2008-11-29 09:16 <DIR> d-------- c:\program files\QuickTime
2008-11-28 21:24 . 2008-11-28 21:27 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-18 14:02 . 2008-11-18 14:02 84,310 --a------ c:\windows\system32\riplpslggisbk.dll-uninst.exe
2008-11-11 17:47 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 17:47 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 15:20 --------- d-----w c:\program files\iPod
2008-11-29 15:15 --------- d-----w c:\program files\Common Files\Apple
2008-11-29 04:52 --------- d-----w c:\program files\Coupons
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\yoclient
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\bang
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\AVGTOOLBAR
2008-11-23 03:03 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-20 22:57 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-20 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-16 00:35 --------- d-----w c:\program files\EA Games
2008-10-25 08:09 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 00:24 --------- d-----w c:\program files\Full Tilt Poker.Org
2008-10-13 21:52 --------- d-----w c:\program files\Bonjour
2008-10-13 21:43 --------- d-----w c:\program files\Apple Software Update
2008-09-20 12:32 61,440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-09-20 12:32 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-09-20 12:32 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-09-20 12:32 40,960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-09-20 12:32 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-09-20 12:32 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-09-20 12:32 287,310 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2008-09-20 12:32 163,840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-09-06 13:11 3,645 ----a-w c:\windows\viassary-hp.reg
2006-12-10 01:36 32 ----a-r c:\documents and settings\All Users\hash.dat
2006-06-10 16:54 154 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2006-06-02 21:09 774,144 ----a-w c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-08 180269]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 c:\windows\system32\HdAShCut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-03-19 299008]
PowerReg Scheduler.exe [2006-05-09 189952]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dataviz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-02-06 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-08-08 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"66778282"= 34324235334643412d373030342d344442312d414243352d464342334134443834343345
"66778271"= 8cba10ef9961d8d372e00723e707b64f2240ef96064e35f1b11824214d5ea16315a8dc1cc50f01f4
3960f58eefe8baa5557ed0ffaeff6cf49a7f04d1d99d3f60d1ca40776e73efc26b1399ac3a866158
2
667176b41125b4f743cb88b300557b5114d910ba6cae10262729a030a0a3ef2ebca5a3c7f35e8566
3
6f5bbcb48ad7ed64102d788018d565d4ce3251bde5b37485e8ff28d65d54ec596dd4644bceba7e4c
8
a8e4c96d582d6aca8f110e4aa68f9c608ecff0dd3b1a0da64c629bfd49359444d6f90949279de8fb
f
5d92f56ddfeb036f0e8e4994c2ecfca898491d63ae0c972875c0a8dea6f0dcd5a61a0384d57a67a6
3
2260fe51c2e3547192ad11f898f3b6a5d9e255b5cc57a4a043755b1ebc8ad67b7aa34d3c5d18a92f
a
93dcfc8ced833538be0485d76b450965b1bbf42607f3c8f071923caa765ee3fdc010e32006360bda
c
424e3d1ba05f92327c9b212a7f5d158da04e4e3c37d11f0a9219984680a9ab634c3b3a5a1a3006af
2
ccf283d8da0feaf730cfe59932388e638f75673dd0ea0132334195f39f56a7b218ec1c1331303231
0
0e400
"aux1"= c_778251.nls
"wave2"= c_778251.nls
"mixer2"= c_778251.nls
"midi1"= c_778251.nls
"aux2"= c_778251.nls
"wave1"= c_778251.nls
"mixer1"= c_778251.nls
"midi2"= c_778251.nls
"66778301"= b092cb132d697d8fb619d8dc1b6c471d959d6222d7785275ee3002e5d9c4cb04c51ed64a8590b0d7
6fa0c5c86f369be1dfe81baf0b5313f984cc8dabe1a499ecce39ab613d06d22c586b3f22ac909149
c
fa65c7f60d622be9fe56f8d1652848b037c3282b396b3bc6ae36e23f55d5f577d77119c2426b042d
c
c306a7bba24bf31ebd79ea3c2c6f090d5057313c4ea079430f472756c921bb9c2759f6b3c7551fda
0
5d326c4590ecdeb35935f8ba65a8cd8b64720a15d3ad091368434b67e6f366bd73ed5a17ea69f88f
3
d16497b42dff6e407f1b5e21ce7e7c0bdcd1a8215a4cc0fcd1a3c394a91abb2bd37f0cd63e9e840c
c
4ae5bfb5ebb473c8c05c4cb01c15300a42f352a69a3ac5685732da4c6965a10f8417ffcd8deece1c
8
4870413bb6eeab027e8da37be7ae95a63c0e6d3df4766885f1e1f55abb2c8197677eed115f6d792e
2
d0006ad21745cd7dfd10aa8f660bcee8298ea686a4f4ef1319d075c7e3eb01c23e9d36e79468897d
a
3deb0dc67a1f457a4613e76d6fba9c415d7b2ca62101aeaa0b3b62969410cde884bd3b01ee9a8a55
9
234caf72cb6516e5c23fe3e4efd05bb24bfc1a59ae834b92166a8f948cd943cd0fea2361bb764b49
e
f0e99f72f6178f1c355b4000f4089146d383467421890e2f65755e96432545d83a76ec5c51969c5e
8
f2d57aca48a3a1d1020a032fad6dcf94ae58b4e865453f9aa80bc029020d578397da9bd200e149f4
5
24c8e2fe671c72f9f1cd6e116583e86ef3c22e709741d0602f08665ac88c1d96107d04cef2284683
a
3c6d1d767c52914b12e6f662e0603340b4c1627578ad14475d5de42f3e9a96d92247a9ac60738be1
6
3f661fe2cb8f35a0f5aa1c0b30e014c52e680c46219fe7f78b80ed0c10863457209fcb5d70f40ff4
6
48f0bc9d7167169b640e2513220428571ebd97ec9ba7ceaa6739f6a2c1a1d71932dd10fc6aa74dc9
0
043636572ab5c518c0709060e175fb62cc07b8d2540181fca84f5dc3b4c39d8bb341656d68cdfd65
c
fd4c7689573ff1f7868263a3f816ea3f62e4443479c3f81b55d2b841defba77c11c3304d288f090c
b
dfed34c0a467dcbfbe77419343aaab55d2bb4fd9557e122dd1729b5ee031fc32311550531ab78b1e
e
3397a9260c26fec5f4d2e925fbdb9525eead7178ca405319e2d64a5c07cd5fe02e905b7e4cae37ae
d
0be3bf54fc39f60d662dcf745dbad53bd11c89c704c455df48649d6fa07317dc1cb39219946b48b1
9
614988ddae1312495f89ebc82e83e181bc7dbb67278d171252d7f1a19667390b626362c8388c3141
e
8411faf4c7d6d21facbd0490b62c8f7e341c6d985e19f55993ecc08692bdb2fe58ffe1ef4ab51eab
4
a6913efb2027025da5d6acec65e6e2712a39a9e83266d2ba3370219096ce806811799899e615dfa8
3
1a6e2e2f35feb86f002f5d4271ad00c773d626b7c64566f95a3be68a09cde0344eb23b18c2082ad1
5
f99d99ab8b63bdf0318306df0b60a70962b4f7576c960bed087b9c39a0c4ec257d8af4a616de61e6
c
254d6e013bbd612d5b5b960f83a0f1d51f176beb13bb06e821879a3b68b4133e53282ee4ad35c997
9
f6fbb3d3a7d839dfa02d96cc4a50d42863cb3a53b3bb455565809c885ee2220f84d6979c1f61afcb
7
cce8bc707ea132135a318be5544e2ec4d0b58855a39191d21960938172ac5aae633db28dcff18465
2
2cc8b07c17a5069c87c74a41e268116e1991a24c2e6dd08f2541ba26a3df3e611d2d0269f3fc729a
a
035d8e6538f66b86e2d1842e3a75c7b1f841d51dcfec016b76795c9876e98a902c01917dfc720234
4
ba23e9e8fb3d9579c0259dcc022a8776b1dd5fb6206350d2a1dbf79da132de7bb387d9d8eff9bc76
0
09c7d3a965cd4786d834527a4793e158ef4dac969baa3424dd87195a88b97753114834be10a33aef
d
cb54e4f7f5489fcf6fc506fff88aa5b4ebefb124d939992f0a4916bf60ec6e5b1d949ce3c86c1dcc
6
6d5e8bc9e238863e280a7bdd9fb5577f0002e09c3d6f15844f585e9294e93d105c827db4ba632b86
4
755ff570fbf0d33489d23798c966a18ec639a16cd133167778ab4ed61b8f9fa91e9e6722f753ee40
9
f00da8def2c9f95ee9dfb20e8d301d521b224b2317dcc4be6f6c3d6ccc375619c3129fbc73d80f61
8
cb96d64a54b569b5529b53c537454008154f1f877590d00248a30aac79dbddc6ebe2ef1c524829d3
4
1faaad38f715317d4b0186480fdc3aee799a0be67b851920fc80afeb187e178c64d60332493a269b
f
09d25c9a45a33220662bc5e0a33a4dea0abe4e327a8c5240f2c647c0c587d4ab197a0581b7888fe5
a
aaf4146f7cc5140a038e334178579455949aa72f0210b2e5f13da73e172713912effc6e236371381
e
4b32dc680635c1aa18f83a28525e3183c0ce6f41746a25bfff10bcc97ab260b96e760eb9a8fe88e6
3
d0db79c84233bcddbcab903ba7cd27e63bb9594aff22486eb4352dfbc102cc43ee5d2ccf5c57e80f
6
5a49a14db2e5d47a4a79741eafef488105491dff0a4b4620c0f60c73bb738789318797482b92f07f
1
32f4360c7a7d38a77b4ea3de5b6219b50130a7e9b7d8db9981a21268dc4691a0a5c27035cb642309
7
124c28e0c13112d4348681821b258a4b0b7f014ad3ff82732a478e99ef31fe2b58dadcebf7f4bb10
0
3de1e554d31e6f8f67b7eee68c09b238a43f4666c55fc8df761f4e6f4c2890bc1c69cd6c649a74b7
6
3e49f6bb51e31ad99ec39651a507802c9664d5a1bdbf8b18e7183eb5be387aee70d3eebd04ca065d
0
3fe8b35e62340b928e6f371ee4ad004d9eecd7175b37399dceaa3351b15a3cf16c49f99751fffed0
9
cb5f160e72b24c5cc567341acc3da04bec4459201dd4c8d57a60abb133c1a47b074076c1ab4e81a1
7
0754c0d12594b728ef834031fd9e8acd229b767cab90a7a5c76b75311e4c0e77155b649c7680a0fc
7
6ee2aa229a334a357b57c3f04775be90fbe16592fce5c96249a14cbb4f63b4dc003b28abb5691339
e
77965413f96b13b309d73a6995acaa574f4bcec74bd8a0b9a6cf5688ee5510e2a6144ed9f7cf2eaf
2
988247942f13c7cd53b6c538c0d5c6d6f9b43667844f91445f15eb18bb6310e7e00e1cae42cf237c
4
6653e43f4c3754c8aafac20d3b3dff09e8378898736d4ccd06b0b96a50681795904561f076b5346b
1
b416612a62098ba49676fc1ca04a9f92f20e5491bc8bfdab83fd02a8dbaab4bee88f481e782cde1d
4
d9cdb40af394ad37fdb3a1c6269ad6f46d5cf8dd87694aacf4f29b07c1ea0313543b118c3daf8c42
6
dbc85c24818af08c89c75c5bbd68f97c1376484cf7c144fc3731d9dd1c1d160495dfe42ad467f06f
c
10a89289778b593109ec70a0543e855cecc5e7d3053b018b73586894974feb66641593b5517bfac4
3
df31a829ca902d571263c9c04648483cf370db5e93d7c06f09592ae4ac1a82f675d6203cc77c84d9
1
4662f50c9fcb0911cac730bf93dbc235caaaf3e00ee56450f2ceda7a1ed8b3154f9f25be1aedb375
0
165c05785d9d613fe22270ec8a86862b5727eb2e462cc05743d92d0ce649e626d4030604a8e17e69
f
a7eb5cbd22d6ea879d95dfdb3efa4e9bf5547057514b08cddf75b77f5448f6aa1c1934e86cb1c567
3
df0301e3ef4ae12f244d436c6c2bdf8f7d06ce53cfcde9fbef1bec9596a337899b66d862aab683e7
c
db585b2689c0275fb844f22e0971e2197ac27949367a59feef13ba285bdf073328b9c3ea01feae94
e
e73c28412e4b56971095cb7406b2becfd5a965307c8f74c13eddea1d2ed0f54816a26b6390289da3
4
93cb68a299e69b93939f18d4bc1af561b63ee4e83267e9c0d9ff547c0031e6a3e8379e7060748a10
9
f325825e0419629e77a10a3f92cddb1588ac65d4000e5285e968f705787ce383993fb9287228776e
4
b385b25317810162ff463af71a68f1c2355b7a66692666a035ef3921a61444df236a324330d1621f
6
c5cbbe3b16adb51583935dc1a5e8113cadb0ea0c4bdc9fa506f35d387b0aca02a8ad1d17a5d78fb9
a
c3b8ae00824eb88387d66cbbd9465e0fa35aa3e6bcfbf49b85c772d8c87b6048027026156413bc88
d
32dfc7794452fefb016a5712dfb66efe62bffb0474814771ddccea09e483cac57b11868a3b04d148
8
8953ea5dd6c5de8e08e105b128c4a5909f963d27558a7c446f4ca064ebccd317946cf90fec1af90a
9
a081503530f3fe95f731ecfb3384c0c29a4b9369aec05c4644f6323c9765711488b0abed834d5ee9
e
91478afb28b782c2b8c1c8c7a67af58e462cb75bd74371d65c95e4bec6126694e2daecb318f08137
2
ddb18e419f0d2769c7d35516b21c15515d49dd3fbd1e45174bd3bf8bb237dc83c74b9e42e9e8e71a
4
ca957dfdd52dee6b1fa19bb2dbd8a86228a08dcc657834af7d08d25f2d552a3db16e51bf341ae443
4
6eef47f9a393fa8a5461051eea814d703ee92b82f99b0acf635ca70051244ff66a53eb046fe77121
8
83779e3eb10a4da9867b8ca158fa1a1d3692053171e770c0dfe5a7c43130cd8553a4dc203a5e202a
1
a78a25ce5aba99c5928ee9fde8c703b134eb76aa1d7e76242733291df30afd1357d7fcdf824804af
3
ef4dd98eaccc40405499a31b0d7e45410b6f95feac2aa1282909f2fd8a5dd886474153f7b72780e6
e
b179a453d0b8b5d1032be888cec7c343f5c6be681c251b20481359ea521cbb670ca6183493e6aafe
1
835c03a1e515413f575c98b32823274184e4f12c785312d17cb8be0bd7ce002f29cdfdc6bcd2beb4
9
d653bb4af56125b75d0b0adb4599b67df09dfc3175d6c3d818e0635cc499dbcd0b7d1618d75c2519
3
4c9cff9795beb434c1632edf1ea62bb52926f635fcefda2356ae27de97ccfe7db602af98b32067e8
b
65df5085dc5df701f5391bf8fa7117eecf441a1b48bf477a44cf4e8d0a5165df806d5dac95b850e6
a
de15c259fbc9da1345315842767ab787f0b868f35753a24c27bc181d5cd1480e01ccb57d33b3369a
c
674a29b95180998c01286b7fccb55f623fabac00d09d43915852b79472301344779a443fe46b07fa
1
b8bdc3a608704f564e00f1f609ac08763615033f88d335bda5a57c5ed76f5fa4f7b2539703997314
3
69352a89ad88fefcb37fdce309cfde1460f0ffd2361c54537590144b9747621f67f0199561ad8d05
4
a6ba32cd947525b9ea08cc04beeea7f9b2004c6cea31fd6b58c469e6483ca3cfb7874017f8bbaa92
f
a74e214a307ac8177f14746ce045cb0716388e988ac940e24afa0dae8cc0f8cac3e5a948a86ea1d6
2
66e49ee8ee28be5056f9c93ab726635196474054f8ac8df5ba00f83b8db5423ab797314af355cfcf
2
6fa41200af115897ffc89c933204b45d331bb701086bf3f60216861bff43298bd1be9992f8794f82
2
fc04c4c4e3f14f0a6b47add52d9e7993da7af69fa8dd5a8f88d252b8b4e79d51001819de5144eb4e
4
573add7dd26567c1cb9bb1032d97f129085a652df4858cf102a3f15fe9f8f6242cd83112ae7464a5
a
ab5d3331c36377f17db7e6d93cee151e68e21e7db75b90a2e1685eee956f986644d65671ebd6edf1
3
f1792341d3d3af2692bdf54d9c225d5cf420eafe2ac3af7fb8d8ff43af7e40e0d749f5e161c04ff5
5
b484a23b2a55de088056b2df88b37cfc9f416fc6b8588c509d4ca2aa7ab29cd2b0b24b5673d12816
1
372ff3d6c865cda41c5c897ea8b544801d9b6c1ee5dc3ba5e0be36265ea829130ac8eef875ac6ffb
d
5d85f77d578e4f0a641dbbb13b9b80121e8e8fa0339ac54331d613b8ca7e56ac4a8d95146f4389cc
1
6d12da552c0c84213e6710204cc7958eefd7a4b8c73caa768b014c6c4b4c40c8c287a2c7ae263696
6
51d386764d9d28b0cb037b10b37eab79f7d14b2d455cbbaac49163ebd95a34d03e523fd097bb7bcd
1
ed59670929f5edfa126938909a5daf230bfdb3cbcd8e332deacc508ac3bc39d73f1d541f790961d7
1
01a298d72a7cdf2e8fe8e4ae300a42d6f4dd395c410ff9a2ad1e08b11a1fa73a7c3f9c55aead6476
5
701d2b986b6d70f95020c781ac891eb8ec299b1d9b5f146e0659cdbc479827e46667af1f5aa45b0a
1
101b8bbe1dcaf0f465b88617174d452da367ee67383a1ed94e50eca8f51ab48799e133176ac69647
0
27158795b280d7dc76bcb837231b14e95b65eebf4e69a489c258eac9fd866f86a0c0efb79d9706ce
0
ceeff7fb81cc30da89fd2494d699005ddbaca3bb72ffac6722b9e6a8f0a1179647a26a9a8386c410
3
2ce765c0f33f7e18e8ed20acaaea7bc9338017aaed9fc060f8570e9eb7ef2457cbc622c0623bbea6
c
99440383d0a21bc4ddbecdb8f54795c1b1ae89f69ab5cff98444f47289072aab76215446f3a95c4c
5
32f1d54675f8366cdb08702fd2ab7f5a156b008c1c134fbdaa8f2f96e61a9155b7bff895b4b02d11
3
ef87a3c5ddd6a6dac33d97381ae6f20a107909d37ea149769762f56d8595b9a6cfa1626a577b6f7e
6
fe58f7441737b5d2a6a58df71350cc17e7ddcbf521be663858b549ace9486e9e659888228a13f87f
7
ab13c4c0db73596e5e73fd719a1d56f0d7ef4468f97043c4df82cd8343762e8426abacc1d7a4a55c
a
71b9af1dae6d655b89e00e6f52ea59c1e2e9d95658ede067712eb321ff19a795c1335b555d33f33e
7
d8b6076f4cd0c618245c8ee888b0095781ea0717d3ba880bcbe0c75a450fa12dcf56ea26c81db98d
7
aab1d97abcb7f67b069fecd7909ab0bbc71dc282cf51cc2b3361ba0f188985b7dc777fcde333d0e5
a
3fbe6a69dfd2a80a02ce45a52e87d6259014325af5b3be1da31873ea92b60e9de4c02103df84c11b
0
745dbba2f532296d91c92e2ea0dad16a11380017914b59c220a422a4b8723b49f67909146bcb40fb
1
ba4b261378beb9248b99f996990d6958b9a4621d4647cd560e3a7421ccd6c6dde7fa834f8f005de7
e
36a80b79d131214a9104483b9026686c096a2097d2029672b28fe9be6902fea9c7d598166fe2e1b0
4
a3c4d37533008fc37304620fba7e5d74ca14321f27b45751d6c38dcd6cc88a91ac58c8da78d576df
5
7da1c889e27dcb55c98915013da86516f8c82353739b05d761c479269616020358d6a6299d70afdb
2
22923aa917019dad44f4b2f3b3b10ad41fac79fc842ca74a1188111f1e2cd3df7c2a8b154f677940
8
38cd05a54f3fa67c37baa534fede73a64ecb0e5aed534dd4455d99a03bdfdf97b5987af64d371199
b
270608722b53ef2d8fbf9a7fccd25f478f235df1d33a3542bbfb324024cf8a1e5d24fa7d590e9bbe
5
e8796df44b13f60dcdbd71328eee0d7dfedcb38cf941aaca33e11446841700b617f4713fad1287b5
a
9af5e6aa1c708b335ab322a3f4695f6129bb35c9399968fca5adf2ca63e3f474ec36c26d3b2f62f1
0
3a5601098627a82b0966037ef0becda69d0ffdd3721e8e2c05968caf2e4a2616c43247d481a52611
3
b82357de38debca106c18f866d9471080f7564ab242bd690e3853192ca7cdcf802269dbad3e22744
4
b56a0f872c1b68fa49f1feddf14f2108a84a10e6b008cedee224d9ee6b3b156d9f53985f53c8d845
e
09aaa075aea527e0989f3d2e90f2040fa7ace53ab44959aac9f77936dfc4e293656ecaf184065597
2
f920bab3721a03bf356d888a828fe88415818451004985cfa941b8fd3ab2c8940b8d1b76c5f9a9b4
a
0decf36ec3872e0814f234cbd73cb5cf58028acf6e519652ecbe1551c54c2794c03c29ceb8fa4c1b
1
9346ca1ae4dcbf546ae7461598018dacec6aed51538cd367837d7c09abc9e8aa5aec3fea7c17f354
7
b12ad25bb44c04a9e4780400ad177220404ec78bedf62d96b50abe8af9b3fba93315520586f5dff2
2
df24c54915393ff05c84a6a9e5baec726c8dc9fc345f2692765ba3845abdf1207504cfffd096516b
6
1545930beeb57af7a5c81791f8dbfe1c7931d3a4ff04d5b13f709bd7e7add6c07b93137468f90193
4
59d71baa8a97ef17d8a07a193206deda0064141ff1e4889cb671682f22fb69a2ed454371fbc0971e
9
e4411c23d2703abeaeae7506423c6db584330bb94ee2b09f8cc285409e3791ef8c65f581ae38cd72
b
6fa515c3a418b1a48d48daa17d6f4eb3b822d13f4c8772fc9a86b24600eecf395cbe1451810ad8ae
f
dd13ecfccae32b6f7201eb9523fcd65e1f077f398e7a86263af84d2fae5d400bea8ca8fc78c8351b
0
98ad60a934902babd8a549280f9a5eda1893020134b9fe1985264e9100544e6edd46dea81b266d77
b
34cc29104461ba581063ddbad8b3726106927125359248b1add9086526696e2ef2b2c374d1c833f0
1
c760b5e91ec1c79286f0f6987999eacbdfc3549cb3858f042ae5674b9a041c2f2c4f7fe62b8ec8d6
9
134346dbfb0830723b078360d1561017446603e36071b29886e5cf3f003cad18cfa558481ff47567
0
00dccc3f2960640883ef96d1dab8f6a5c4fd6d90fd02cea84a6a5900ccda639bbd531c45a17e68df
8
04ede416382e043bac440509863b8448d8c4dea193a2dc390a490bcf4b130fb982a5b997eddc2ce2
2
7d5565a1912c86d850f43900979868422873670c91701aef0899ddc3d6d2e8002751951162d2d98c
d
7985c97198e12522eb52d7d03f0a637f4e47022d0a06386e11df3a18357336b6e5dc9ccf0c445119
b
f586486d5d5fc6cdc4a7271ccf87a75094f2c92c3dbf937d9659eff9af0f794aae962bd69b0430e7
d
3e870715aa765891ee91bce419195fd882f85d1753887bdb7950537fbbffcb0f8012ec2c56ebc3ee
4
24878ea57bb2f5e16fbc24d00b88892def178771dffb36ac6182dd0515732811d0a5c645cb2b6389
5
00a3c3913b2e65399a8f979884912bfb9f7ecf85c7780879ce53fe558cc031f933cb5189b4166ba4
f
20c283954810716e32deb5e081f097d6954535a7a826e304035fb350a498952cda6a94d0476134e1
1
96026d71f8e0889e5c246a0a761c305f1f67b920c300feb1388b0c8edbfba23231fef4e1b48febac
4
e76a47eba135e1f89083e08d73c590fe59e5d7fdfa6e6baac177c9c568f52e2d7b3cc9736d9a418a
8
84bc7f5f39d6a8f181e23abf05e8a2f43f4be5e06166f5a3020ebc72fc03547b0cecf2d0450e5702
6
1fc39f9c89a3f7285a6c95a2bbb975249dbce315d5fabcf66d75a2dbb68210a467e4355f1953b39e
a
a4e611659ee7f6677bf79478c0b3e6a53523aee186b846a214ec0f3e991302803ffb496dad02082c
5
1f1587533406872c0d027dbc2f0b693cbc103ddc4887974077e2591d4356221c6487547f2d7ff24a
f
922ec10163d3c495216393f257f7847fda0a51651e9aeb5936fe686174aaeb091634b06366b52ef8
a
c833c2c9664ef6a0bbae14d91aaac81a62463bdc744a0346572dbc148d66040c7ae572ae53c684e3
8
164275aee93682c31345e090438a15da8247302799f44e10d32b693c53a96981cb7d7fcc70a2c325
f
ca12a26ac15e7fe9b0901cb2293f1de5b4b18f0816c0344565909ee2b5f1f01d9d7411349d5da00a
5
6500f4c26e5489f9f0057d6e2e5b654400948cfd42235d3dd147b4d1da76fb207d63dd6dbfc7b93a
5
2ad439b3b35b01006274be5f982174f909e164302e1eafb3010b042793c6ce2b404ef0495d0b0729
0
ceb082a97b1de15c2f2d5a8bde5fe25e4fd5a02e83b1d50b5990a83a724ae601f67e5c2a9408116b
c
f63d3e0caca709a067e6ef11931e03a3ab8741da0aa4599a38865ab353adee9c752a50c3babf46fc
a
03eaaef3bec10726d0546fa3cd578ab824542206cbdb688efe537aa2d8a5ff19e74f0285451c0fc8
c
c4dacf718735244f61405c4d3f175d79282c3dd21441d3e11e4e70cddc85974fd11c4c798972714c
1
eaef516d6b86c338d38d9ebf36b994afa386467cd303f7f42d79a097f035372553c66e13a06a4128
e
e1a075d6ddac7c7bff90b3bd55bca3cfaadc06e36aa6052df3166b3129e39f22e87e4c6b0f85c861
3
42885f58b0c871d71c752ece64c3801510493bf8b8ae83e85813e1fdcef0a15d80e380dd0bb32984
7
2f6f40497ffa330881e3fedacfde55dc24af41cf38724c04f0d805374e2f158e737fbc68926778f1
9
ee62e248e01348243505cdb5d210479fc0705fff24992c291bbc72aab30150a683e601ce5e1a0f26
e
d2941d3634b392975c67b2029763b79079022e2b5e723a35a0931e2f1262baa038311801896ba016
8
fdd0393435d6d49a2ea66db9627f3f9d2420db0ac549242b542308918b3e787d3ca966a30334fd55
2
ce84caa57ed20e1d3258bfd0d418728824062e48b53a189af46f58ad644a05196d5bbd227d74a974
f
25f3f11efb148f57343fdad55aee22f53950b8ae5a39b5b2c31b53804ff19af5b3732e36008b3fd9
c
86477f7a0c713c6ca62fd9758ed846a073b84f55b80341a46de2ea21c7c562e2ea75308bb7c440b8
6
788f1fad9a7e1d63bd4e8a088e797736d8daca188f83c5d9dbeca9036defd63f79f88c93b0518a40
7
2b618b84c2bc6eb9b15fdf2590490b138abf093873dcd9e0c654bc7e5b0f778bcefc3164a2d63466
8
3993b676b923899c0860788a35e5a657299063cff04f754d6edbb13c03a13290f0a18ea906cca22e
4
efe95685ed9dbfb32ece47fcdbb0aac9dd2ab216ae9aa5a1dc18abe71b6a7e3685dca792b0766aa0
4
b466d6add69b9b9744ac2ad0d95d1964c86c99071328fa9df98f6b1699c3ad363c129ea23fb636fd
2
20ac17b01d94566b2c8a979dfe9a6a0d208c5ec66d4698cf9069a5894ae06c547e48e959b6e8a383
d
c011feae4ad79f55896b1c51238aaafd3bbf816eb696dba506c86ef8f00d749f4c1772f9145e7f3b
4
671a7f6d3c8c2b2e252f13b8f512feff8c85ff0b423630cdb8d54c18d3a461fa1159e707045282bf
5
bacf48eb24cf82e1f0126e7a1f21c6ee63612955f28eb1c9cae5ddd3792ecbfcb983c231c32c4c54
0
04a1388a508ff803ed3b62ba4f0d3f4a74b3edc4da1bf181576e2ad74594ba185b874591b9219c66
1
b1e6766c023e1a8accbc0ccb938989fe62c55f7ef23e56be17949bc55758dd2c8577a936e174d51e
9
0f6b0349af151e651134cab302796661718633b076b40824c2fd5d73eb7846df08941e2ef4713f04
6
dba350576972178d1123c9b848e736be3205c286b84838827b35874e4d1c8836a67111379aa1e7f9
d
e84ec76eb31d1142885a522945c5dc03969399d3a5ad7d7b93aceb9b77eeb42f3d1abfc6553efa87
2
ff51f85ed2a6ede26ca9668e6f678ba443f65c8261e6082791189664fa4b188ae00ec9014798c83c
a
a882ae601df90157f70c63551fdb5cc69f14c2ee99cb7fe9f4ef186ea84113208e7158d4ff2bff66
3
5f7a50004947ebfe78bf743ebe44f8b00f833e313570542b4952f78676d6c8655e6e3218eee96d40
3
acaadfacfe9ad574a521901093a4c8626861a84e0d84017b934335db74ce34741e6fc515642ffb95
f
e7e55214a71f4815b48e5e08877cb96e10f6fbe4f66361ad9884af37904b20c11540c4e208cd3d90
4
63179b73190f6141842c5f112af737d11602be2f03525711c2eed219963fd4a8e817f340af81ed3f
e
fa353c77ebcc21cd14bda397c8ed580e8948ef5e20bf21f979f3bd3cf4194125421704d652fe32a3
c
b0d672de297ef3732c60197a209bbc240aee697ca3aee280c1a764a937d76a7116b59dddac7693e2
c
70d2a4d72e1a7b68c6db31f78b8ca82213bd1a006e95d18e2395acf496ddcb272375b394e3b64580
8
d96b3b11f8efa5940d8b43bfe8f6c547cc78c79c9d5421e257529a3b48116197a498da2f0636caae
0
c9807ff28d694cafa2f5919d181186f648ae982d2a94b87379e942156de70cc1687398921ad98fb9
0
c63246e688913c09025771b5ec1ddcf7b984c833f83da9cb1cf5b03e9bf196b0e6eef86d84cd5be6
e
7da44581bec218a7e3a64f469c3288580d6817dc6b9dada5b50803045e52d4f65fa385d370d64006
a
5b65d80c27d36c8e889d270759ea27b09018e87193583449ba41207b217cf702bdcd1866aa2aac3b
b
25cfec2cff66ebd98764076c96f1dfd180acd4f563c2c4da26ee5d56dbcbd3f69ba24eb9e8a88879
4
5c091029f0d75d511d848a270ad3403ee2d20df54a61ac84c99a71c6dbe648bf545124f685b08322
7
61b5bd99e146bc8640c991d1d9e97800168959f47b7d4569556bf14eb42725130b61509f64fd221c
3
5cd41dc4a7f405be809fec430d38988d56afb642df963b6bc647568f769f2d1c40e9865dce75037c
5
9695a7caef2f745e5519c25dbee1ada2a6988a0655175ef5ff2ad186ff58fc915fcc56574ad13efe
e
ed01bfc64dc4d4794e4453a078351815c6276dc371394fe6137f4b9a7d79fc62779b9ecf8f0335c3
5
eda3fca713be487ac488f3789b4106fe976a9a49017bfd64811383ae388fd90133aaee9c3120f0e8
7
027ae006e03d2b452e26fbce69ae2cc382a58c9297885ebd6a5a894865c10d3c62b295a3038a1eba
c
4a6014317abaa4dace066632e53dba17409e973018b761347cb2c933fea2e132c6d2fe7351c9ac23
5
06c260a2909476aab8379ba858c7ede66ba0917937cdaa714f446ca0ff8394aadb7429a7353cc173
9
e7bec14e8c22ffeea5f7ae3906d628a9fe1576450e18850b58344eb1d7bd24455bd368ae7e15be45
9
50f971d6414b6ebb042712bebbb81a201991ef8c4482569248e7b5781f4d08fd46e0c767cee64d6d
9
2b918912fec268378ea1b55714f9a62193c51d7045d003e3985ad6ed9fc4ceaa60b6ea603fc1cb02
1
a9337cd03157e0e51edbedeb1ecae42ee339e9230362c8f6ed882391ddaf5a2ec3629accbd3ba1fd
e
d27dc993816cc764a50180f88b249159a85745fc39040914599775fb2841f682571e72d08163831d
6
70c864efbc1a4395d77134a82dd35ac01fd97315ff0e073ea8deb303bf073723bd8b02c75d17d5a6
0
3e4c85699a901d32d3d2e80d87a7883d4f4147559ba4ac24867a03eb8f4a745fbf08c2838364f144
4
e2d4edb76f689ac77d72d2d7bac3f71deabd3d82aa08319f5d328b83eb4c29c9aa1cb5f03a894688
6
863c9da58c58eb59066ea79c9f160328f29a14e5f36cc3bcb2caad13bce1d5b1132450b28045bbe0
f
cde291e433fb22a224978cc5aff97ed1436fd9d3804b10107bc38ae4e63306f1076ee3580ae43988
f
018cbdfefe7c2c1bba040f7a2aad4afe4c504f1f5a736934af94643faecc2de8bcefd544861c0fce
3
4578e44eafe02a82f8aff2b32216e9d0c5a68df928597a9a5ec2d848aa013f73d276012b8996d21a
5
09f807b4bbf80d2ac5ac543eddf2e91b230e8f45befe723499fe1f0836879e9e6e2a5113c887122e
5
9bd69ce55bcbcb8b836b75c27924cca7f6d8b4faf6eae4ea2cadb0be55ebd60a89bc35cfdc9420e7
2
e935fe93185f54b0ec47fb16c78f632bbbe231c4b3cbc57ae31b7dea8192041bd9ea8115362ea95d
d
9b325cb50ddda5c469fcabe298e794b50dece4e3bc6b6983c5ee9c2206c71f35f663cd78e6afc9f8
2
2fabc6f5bd752e95e0c62603773a33e8b29b69209fb2ce7adac9bcf312058fa8c800b3b4fe72081a
5
b3a093b368779db065d556b04855e89ddd7b41a2d1c90d2511a8380aaf92bf90c57a5ba218d1cc58
a
1c16f0c2eb4858485205f5e6fa996739b0ee3ceb7b2e21fda3a001387d97091b699dc59e5f8dcaf5
9
1e60405fb856956ff7a5911adcd02235627b920e58891a816ea07d3cf345a0ee1db9366b6747af6a
d
cdab5cceba8f73700a5a1cefc0f8dfcf5562a85f82901e08d49eb614f818476fd3b17285dfaa3bb7
e
76697928a686da50751708928568a2e96bf53eb00c7e5d652115f67c33f6db59b4d4e3e05ebbce12
3
739f3911fc6bf1c4515df5d2065ca2674cfba69186f3d7dbc4267afd4b0a189ef9f3585212083c25
4
61a0f978633ac43950c85799886ed85ee57b0562feef5c1675cb731ee42254545fdac12dc7bbf916
a
d712d6edcc0c061cdaafb599c2f62a96b430124dc555b2acb6422a55d6ec57dd5e9d62b994c8a9bc
4
54f169ddf6d8fd98edd8e6b5ec1554f8c2ab9538fded1c64704c8d513ba6ffd25c9eee47b4a28d39
3
1a245c95871b2a46ff47684875ec4a80e3d78c82d14b7867adf2f969b96b8df8ad87ee58870cd851
3
13df7eb268c61489b6f567efbc540bc1006a7171f8ef58b165c4929b27efe58d9efabb8c3a1432ea
1
5a92487a55909420e9a10bdcbbab44cfd7e10bb8f07217d67e604c776faa7e6a41ee9bb04b204958
e
5ed3ef806e3e216489e963a282006655bffbb60bb3a86f25d8e41eda7e6cd709373dc008c398d78d
b
d2b661d38db9529a899825dc754b21ee4e846a678bd998824c1a6499ee3215b85fc50eeb6994716e
1
1883bba04da09a6a80d13aa984b8a02ecd625f2ce2e01526d42d2900551e3ed011410c2c1b28a676
4
8a978934bb1a6501e5f83a28ae59dbc2f0a3c73b007c227277a4c222f0560da5770a5fc7a840ae62
3
1cf6f988b949ba02c7689790e5496490b867b914b9ed51f486888ceb70617658e1790be2ffb5e322
f
ae56afed42e390a01ebd3ac7ee5635bc186096b4f86291e945f94f777c1193b1d6adc8e43850c73a
9
e936b62e009427fb293dca75d117a102915df3f32f729791b2403f88d713773d34e0aa1b48f01e89
c
540d8139d1bcba15aa64dde21afbadf5c310a1b081ac73c3d5e5299f47de23cc801b31a5a420ad47
a
78beffb40ab23e91881b2316d3f42efa2d38dae09636dc4df6744d6e9de5fc19ad86c3fc02827d82
7
4f80aff92506b8f38c2ceeb20d4e5ed70455d3111c50e6eea814bd57faa440fcfd2c4f1c4be31bde
8
a3dae1ccd9d9ae0966dfca2dd6522cf73784d40025a84f519b5a6c23a100b71f719ba49c0f9465c6
5
07428c4b9cec5c950ecde08e5e024ddb2bade31f38796f63f8b800cffd1edf7d14b1338d299bbb9e
3
ce9cb6fecf31b6df5c95d1479ff6afb5a0ce0a722bc08db39617eac609fcf67c61b5b6954c86f6b5
9
f6e0d99cd77e53b1c243fd798c37b1ee1560ff07910ca0fd4c47f0a7842b6f1b426d4492728c8247
7
7a0195652829046bd498bcab2d57fc3e3941a93f742d88c33f988da7907c1814250ebd4f682f7794
1
6b0413c9f4ea9b26e3f7a7cacea6f1df250a1547a27ed6a5ad25096b8ceb61c04085a49db7c0946b
d
07b23983b90df258b072cba6099769ec3a3d3f9767a86fa28b2315696459ab39f10753885f2fa8a3
5
9290367ed52aa4bebb51dd58b56b1971c14f49532591ff47fc0922076f5877db3ed51367ad51bc24
8
8f8047b951b3252fbd475af0f01cd541eba97f7fb8479d245b797735984d07bb5bcb41471b37cd69
8
a8668ea192ca52b0f570bda03e3b52b04860f289fe98114b4fab842a55fb3eee1c41e0b57642fc93
d
da351ebb9f249ccbb1a684437782cd65c414b0b7063004abd7a48c25eb2f4b0c952adc906fd7d54c
b
32846c26c19307ccfee97ac14bfcead3a5ec66e2f6a1e2e2ddaac57ae9e4f9f42f4bc25d3ad292aa
9
d1f75b17618c737e2917b25aacbedca9122b28385c7e85df77bb2dec6ba469ae7145686b21e3e50a
4
c438d8b57ac3d9b98824870f2381b83c1b9e29470bb8629af451ec5381aabd442ed7ebac69c5d0d6
f
603fbb94ca6c981cfc4feadc0e63f82d57e86d3b55188e3a41be898c0d7348da6dd4ea4749fb949e
c
3e63f6ca52c0ab045c8763c7b3698e89b6922403aab242a069fd3acc41150b49a223095e166fcf95
0
9516cc550b9a32e579dd58f467e52306f868ddbfe1998eb38ded06d050d289cd8009aebb65c94849
a
a55f52d35bfd3016af6c1577d4ab8a1c38ed9068ef0521d74f55c6d434e050a9de4a3f88925f3775
1
11c8cba1f2321e04dd3b971496411fcf4307d25af6020ac0ce5af87e4789b22c8b2f965f279186aa
6
9421d6718bbab95c5fbb1636e6f90a944f8870fc1aa5fbf504c964d20a34252fb54b5dab7f3674aa
3
59f561ac59a8a74a391bd6300ef2246f366ea67633ca2a8bb25261a3e40a50733eb12aa24681d202
e
c64520bda8f2c30a346ce9dfe3f38cc893a3b5b310e74d8e0fdbc1040f126f4d288c7f0b9880822b
1
398809e3dcf8d75be6a7a394eb179ad4db3d27f2a1576557b718abad0fe33e7d50b7c34b1accd866
c
7fbe312f2c652900dcd3261ebb243ef92542f4f4ef4a2b3f48622322a5ae05f301014153a150383c
5
866468974eba6398fa7a38b3853d9afa0216eecc522dc9dfd533f97e70c05d168f6491ef5a8f77be
a
8221ce7c436f57c8f5c65291cca41a8a8aba3defa424fc5eaa85cc4e1a805cd45f5d36a08a9f8a51
9
7624dd2ec7a97cf325cffe04301e8fe2c8c1d2fab6e7f438d0bbd103a095123753321c8b3e0220bb
8
91a2015a30d3e3ad92f051bcbab415c6df1a81da071899ced4dc4ab5ad7ace57d47953cc0f395845
f
3cde8afd4438decfa741c78fa87cb250be6a4a537d44445a67ea858f592728c554d446a0c907ab40
e
025a4b527ebc8bae15e999e49f13fffb4ceb00fa5076f89a9f05109886764e27bb868514434a5cba
e
37f91ac7d7758876b0e309300da6bfe8f6e17fde0f76b1fb632aa4d673f70c90fd6aa0db7f66a7ba
7
8a324ab008c9f1351494ada25644521752f885196f2aa87cb5c4e73bdde6390310d78e7cb91cf157
2
f5282229799313802fd4c8fb1d3667f53098d0a2b7420fbdf175085d27898116ced75193f74a80fd
1
cba11d5e2a506bdc7a8a0478e90826dabc6cd2137c989ff894fb2edc6b8d9b0cd370bc790a0656e5
5
243d209a8b1
"66778281"= 8f76b6d390f9e05f8db4308f96b7e35fc9dab17804e10ac3447d8a1572ec40d3fb2b2d1efac7be45
b1f89c6a6442f855641299b6b7f3d2951a3fe9e83ed9948779927d20124899ef7623a3c7882f10cc
3
dc48324107307ae757da76b57ae4c4c76b162092a22aa46c1a444df6ad435560a764510aecfa4bbd
1
f9be6feffe99c7524cb8f63d341226abc802285a84d0c6145b438ca85c85808d5223b53fedba4c67
a
d38e47b3f0a1487f381b5c297418bc578f06990db637e6eb75fe29fa8b2d01b309cf013d2f8d6932
f
5b5cc2d8fc8cb32eef2201d625689d0ab697d43e3a09d6f3af737d53536d9dc06a6427c9f42cd315
e
9adcd7f4c88e75456f528026c1c414af066801e8afd2bc7e2cdc5e4d53ff470e8b8b01800a4dc387
9
197c52ded2a2f10785c7f75789e1af8b463c31f3349c9323cba5f612065cdfcb205bc891c14624e6
9
38ae5ee8c7fbd3de7177cb35c8f5e3335af3fbf18b925aadff0172e49219f41ba69f311ece45be5e
9
b5733d05b9ca5b6aa913201fca37dcc7004961644f3a91cacdf004a538b211f9a286aa224b93edc8
2
dfdd3c9165209ef0de4c780c9aa573698557b6e3629ca655de4cc9082ccf86a7704c26fb20751e62
9
789c023f82d279346ff771a05157ba8bb851bdb67c66cc07e6b4bb2e69e122179eb2ef4f23ffff71
8
f91f2eb418cc9c9b0210cd45b294d7732bb7302faec9309a5c5bb5f2df8b580caa90300c7800171f
6
9d530356e48389c0751ad74fd3ac4556914db1f8f2165591b07c772fcc7a1406fd1053749ee7becb
9
e5b68851a5fe8ec1dcafda83f8c8ec7e87d36aea883d876e0bf2af7ceaf5144f1ba5c4c528ef28bb
3
7fa2c6915292c1a890c9c22b4d6d2d076135fbaafeb99d62d1f3a3a155e47e47f98e2e7e7a206832
c
e558ab9aadb3c29547710b46a4b8f58c60381ef2a6bcfe91d4419b02fe1e6e4afa9d6743821364b5
b
7773c5f3f9ed7d1ea0bb04eda201c302a63b9c8958f62d6d818bf38f6cc7aeea5af6e51db55a00bd
3
802e30900e5f7f8ecd8965aff8d7dd29e7314d06ccfd154df7654868877b007e6eb4cdf2f3183aba
3
210be8505726b87f637fcd2077e5fa11b65fd6619c632712e29de9021bef07bcdc63b636b04e5c0e
e
5abf4671b01bb2c25552f91e54a16ae5e2fc18da1b0af24f1884b5aeab441ca5a56672ddc8e1c7fa
a
dcdfe68aed172897b0130bcef0b729f0904dd8247385e099c1a4a4909d36c08f192590456321a574
c
e997a6209733cc34ac7df4474b3cf2512754f8e1606f5f38c7a21a27d4374c09e90bac70f9a0f898
4
a5016e0ff3bae39d69d300796055e00518028b3e67fc84d7b747cc239c111ec832669bb2d8815225
e
a7151840d55db4c30120df3bad03e4e3b3fdc1b27ed74fed8e6b4e6ae3c7a107dbd303b1b72190f5
4
9c4a8f64bc98620e99e2a2c00a24a9ae70829421231c2b8e0350cc56e96689c305521ac28778834f
1
7d73b5d9c7de6a9041f493581fda77d4e78cf16e6f6cf4fbff66ce518c9d90a2ecdcecd45b93f1a5
d
ed36e7a89c47504414c9d5027060656ab2ef30c789971cbc87f30d44eec9f2958cd2bea36fcf18b9
f
1fb751f4b1af58e96e78d6b45fd552543a2b3751cd74dbc57d1b7d9484535cdd0860b15f7759780d
f
f9c82548b8db8e306583e323373b5fd4f6f86e317468d2a77793e8765ccb09e9d55ebea8cd3a2bfc
7
47dd5d93398cf23c3981185b8233dac273ead842069a595002e3009f6c59f05297c6bdb6d67a71e1
b
c2a152a9db0a942abe57206b742678b74c8d10f6954943a202ce224294716fb69dbf3aeafbb8d21d
1
b156b0c6588de1eb8ac02c83d3aea6a837dada1a6e0402b17426c7781ec6c6aa48eac8910cf06b38
9
f852e001d6b9549d5f3b7f41297271eb3c7d02b23e18297a04cc7f0d3b94930fa4c7e2d00ad9e57f
e
13c484e4de640dda9ae9ae79cdf2c2630091673b7d4e4b704916aaa658f2e8c1f28e98423e9783d8
f
31b4951c412c9306176d3f6122f9de3b15b36ce7b7d7bbffac977a74a416fafce87c899b03958e75
8
2101b172cad6d0a5288eb077c3aed2516a3e49d231ebeeacc06433e768bd379bcba98500702ffe08
f
3104e69df811341647b52dfa8afcd805da537bec15d6a98f59b5ac87d52b666609a8abd8f8eb1ff2
c
1c85734f2cedcb44b4e00e01705f90ee96296bbb2008350b207489b74d6c6fd818f45eb4251b77ef
c
19a31efd19f0b9f053bdb360d635c77e1c2b293cbba8709b6e3342906b1cd192e90f8df33c473657
3
658b0850cae87825b3b1c54893769cc8b33414277c713f5f6b16e572635b47eaad3c51f548b06226
3
fade21806d34d784b6915be89b2206c6ec351f40da2cc28df1c1b55f038075a7d58b9c5959e02e0f
b
0871e9b260ee22cfe6fa3b4b814146ab3d8593fd7c8341d7671b8d188aaa277d020882ef55e3e822
7
929150d633e0bb3c190d2b956541d6be34033e1ed982c2018e91f4f917e31785253eab13213b024a
2
287d81dff65b77996d04cabc2e5d67d8c40752861b9155e5b8561cf25371977159e2d7ca5e81148c
4
8cd83dc85678acb607186f51f93d6ff8adbb4561135a43b820da35c8de1b045c62eb329ebcb8df6c
c
3f8d3eb4d457dcebba3cb0722db1caaa5620a4c134b63ca863c63470a3cc02dea8f1d98380fbcd2c
b
d92f0aecaa2ad52c1bcb47e000adfe3d70cdc955715fd5c0906110b04bb91cd418b332dc270c9570
2
d77cc5ca80bfb942a16cb53fffd10229ae7aab8a10bc7aa012b0908d8d88937ca92b22823e54be1d
c
02707b558dd8536df21b969738ffe5fb218e6ffd910f4624671c16b99a14e9d547351ffe3b43a18e
6
11b52d1f7722df7fb976e4fd7406159e48516d39eea34f425b25bd36d263b7c2626907cdbf1c3ae9
d
74f223427e614a7a077fbb55ff00d836f0edc480f55747170d02ead53f98f84b43476ce68eb17c4a
8
8a0df88277ad16f7901475fddd958c2e91ef1e9e32bb424c107934d0b1be3d77b74befc3f698c75b
7
c6dbc088dfd91d56eefec743ba261ec5f5ebd443d351cf103e48ff0b49fac38dd39adec63b646eb5
c
f539db6c30853ebe5f61a3b776eb51552649fe8b549ede63e0b6b7b7afbbe816fe637a4a0d677cc2
4
6cadd99183e8ac933a800469bf78ab9e79660ae9a5bc47a0bae7b76b1a69e9cbd118706dbf5a5332
a
a7ffa6ae1270fd6cc5f49d72340ede234de95c5e8bd8dfa962f5efc2011e45a1b9ee6bf44ec43851
a
ea8225c22d1d12bb71198bf9517760be9b5bdba8fb130ba4ce7cbe0fde45d8a046714504e5191058
7
8459ce198ce2c387c5aa3060115fc46bd1dd7fc0b9f3ad60409f78399503dfb4d1bb583c44db80c8
0
7d5a94ba22cf9053e9e7279d2f15ce26241bddd30d163e1d68073cd18806addf99b9a85179785d2d
c
23d9b0b0cf5fa9c5a7e666a401a901d3fd868e62bb8d39d7ad5c47ec977a783ca5269c1597f7d478
2
f6c6c5d1086575dbc3a57f7fbccbf48b42218cced1ff1f6e683846145e4a22fb94dd71ed5c3048ce
6
6342cde441ba1e504b82658cd5e91af9b6eceb988d8d7ed5f42cdd23712634a26c2556c4552401db
1
95111dd2da3f82053d101ef7b78cec70a10f1272d89ebe02c890d7acf66ed7bff890cbafbe1a03fe
8
d527c1d8b7e6287437f40d3d2da5d074d11e65969ed2b4131e42e5f86f2ee7b8ad1506bd71240c96
c
bbbf1dd309fa23ab901cbd5a4a853531c061436e67632e4b22e5bebd6324a0c3c1837418b17d57db
5
410f211762de657258a51f8f3b89b6bc863df61d66acf5dcbf47f0c43de1df98aa44b8481afdce4f
8
5d122ea279acda86cd4ee8570005e660f7cdba9cda213b866b49a4b5b9cbda5f240f542f01354660
1
a8f08c1a2952f0415e75984140998c18b50535cbe8c8b65744d76e1e62ed12a7b0d08c94adb0ccda
e
545cd8d28e0befbc4bde89caeff008166e48efebcacbba48bb02fee56d979e5a7424652289acb7a6
9
1c5b4000b5969e7a32dbfbb718d08d5ca78b4dcceed9efa0840239c4df0f26c9a74563855845543a
4
cd228b185f09dd682dda83530b6e0550cccdb9c99838d16e7cf70e9c4d42716addc467266c56ca0b
d
2e16cdcb647a53f9909bfae24be6dafa0b7b38cc93fed954006c543c6d9a50aa3074f5a271f2e96a
2
1d91aeac134ad73286ff08426809835711ae68df511c81b4768d75d748812cf5a2752642c85991dd
8
1db306bcc79597f20e5f0a74235916edd4dcc45f89d40d86f8175fa007ea8810bc746b401d1018a7
2
ce5f514188ff
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgrsx.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-01 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-25 97928]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-25 231704]
R2 npkcmsvc;npkcmsvc;c:\nexon\Mabinogi\npkcmsvc.exe [2008-07-25 80528]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-14 24652]
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\Mabinogi\GameGuard\dump_wmimmc.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-28 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 18:12]
2007-02-28 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 17:46]
2008-12-02 c:\windows\Tasks\SpyHunter Scanner.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe []
2008-12-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 20:24]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-hcsystray - c:\program files\Kuma Games\hcsystray\hc_tray.exe
HKLM-Run-PCDrProfiler - (no file)
.
------- Supplementary Scan -------
.
uStart Page = www.rvschools.org/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZSzed029YYUS_ZZzer000
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 22:55:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\c_778251.nls 122880 bytes executable
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-12-02 23:05:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 05:04:23
Pre-Run: 141,157,343,232 bytes free
Post-Run: 141,284,302,848 bytes free
231 --- E O F --- 2008-11-12 09:17:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:49 PM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.rvschools.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Search - ?p=ZSzed029YYUS_ZZzer000
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161876157234
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 13333 bytes
What's next??
ComboFix 08-12-01.03 - HP_Owner 2008-12-02 22:47:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.128 [GMT -6:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\HP_Owner\nah_log.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\itibowan.ini
c:\windows\system32\riplpslggisbk.dll
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://77.74.48.101
c:\windows\system32\winlogon.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.
2008-12-01 19:58 . 2008-12-01 19:58 <DIR> d-------- c:\program files\Trend Micro
2008-12-01 16:54 . 2008-12-01 16:54 <DIR> d-------- c:\program files\Panda Security
2008-12-01 16:54 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-30 16:54 . 2008-11-30 16:54 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2008-11-30 16:53 . 2008-11-30 16:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 16:53 . 2008-11-30 16:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 16:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 16:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-29 14:09 . 2008-11-30 16:45 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-29 14:09 . 2008-11-29 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-29 09:19 . 2008-11-29 09:20 <DIR> d-------- c:\program files\iTunes
2008-11-29 09:19 . 2008-11-29 09:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 09:15 . 2008-11-29 09:16 <DIR> d-------- c:\program files\QuickTime
2008-11-28 21:24 . 2008-11-28 21:27 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-18 14:02 . 2008-11-18 14:02 84,310 --a------ c:\windows\system32\riplpslggisbk.dll-uninst.exe
2008-11-11 17:47 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 17:47 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 15:20 --------- d-----w c:\program files\iPod
2008-11-29 15:15 --------- d-----w c:\program files\Common Files\Apple
2008-11-29 04:52 --------- d-----w c:\program files\Coupons
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\yoclient
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\bang
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\AVGTOOLBAR
2008-11-23 03:03 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-20 22:57 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-20 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-16 00:35 --------- d-----w c:\program files\EA Games
2008-10-25 08:09 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 00:24 --------- d-----w c:\program files\Full Tilt Poker.Org
2008-10-13 21:52 --------- d-----w c:\program files\Bonjour
2008-10-13 21:43 --------- d-----w c:\program files\Apple Software Update
2008-09-20 12:32 61,440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-09-20 12:32 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-09-20 12:32 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-09-20 12:32 40,960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-09-20 12:32 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-09-20 12:32 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-09-20 12:32 287,310 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2008-09-20 12:32 163,840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-09-06 13:11 3,645 ----a-w c:\windows\viassary-hp.reg
2006-12-10 01:36 32 ----a-r c:\documents and settings\All Users\hash.dat
2006-06-10 16:54 154 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2006-06-02 21:09 774,144 ----a-w c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-08 180269]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 c:\windows\system32\HdAShCut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-03-19 299008]
PowerReg Scheduler.exe [2006-05-09 189952]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dataviz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-02-06 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-08-08 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"66778282"= 34324235334643412d373030342d344442312d414243352d464342334134443834343345
"66778271"= 8cba10ef9961d8d372e00723e707b64f2240ef96064e35f1b11824214d5ea16315a8dc1cc50f01f4
3960f58eefe8baa5557ed0ffaeff6cf49a7f04d1d99d3f60d1ca40776e73efc26b1399ac3a866158
2
667176b41125b4f743cb88b300557b5114d910ba6cae10262729a030a0a3ef2ebca5a3c7f35e8566
3
6f5bbcb48ad7ed64102d788018d565d4ce3251bde5b37485e8ff28d65d54ec596dd4644bceba7e4c
8
a8e4c96d582d6aca8f110e4aa68f9c608ecff0dd3b1a0da64c629bfd49359444d6f90949279de8fb
f
5d92f56ddfeb036f0e8e4994c2ecfca898491d63ae0c972875c0a8dea6f0dcd5a61a0384d57a67a6
3
2260fe51c2e3547192ad11f898f3b6a5d9e255b5cc57a4a043755b1ebc8ad67b7aa34d3c5d18a92f
a
93dcfc8ced833538be0485d76b450965b1bbf42607f3c8f071923caa765ee3fdc010e32006360bda
c
424e3d1ba05f92327c9b212a7f5d158da04e4e3c37d11f0a9219984680a9ab634c3b3a5a1a3006af
2
ccf283d8da0feaf730cfe59932388e638f75673dd0ea0132334195f39f56a7b218ec1c1331303231
0
0e400
"aux1"= c_778251.nls
"wave2"= c_778251.nls
"mixer2"= c_778251.nls
"midi1"= c_778251.nls
"aux2"= c_778251.nls
"wave1"= c_778251.nls
"mixer1"= c_778251.nls
"midi2"= c_778251.nls
"66778301"= b092cb132d697d8fb619d8dc1b6c471d959d6222d7785275ee3002e5d9c4cb04c51ed64a8590b0d7
6fa0c5c86f369be1dfe81baf0b5313f984cc8dabe1a499ecce39ab613d06d22c586b3f22ac909149
c
fa65c7f60d622be9fe56f8d1652848b037c3282b396b3bc6ae36e23f55d5f577d77119c2426b042d
c
c306a7bba24bf31ebd79ea3c2c6f090d5057313c4ea079430f472756c921bb9c2759f6b3c7551fda
0
5d326c4590ecdeb35935f8ba65a8cd8b64720a15d3ad091368434b67e6f366bd73ed5a17ea69f88f
3
d16497b42dff6e407f1b5e21ce7e7c0bdcd1a8215a4cc0fcd1a3c394a91abb2bd37f0cd63e9e840c
c
4ae5bfb5ebb473c8c05c4cb01c15300a42f352a69a3ac5685732da4c6965a10f8417ffcd8deece1c
8
4870413bb6eeab027e8da37be7ae95a63c0e6d3df4766885f1e1f55abb2c8197677eed115f6d792e
2
d0006ad21745cd7dfd10aa8f660bcee8298ea686a4f4ef1319d075c7e3eb01c23e9d36e79468897d
a
3deb0dc67a1f457a4613e76d6fba9c415d7b2ca62101aeaa0b3b62969410cde884bd3b01ee9a8a55
9
234caf72cb6516e5c23fe3e4efd05bb24bfc1a59ae834b92166a8f948cd943cd0fea2361bb764b49
e
f0e99f72f6178f1c355b4000f4089146d383467421890e2f65755e96432545d83a76ec5c51969c5e
8
f2d57aca48a3a1d1020a032fad6dcf94ae58b4e865453f9aa80bc029020d578397da9bd200e149f4
5
24c8e2fe671c72f9f1cd6e116583e86ef3c22e709741d0602f08665ac88c1d96107d04cef2284683
a
3c6d1d767c52914b12e6f662e0603340b4c1627578ad14475d5de42f3e9a96d92247a9ac60738be1
6
3f661fe2cb8f35a0f5aa1c0b30e014c52e680c46219fe7f78b80ed0c10863457209fcb5d70f40ff4
6
48f0bc9d7167169b640e2513220428571ebd97ec9ba7ceaa6739f6a2c1a1d71932dd10fc6aa74dc9
0
043636572ab5c518c0709060e175fb62cc07b8d2540181fca84f5dc3b4c39d8bb341656d68cdfd65
c
fd4c7689573ff1f7868263a3f816ea3f62e4443479c3f81b55d2b841defba77c11c3304d288f090c
b
dfed34c0a467dcbfbe77419343aaab55d2bb4fd9557e122dd1729b5ee031fc32311550531ab78b1e
e
3397a9260c26fec5f4d2e925fbdb9525eead7178ca405319e2d64a5c07cd5fe02e905b7e4cae37ae
d
0be3bf54fc39f60d662dcf745dbad53bd11c89c704c455df48649d6fa07317dc1cb39219946b48b1
9
614988ddae1312495f89ebc82e83e181bc7dbb67278d171252d7f1a19667390b626362c8388c3141
e
8411faf4c7d6d21facbd0490b62c8f7e341c6d985e19f55993ecc08692bdb2fe58ffe1ef4ab51eab
4
a6913efb2027025da5d6acec65e6e2712a39a9e83266d2ba3370219096ce806811799899e615dfa8
3
1a6e2e2f35feb86f002f5d4271ad00c773d626b7c64566f95a3be68a09cde0344eb23b18c2082ad1
5
f99d99ab8b63bdf0318306df0b60a70962b4f7576c960bed087b9c39a0c4ec257d8af4a616de61e6
c
254d6e013bbd612d5b5b960f83a0f1d51f176beb13bb06e821879a3b68b4133e53282ee4ad35c997
9
f6fbb3d3a7d839dfa02d96cc4a50d42863cb3a53b3bb455565809c885ee2220f84d6979c1f61afcb
7
cce8bc707ea132135a318be5544e2ec4d0b58855a39191d21960938172ac5aae633db28dcff18465
2
2cc8b07c17a5069c87c74a41e268116e1991a24c2e6dd08f2541ba26a3df3e611d2d0269f3fc729a
a
035d8e6538f66b86e2d1842e3a75c7b1f841d51dcfec016b76795c9876e98a902c01917dfc720234
4
ba23e9e8fb3d9579c0259dcc022a8776b1dd5fb6206350d2a1dbf79da132de7bb387d9d8eff9bc76
0
09c7d3a965cd4786d834527a4793e158ef4dac969baa3424dd87195a88b97753114834be10a33aef
d
cb54e4f7f5489fcf6fc506fff88aa5b4ebefb124d939992f0a4916bf60ec6e5b1d949ce3c86c1dcc
6
6d5e8bc9e238863e280a7bdd9fb5577f0002e09c3d6f15844f585e9294e93d105c827db4ba632b86
4
755ff570fbf0d33489d23798c966a18ec639a16cd133167778ab4ed61b8f9fa91e9e6722f753ee40
9
f00da8def2c9f95ee9dfb20e8d301d521b224b2317dcc4be6f6c3d6ccc375619c3129fbc73d80f61
8
cb96d64a54b569b5529b53c537454008154f1f877590d00248a30aac79dbddc6ebe2ef1c524829d3
4
1faaad38f715317d4b0186480fdc3aee799a0be67b851920fc80afeb187e178c64d60332493a269b
f
09d25c9a45a33220662bc5e0a33a4dea0abe4e327a8c5240f2c647c0c587d4ab197a0581b7888fe5
a
aaf4146f7cc5140a038e334178579455949aa72f0210b2e5f13da73e172713912effc6e236371381
e
4b32dc680635c1aa18f83a28525e3183c0ce6f41746a25bfff10bcc97ab260b96e760eb9a8fe88e6
3
d0db79c84233bcddbcab903ba7cd27e63bb9594aff22486eb4352dfbc102cc43ee5d2ccf5c57e80f
6
5a49a14db2e5d47a4a79741eafef488105491dff0a4b4620c0f60c73bb738789318797482b92f07f
1
32f4360c7a7d38a77b4ea3de5b6219b50130a7e9b7d8db9981a21268dc4691a0a5c27035cb642309
7
124c28e0c13112d4348681821b258a4b0b7f014ad3ff82732a478e99ef31fe2b58dadcebf7f4bb10
0
3de1e554d31e6f8f67b7eee68c09b238a43f4666c55fc8df761f4e6f4c2890bc1c69cd6c649a74b7
6
3e49f6bb51e31ad99ec39651a507802c9664d5a1bdbf8b18e7183eb5be387aee70d3eebd04ca065d
0
3fe8b35e62340b928e6f371ee4ad004d9eecd7175b37399dceaa3351b15a3cf16c49f99751fffed0
9
cb5f160e72b24c5cc567341acc3da04bec4459201dd4c8d57a60abb133c1a47b074076c1ab4e81a1
7
0754c0d12594b728ef834031fd9e8acd229b767cab90a7a5c76b75311e4c0e77155b649c7680a0fc
7
6ee2aa229a334a357b57c3f04775be90fbe16592fce5c96249a14cbb4f63b4dc003b28abb5691339
e
77965413f96b13b309d73a6995acaa574f4bcec74bd8a0b9a6cf5688ee5510e2a6144ed9f7cf2eaf
2
988247942f13c7cd53b6c538c0d5c6d6f9b43667844f91445f15eb18bb6310e7e00e1cae42cf237c
4
6653e43f4c3754c8aafac20d3b3dff09e8378898736d4ccd06b0b96a50681795904561f076b5346b
1
b416612a62098ba49676fc1ca04a9f92f20e5491bc8bfdab83fd02a8dbaab4bee88f481e782cde1d
4
d9cdb40af394ad37fdb3a1c6269ad6f46d5cf8dd87694aacf4f29b07c1ea0313543b118c3daf8c42
6
dbc85c24818af08c89c75c5bbd68f97c1376484cf7c144fc3731d9dd1c1d160495dfe42ad467f06f
c
10a89289778b593109ec70a0543e855cecc5e7d3053b018b73586894974feb66641593b5517bfac4
3
df31a829ca902d571263c9c04648483cf370db5e93d7c06f09592ae4ac1a82f675d6203cc77c84d9
1
4662f50c9fcb0911cac730bf93dbc235caaaf3e00ee56450f2ceda7a1ed8b3154f9f25be1aedb375
0
165c05785d9d613fe22270ec8a86862b5727eb2e462cc05743d92d0ce649e626d4030604a8e17e69
f
a7eb5cbd22d6ea879d95dfdb3efa4e9bf5547057514b08cddf75b77f5448f6aa1c1934e86cb1c567
3
df0301e3ef4ae12f244d436c6c2bdf8f7d06ce53cfcde9fbef1bec9596a337899b66d862aab683e7
c
db585b2689c0275fb844f22e0971e2197ac27949367a59feef13ba285bdf073328b9c3ea01feae94
e
e73c28412e4b56971095cb7406b2becfd5a965307c8f74c13eddea1d2ed0f54816a26b6390289da3
4
93cb68a299e69b93939f18d4bc1af561b63ee4e83267e9c0d9ff547c0031e6a3e8379e7060748a10
9
f325825e0419629e77a10a3f92cddb1588ac65d4000e5285e968f705787ce383993fb9287228776e
4
b385b25317810162ff463af71a68f1c2355b7a66692666a035ef3921a61444df236a324330d1621f
6
c5cbbe3b16adb51583935dc1a5e8113cadb0ea0c4bdc9fa506f35d387b0aca02a8ad1d17a5d78fb9
a
c3b8ae00824eb88387d66cbbd9465e0fa35aa3e6bcfbf49b85c772d8c87b6048027026156413bc88
d
32dfc7794452fefb016a5712dfb66efe62bffb0474814771ddccea09e483cac57b11868a3b04d148
8
8953ea5dd6c5de8e08e105b128c4a5909f963d27558a7c446f4ca064ebccd317946cf90fec1af90a
9
a081503530f3fe95f731ecfb3384c0c29a4b9369aec05c4644f6323c9765711488b0abed834d5ee9
e
91478afb28b782c2b8c1c8c7a67af58e462cb75bd74371d65c95e4bec6126694e2daecb318f08137
2
ddb18e419f0d2769c7d35516b21c15515d49dd3fbd1e45174bd3bf8bb237dc83c74b9e42e9e8e71a
4
ca957dfdd52dee6b1fa19bb2dbd8a86228a08dcc657834af7d08d25f2d552a3db16e51bf341ae443
4
6eef47f9a393fa8a5461051eea814d703ee92b82f99b0acf635ca70051244ff66a53eb046fe77121
8
83779e3eb10a4da9867b8ca158fa1a1d3692053171e770c0dfe5a7c43130cd8553a4dc203a5e202a
1
a78a25ce5aba99c5928ee9fde8c703b134eb76aa1d7e76242733291df30afd1357d7fcdf824804af
3
ef4dd98eaccc40405499a31b0d7e45410b6f95feac2aa1282909f2fd8a5dd886474153f7b72780e6
e
b179a453d0b8b5d1032be888cec7c343f5c6be681c251b20481359ea521cbb670ca6183493e6aafe
1
835c03a1e515413f575c98b32823274184e4f12c785312d17cb8be0bd7ce002f29cdfdc6bcd2beb4
9
d653bb4af56125b75d0b0adb4599b67df09dfc3175d6c3d818e0635cc499dbcd0b7d1618d75c2519
3
4c9cff9795beb434c1632edf1ea62bb52926f635fcefda2356ae27de97ccfe7db602af98b32067e8
b
65df5085dc5df701f5391bf8fa7117eecf441a1b48bf477a44cf4e8d0a5165df806d5dac95b850e6
a
de15c259fbc9da1345315842767ab787f0b868f35753a24c27bc181d5cd1480e01ccb57d33b3369a
c
674a29b95180998c01286b7fccb55f623fabac00d09d43915852b79472301344779a443fe46b07fa
1
b8bdc3a608704f564e00f1f609ac08763615033f88d335bda5a57c5ed76f5fa4f7b2539703997314
3
69352a89ad88fefcb37fdce309cfde1460f0ffd2361c54537590144b9747621f67f0199561ad8d05
4
a6ba32cd947525b9ea08cc04beeea7f9b2004c6cea31fd6b58c469e6483ca3cfb7874017f8bbaa92
f
a74e214a307ac8177f14746ce045cb0716388e988ac940e24afa0dae8cc0f8cac3e5a948a86ea1d6
2
66e49ee8ee28be5056f9c93ab726635196474054f8ac8df5ba00f83b8db5423ab797314af355cfcf
2
6fa41200af115897ffc89c933204b45d331bb701086bf3f60216861bff43298bd1be9992f8794f82
2
fc04c4c4e3f14f0a6b47add52d9e7993da7af69fa8dd5a8f88d252b8b4e79d51001819de5144eb4e
4
573add7dd26567c1cb9bb1032d97f129085a652df4858cf102a3f15fe9f8f6242cd83112ae7464a5
a
ab5d3331c36377f17db7e6d93cee151e68e21e7db75b90a2e1685eee956f986644d65671ebd6edf1
3
f1792341d3d3af2692bdf54d9c225d5cf420eafe2ac3af7fb8d8ff43af7e40e0d749f5e161c04ff5
5
b484a23b2a55de088056b2df88b37cfc9f416fc6b8588c509d4ca2aa7ab29cd2b0b24b5673d12816
1
372ff3d6c865cda41c5c897ea8b544801d9b6c1ee5dc3ba5e0be36265ea829130ac8eef875ac6ffb
d
5d85f77d578e4f0a641dbbb13b9b80121e8e8fa0339ac54331d613b8ca7e56ac4a8d95146f4389cc
1
6d12da552c0c84213e6710204cc7958eefd7a4b8c73caa768b014c6c4b4c40c8c287a2c7ae263696
6
51d386764d9d28b0cb037b10b37eab79f7d14b2d455cbbaac49163ebd95a34d03e523fd097bb7bcd
1
ed59670929f5edfa126938909a5daf230bfdb3cbcd8e332deacc508ac3bc39d73f1d541f790961d7
1
01a298d72a7cdf2e8fe8e4ae300a42d6f4dd395c410ff9a2ad1e08b11a1fa73a7c3f9c55aead6476
5
701d2b986b6d70f95020c781ac891eb8ec299b1d9b5f146e0659cdbc479827e46667af1f5aa45b0a
1
101b8bbe1dcaf0f465b88617174d452da367ee67383a1ed94e50eca8f51ab48799e133176ac69647
0
27158795b280d7dc76bcb837231b14e95b65eebf4e69a489c258eac9fd866f86a0c0efb79d9706ce
0
ceeff7fb81cc30da89fd2494d699005ddbaca3bb72ffac6722b9e6a8f0a1179647a26a9a8386c410
3
2ce765c0f33f7e18e8ed20acaaea7bc9338017aaed9fc060f8570e9eb7ef2457cbc622c0623bbea6
c
99440383d0a21bc4ddbecdb8f54795c1b1ae89f69ab5cff98444f47289072aab76215446f3a95c4c
5
32f1d54675f8366cdb08702fd2ab7f5a156b008c1c134fbdaa8f2f96e61a9155b7bff895b4b02d11
3
ef87a3c5ddd6a6dac33d97381ae6f20a107909d37ea149769762f56d8595b9a6cfa1626a577b6f7e
6
fe58f7441737b5d2a6a58df71350cc17e7ddcbf521be663858b549ace9486e9e659888228a13f87f
7
ab13c4c0db73596e5e73fd719a1d56f0d7ef4468f97043c4df82cd8343762e8426abacc1d7a4a55c
a
71b9af1dae6d655b89e00e6f52ea59c1e2e9d95658ede067712eb321ff19a795c1335b555d33f33e
7
d8b6076f4cd0c618245c8ee888b0095781ea0717d3ba880bcbe0c75a450fa12dcf56ea26c81db98d
7
aab1d97abcb7f67b069fecd7909ab0bbc71dc282cf51cc2b3361ba0f188985b7dc777fcde333d0e5
a
3fbe6a69dfd2a80a02ce45a52e87d6259014325af5b3be1da31873ea92b60e9de4c02103df84c11b
0
745dbba2f532296d91c92e2ea0dad16a11380017914b59c220a422a4b8723b49f67909146bcb40fb
1
ba4b261378beb9248b99f996990d6958b9a4621d4647cd560e3a7421ccd6c6dde7fa834f8f005de7
e
36a80b79d131214a9104483b9026686c096a2097d2029672b28fe9be6902fea9c7d598166fe2e1b0
4
a3c4d37533008fc37304620fba7e5d74ca14321f27b45751d6c38dcd6cc88a91ac58c8da78d576df
5
7da1c889e27dcb55c98915013da86516f8c82353739b05d761c479269616020358d6a6299d70afdb
2
22923aa917019dad44f4b2f3b3b10ad41fac79fc842ca74a1188111f1e2cd3df7c2a8b154f677940
8
38cd05a54f3fa67c37baa534fede73a64ecb0e5aed534dd4455d99a03bdfdf97b5987af64d371199
b
270608722b53ef2d8fbf9a7fccd25f478f235df1d33a3542bbfb324024cf8a1e5d24fa7d590e9bbe
5
e8796df44b13f60dcdbd71328eee0d7dfedcb38cf941aaca33e11446841700b617f4713fad1287b5
a
9af5e6aa1c708b335ab322a3f4695f6129bb35c9399968fca5adf2ca63e3f474ec36c26d3b2f62f1
0
3a5601098627a82b0966037ef0becda69d0ffdd3721e8e2c05968caf2e4a2616c43247d481a52611
3
b82357de38debca106c18f866d9471080f7564ab242bd690e3853192ca7cdcf802269dbad3e22744
4
b56a0f872c1b68fa49f1feddf14f2108a84a10e6b008cedee224d9ee6b3b156d9f53985f53c8d845
e
09aaa075aea527e0989f3d2e90f2040fa7ace53ab44959aac9f77936dfc4e293656ecaf184065597
2
f920bab3721a03bf356d888a828fe88415818451004985cfa941b8fd3ab2c8940b8d1b76c5f9a9b4
a
0decf36ec3872e0814f234cbd73cb5cf58028acf6e519652ecbe1551c54c2794c03c29ceb8fa4c1b
1
9346ca1ae4dcbf546ae7461598018dacec6aed51538cd367837d7c09abc9e8aa5aec3fea7c17f354
7
b12ad25bb44c04a9e4780400ad177220404ec78bedf62d96b50abe8af9b3fba93315520586f5dff2
2
df24c54915393ff05c84a6a9e5baec726c8dc9fc345f2692765ba3845abdf1207504cfffd096516b
6
1545930beeb57af7a5c81791f8dbfe1c7931d3a4ff04d5b13f709bd7e7add6c07b93137468f90193
4
59d71baa8a97ef17d8a07a193206deda0064141ff1e4889cb671682f22fb69a2ed454371fbc0971e
9
e4411c23d2703abeaeae7506423c6db584330bb94ee2b09f8cc285409e3791ef8c65f581ae38cd72
b
6fa515c3a418b1a48d48daa17d6f4eb3b822d13f4c8772fc9a86b24600eecf395cbe1451810ad8ae
f
dd13ecfccae32b6f7201eb9523fcd65e1f077f398e7a86263af84d2fae5d400bea8ca8fc78c8351b
0
98ad60a934902babd8a549280f9a5eda1893020134b9fe1985264e9100544e6edd46dea81b266d77
b
34cc29104461ba581063ddbad8b3726106927125359248b1add9086526696e2ef2b2c374d1c833f0
1
c760b5e91ec1c79286f0f6987999eacbdfc3549cb3858f042ae5674b9a041c2f2c4f7fe62b8ec8d6
9
134346dbfb0830723b078360d1561017446603e36071b29886e5cf3f003cad18cfa558481ff47567
0
00dccc3f2960640883ef96d1dab8f6a5c4fd6d90fd02cea84a6a5900ccda639bbd531c45a17e68df
8
04ede416382e043bac440509863b8448d8c4dea193a2dc390a490bcf4b130fb982a5b997eddc2ce2
2
7d5565a1912c86d850f43900979868422873670c91701aef0899ddc3d6d2e8002751951162d2d98c
d
7985c97198e12522eb52d7d03f0a637f4e47022d0a06386e11df3a18357336b6e5dc9ccf0c445119
b
f586486d5d5fc6cdc4a7271ccf87a75094f2c92c3dbf937d9659eff9af0f794aae962bd69b0430e7
d
3e870715aa765891ee91bce419195fd882f85d1753887bdb7950537fbbffcb0f8012ec2c56ebc3ee
4
24878ea57bb2f5e16fbc24d00b88892def178771dffb36ac6182dd0515732811d0a5c645cb2b6389
5
00a3c3913b2e65399a8f979884912bfb9f7ecf85c7780879ce53fe558cc031f933cb5189b4166ba4
f
20c283954810716e32deb5e081f097d6954535a7a826e304035fb350a498952cda6a94d0476134e1
1
96026d71f8e0889e5c246a0a761c305f1f67b920c300feb1388b0c8edbfba23231fef4e1b48febac
4
e76a47eba135e1f89083e08d73c590fe59e5d7fdfa6e6baac177c9c568f52e2d7b3cc9736d9a418a
8
84bc7f5f39d6a8f181e23abf05e8a2f43f4be5e06166f5a3020ebc72fc03547b0cecf2d0450e5702
6
1fc39f9c89a3f7285a6c95a2bbb975249dbce315d5fabcf66d75a2dbb68210a467e4355f1953b39e
a
a4e611659ee7f6677bf79478c0b3e6a53523aee186b846a214ec0f3e991302803ffb496dad02082c
5
1f1587533406872c0d027dbc2f0b693cbc103ddc4887974077e2591d4356221c6487547f2d7ff24a
f
922ec10163d3c495216393f257f7847fda0a51651e9aeb5936fe686174aaeb091634b06366b52ef8
a
c833c2c9664ef6a0bbae14d91aaac81a62463bdc744a0346572dbc148d66040c7ae572ae53c684e3
8
164275aee93682c31345e090438a15da8247302799f44e10d32b693c53a96981cb7d7fcc70a2c325
f
ca12a26ac15e7fe9b0901cb2293f1de5b4b18f0816c0344565909ee2b5f1f01d9d7411349d5da00a
5
6500f4c26e5489f9f0057d6e2e5b654400948cfd42235d3dd147b4d1da76fb207d63dd6dbfc7b93a
5
2ad439b3b35b01006274be5f982174f909e164302e1eafb3010b042793c6ce2b404ef0495d0b0729
0
ceb082a97b1de15c2f2d5a8bde5fe25e4fd5a02e83b1d50b5990a83a724ae601f67e5c2a9408116b
c
f63d3e0caca709a067e6ef11931e03a3ab8741da0aa4599a38865ab353adee9c752a50c3babf46fc
a
03eaaef3bec10726d0546fa3cd578ab824542206cbdb688efe537aa2d8a5ff19e74f0285451c0fc8
c
c4dacf718735244f61405c4d3f175d79282c3dd21441d3e11e4e70cddc85974fd11c4c798972714c
1
eaef516d6b86c338d38d9ebf36b994afa386467cd303f7f42d79a097f035372553c66e13a06a4128
e
e1a075d6ddac7c7bff90b3bd55bca3cfaadc06e36aa6052df3166b3129e39f22e87e4c6b0f85c861
3
42885f58b0c871d71c752ece64c3801510493bf8b8ae83e85813e1fdcef0a15d80e380dd0bb32984
7
2f6f40497ffa330881e3fedacfde55dc24af41cf38724c04f0d805374e2f158e737fbc68926778f1
9
ee62e248e01348243505cdb5d210479fc0705fff24992c291bbc72aab30150a683e601ce5e1a0f26
e
d2941d3634b392975c67b2029763b79079022e2b5e723a35a0931e2f1262baa038311801896ba016
8
fdd0393435d6d49a2ea66db9627f3f9d2420db0ac549242b542308918b3e787d3ca966a30334fd55
2
ce84caa57ed20e1d3258bfd0d418728824062e48b53a189af46f58ad644a05196d5bbd227d74a974
f
25f3f11efb148f57343fdad55aee22f53950b8ae5a39b5b2c31b53804ff19af5b3732e36008b3fd9
c
86477f7a0c713c6ca62fd9758ed846a073b84f55b80341a46de2ea21c7c562e2ea75308bb7c440b8
6
788f1fad9a7e1d63bd4e8a088e797736d8daca188f83c5d9dbeca9036defd63f79f88c93b0518a40
7
2b618b84c2bc6eb9b15fdf2590490b138abf093873dcd9e0c654bc7e5b0f778bcefc3164a2d63466
8
3993b676b923899c0860788a35e5a657299063cff04f754d6edbb13c03a13290f0a18ea906cca22e
4
efe95685ed9dbfb32ece47fcdbb0aac9dd2ab216ae9aa5a1dc18abe71b6a7e3685dca792b0766aa0
4
b466d6add69b9b9744ac2ad0d95d1964c86c99071328fa9df98f6b1699c3ad363c129ea23fb636fd
2
20ac17b01d94566b2c8a979dfe9a6a0d208c5ec66d4698cf9069a5894ae06c547e48e959b6e8a383
d
c011feae4ad79f55896b1c51238aaafd3bbf816eb696dba506c86ef8f00d749f4c1772f9145e7f3b
4
671a7f6d3c8c2b2e252f13b8f512feff8c85ff0b423630cdb8d54c18d3a461fa1159e707045282bf
5
bacf48eb24cf82e1f0126e7a1f21c6ee63612955f28eb1c9cae5ddd3792ecbfcb983c231c32c4c54
0
04a1388a508ff803ed3b62ba4f0d3f4a74b3edc4da1bf181576e2ad74594ba185b874591b9219c66
1
b1e6766c023e1a8accbc0ccb938989fe62c55f7ef23e56be17949bc55758dd2c8577a936e174d51e
9
0f6b0349af151e651134cab302796661718633b076b40824c2fd5d73eb7846df08941e2ef4713f04
6
dba350576972178d1123c9b848e736be3205c286b84838827b35874e4d1c8836a67111379aa1e7f9
d
e84ec76eb31d1142885a522945c5dc03969399d3a5ad7d7b93aceb9b77eeb42f3d1abfc6553efa87
2
ff51f85ed2a6ede26ca9668e6f678ba443f65c8261e6082791189664fa4b188ae00ec9014798c83c
a
a882ae601df90157f70c63551fdb5cc69f14c2ee99cb7fe9f4ef186ea84113208e7158d4ff2bff66
3
5f7a50004947ebfe78bf743ebe44f8b00f833e313570542b4952f78676d6c8655e6e3218eee96d40
3
acaadfacfe9ad574a521901093a4c8626861a84e0d84017b934335db74ce34741e6fc515642ffb95
f
e7e55214a71f4815b48e5e08877cb96e10f6fbe4f66361ad9884af37904b20c11540c4e208cd3d90
4
63179b73190f6141842c5f112af737d11602be2f03525711c2eed219963fd4a8e817f340af81ed3f
e
fa353c77ebcc21cd14bda397c8ed580e8948ef5e20bf21f979f3bd3cf4194125421704d652fe32a3
c
b0d672de297ef3732c60197a209bbc240aee697ca3aee280c1a764a937d76a7116b59dddac7693e2
c
70d2a4d72e1a7b68c6db31f78b8ca82213bd1a006e95d18e2395acf496ddcb272375b394e3b64580
8
d96b3b11f8efa5940d8b43bfe8f6c547cc78c79c9d5421e257529a3b48116197a498da2f0636caae
0
c9807ff28d694cafa2f5919d181186f648ae982d2a94b87379e942156de70cc1687398921ad98fb9
0
c63246e688913c09025771b5ec1ddcf7b984c833f83da9cb1cf5b03e9bf196b0e6eef86d84cd5be6
e
7da44581bec218a7e3a64f469c3288580d6817dc6b9dada5b50803045e52d4f65fa385d370d64006
a
5b65d80c27d36c8e889d270759ea27b09018e87193583449ba41207b217cf702bdcd1866aa2aac3b
b
25cfec2cff66ebd98764076c96f1dfd180acd4f563c2c4da26ee5d56dbcbd3f69ba24eb9e8a88879
4
5c091029f0d75d511d848a270ad3403ee2d20df54a61ac84c99a71c6dbe648bf545124f685b08322
7
61b5bd99e146bc8640c991d1d9e97800168959f47b7d4569556bf14eb42725130b61509f64fd221c
3
5cd41dc4a7f405be809fec430d38988d56afb642df963b6bc647568f769f2d1c40e9865dce75037c
5
9695a7caef2f745e5519c25dbee1ada2a6988a0655175ef5ff2ad186ff58fc915fcc56574ad13efe
e
ed01bfc64dc4d4794e4453a078351815c6276dc371394fe6137f4b9a7d79fc62779b9ecf8f0335c3
5
eda3fca713be487ac488f3789b4106fe976a9a49017bfd64811383ae388fd90133aaee9c3120f0e8
7
027ae006e03d2b452e26fbce69ae2cc382a58c9297885ebd6a5a894865c10d3c62b295a3038a1eba
c
4a6014317abaa4dace066632e53dba17409e973018b761347cb2c933fea2e132c6d2fe7351c9ac23
5
06c260a2909476aab8379ba858c7ede66ba0917937cdaa714f446ca0ff8394aadb7429a7353cc173
9
e7bec14e8c22ffeea5f7ae3906d628a9fe1576450e18850b58344eb1d7bd24455bd368ae7e15be45
9
50f971d6414b6ebb042712bebbb81a201991ef8c4482569248e7b5781f4d08fd46e0c767cee64d6d
9
2b918912fec268378ea1b55714f9a62193c51d7045d003e3985ad6ed9fc4ceaa60b6ea603fc1cb02
1
a9337cd03157e0e51edbedeb1ecae42ee339e9230362c8f6ed882391ddaf5a2ec3629accbd3ba1fd
e
d27dc993816cc764a50180f88b249159a85745fc39040914599775fb2841f682571e72d08163831d
6
70c864efbc1a4395d77134a82dd35ac01fd97315ff0e073ea8deb303bf073723bd8b02c75d17d5a6
0
3e4c85699a901d32d3d2e80d87a7883d4f4147559ba4ac24867a03eb8f4a745fbf08c2838364f144
4
e2d4edb76f689ac77d72d2d7bac3f71deabd3d82aa08319f5d328b83eb4c29c9aa1cb5f03a894688
6
863c9da58c58eb59066ea79c9f160328f29a14e5f36cc3bcb2caad13bce1d5b1132450b28045bbe0
f
cde291e433fb22a224978cc5aff97ed1436fd9d3804b10107bc38ae4e63306f1076ee3580ae43988
f
018cbdfefe7c2c1bba040f7a2aad4afe4c504f1f5a736934af94643faecc2de8bcefd544861c0fce
3
4578e44eafe02a82f8aff2b32216e9d0c5a68df928597a9a5ec2d848aa013f73d276012b8996d21a
5
09f807b4bbf80d2ac5ac543eddf2e91b230e8f45befe723499fe1f0836879e9e6e2a5113c887122e
5
9bd69ce55bcbcb8b836b75c27924cca7f6d8b4faf6eae4ea2cadb0be55ebd60a89bc35cfdc9420e7
2
e935fe93185f54b0ec47fb16c78f632bbbe231c4b3cbc57ae31b7dea8192041bd9ea8115362ea95d
d
9b325cb50ddda5c469fcabe298e794b50dece4e3bc6b6983c5ee9c2206c71f35f663cd78e6afc9f8
2
2fabc6f5bd752e95e0c62603773a33e8b29b69209fb2ce7adac9bcf312058fa8c800b3b4fe72081a
5
b3a093b368779db065d556b04855e89ddd7b41a2d1c90d2511a8380aaf92bf90c57a5ba218d1cc58
a
1c16f0c2eb4858485205f5e6fa996739b0ee3ceb7b2e21fda3a001387d97091b699dc59e5f8dcaf5
9
1e60405fb856956ff7a5911adcd02235627b920e58891a816ea07d3cf345a0ee1db9366b6747af6a
d
cdab5cceba8f73700a5a1cefc0f8dfcf5562a85f82901e08d49eb614f818476fd3b17285dfaa3bb7
e
76697928a686da50751708928568a2e96bf53eb00c7e5d652115f67c33f6db59b4d4e3e05ebbce12
3
739f3911fc6bf1c4515df5d2065ca2674cfba69186f3d7dbc4267afd4b0a189ef9f3585212083c25
4
61a0f978633ac43950c85799886ed85ee57b0562feef5c1675cb731ee42254545fdac12dc7bbf916
a
d712d6edcc0c061cdaafb599c2f62a96b430124dc555b2acb6422a55d6ec57dd5e9d62b994c8a9bc
4
54f169ddf6d8fd98edd8e6b5ec1554f8c2ab9538fded1c64704c8d513ba6ffd25c9eee47b4a28d39
3
1a245c95871b2a46ff47684875ec4a80e3d78c82d14b7867adf2f969b96b8df8ad87ee58870cd851
3
13df7eb268c61489b6f567efbc540bc1006a7171f8ef58b165c4929b27efe58d9efabb8c3a1432ea
1
5a92487a55909420e9a10bdcbbab44cfd7e10bb8f07217d67e604c776faa7e6a41ee9bb04b204958
e
5ed3ef806e3e216489e963a282006655bffbb60bb3a86f25d8e41eda7e6cd709373dc008c398d78d
b
d2b661d38db9529a899825dc754b21ee4e846a678bd998824c1a6499ee3215b85fc50eeb6994716e
1
1883bba04da09a6a80d13aa984b8a02ecd625f2ce2e01526d42d2900551e3ed011410c2c1b28a676
4
8a978934bb1a6501e5f83a28ae59dbc2f0a3c73b007c227277a4c222f0560da5770a5fc7a840ae62
3
1cf6f988b949ba02c7689790e5496490b867b914b9ed51f486888ceb70617658e1790be2ffb5e322
f
ae56afed42e390a01ebd3ac7ee5635bc186096b4f86291e945f94f777c1193b1d6adc8e43850c73a
9
e936b62e009427fb293dca75d117a102915df3f32f729791b2403f88d713773d34e0aa1b48f01e89
c
540d8139d1bcba15aa64dde21afbadf5c310a1b081ac73c3d5e5299f47de23cc801b31a5a420ad47
a
78beffb40ab23e91881b2316d3f42efa2d38dae09636dc4df6744d6e9de5fc19ad86c3fc02827d82
7
4f80aff92506b8f38c2ceeb20d4e5ed70455d3111c50e6eea814bd57faa440fcfd2c4f1c4be31bde
8
a3dae1ccd9d9ae0966dfca2dd6522cf73784d40025a84f519b5a6c23a100b71f719ba49c0f9465c6
5
07428c4b9cec5c950ecde08e5e024ddb2bade31f38796f63f8b800cffd1edf7d14b1338d299bbb9e
3
ce9cb6fecf31b6df5c95d1479ff6afb5a0ce0a722bc08db39617eac609fcf67c61b5b6954c86f6b5
9
f6e0d99cd77e53b1c243fd798c37b1ee1560ff07910ca0fd4c47f0a7842b6f1b426d4492728c8247
7
7a0195652829046bd498bcab2d57fc3e3941a93f742d88c33f988da7907c1814250ebd4f682f7794
1
6b0413c9f4ea9b26e3f7a7cacea6f1df250a1547a27ed6a5ad25096b8ceb61c04085a49db7c0946b
d
07b23983b90df258b072cba6099769ec3a3d3f9767a86fa28b2315696459ab39f10753885f2fa8a3
5
9290367ed52aa4bebb51dd58b56b1971c14f49532591ff47fc0922076f5877db3ed51367ad51bc24
8
8f8047b951b3252fbd475af0f01cd541eba97f7fb8479d245b797735984d07bb5bcb41471b37cd69
8
a8668ea192ca52b0f570bda03e3b52b04860f289fe98114b4fab842a55fb3eee1c41e0b57642fc93
d
da351ebb9f249ccbb1a684437782cd65c414b0b7063004abd7a48c25eb2f4b0c952adc906fd7d54c
b
32846c26c19307ccfee97ac14bfcead3a5ec66e2f6a1e2e2ddaac57ae9e4f9f42f4bc25d3ad292aa
9
d1f75b17618c737e2917b25aacbedca9122b28385c7e85df77bb2dec6ba469ae7145686b21e3e50a
4
c438d8b57ac3d9b98824870f2381b83c1b9e29470bb8629af451ec5381aabd442ed7ebac69c5d0d6
f
603fbb94ca6c981cfc4feadc0e63f82d57e86d3b55188e3a41be898c0d7348da6dd4ea4749fb949e
c
3e63f6ca52c0ab045c8763c7b3698e89b6922403aab242a069fd3acc41150b49a223095e166fcf95
0
9516cc550b9a32e579dd58f467e52306f868ddbfe1998eb38ded06d050d289cd8009aebb65c94849
a
a55f52d35bfd3016af6c1577d4ab8a1c38ed9068ef0521d74f55c6d434e050a9de4a3f88925f3775
1
11c8cba1f2321e04dd3b971496411fcf4307d25af6020ac0ce5af87e4789b22c8b2f965f279186aa
6
9421d6718bbab95c5fbb1636e6f90a944f8870fc1aa5fbf504c964d20a34252fb54b5dab7f3674aa
3
59f561ac59a8a74a391bd6300ef2246f366ea67633ca2a8bb25261a3e40a50733eb12aa24681d202
e
c64520bda8f2c30a346ce9dfe3f38cc893a3b5b310e74d8e0fdbc1040f126f4d288c7f0b9880822b
1
398809e3dcf8d75be6a7a394eb179ad4db3d27f2a1576557b718abad0fe33e7d50b7c34b1accd866
c
7fbe312f2c652900dcd3261ebb243ef92542f4f4ef4a2b3f48622322a5ae05f301014153a150383c
5
866468974eba6398fa7a38b3853d9afa0216eecc522dc9dfd533f97e70c05d168f6491ef5a8f77be
a
8221ce7c436f57c8f5c65291cca41a8a8aba3defa424fc5eaa85cc4e1a805cd45f5d36a08a9f8a51
9
7624dd2ec7a97cf325cffe04301e8fe2c8c1d2fab6e7f438d0bbd103a095123753321c8b3e0220bb
8
91a2015a30d3e3ad92f051bcbab415c6df1a81da071899ced4dc4ab5ad7ace57d47953cc0f395845
f
3cde8afd4438decfa741c78fa87cb250be6a4a537d44445a67ea858f592728c554d446a0c907ab40
e
025a4b527ebc8bae15e999e49f13fffb4ceb00fa5076f89a9f05109886764e27bb868514434a5cba
e
37f91ac7d7758876b0e309300da6bfe8f6e17fde0f76b1fb632aa4d673f70c90fd6aa0db7f66a7ba
7
8a324ab008c9f1351494ada25644521752f885196f2aa87cb5c4e73bdde6390310d78e7cb91cf157
2
f5282229799313802fd4c8fb1d3667f53098d0a2b7420fbdf175085d27898116ced75193f74a80fd
1
cba11d5e2a506bdc7a8a0478e90826dabc6cd2137c989ff894fb2edc6b8d9b0cd370bc790a0656e5
5
243d209a8b1
"66778281"= 8f76b6d390f9e05f8db4308f96b7e35fc9dab17804e10ac3447d8a1572ec40d3fb2b2d1efac7be45
b1f89c6a6442f855641299b6b7f3d2951a3fe9e83ed9948779927d20124899ef7623a3c7882f10cc
3
dc48324107307ae757da76b57ae4c4c76b162092a22aa46c1a444df6ad435560a764510aecfa4bbd
1
f9be6feffe99c7524cb8f63d341226abc802285a84d0c6145b438ca85c85808d5223b53fedba4c67
a
d38e47b3f0a1487f381b5c297418bc578f06990db637e6eb75fe29fa8b2d01b309cf013d2f8d6932
f
5b5cc2d8fc8cb32eef2201d625689d0ab697d43e3a09d6f3af737d53536d9dc06a6427c9f42cd315
e
9adcd7f4c88e75456f528026c1c414af066801e8afd2bc7e2cdc5e4d53ff470e8b8b01800a4dc387
9
197c52ded2a2f10785c7f75789e1af8b463c31f3349c9323cba5f612065cdfcb205bc891c14624e6
9
38ae5ee8c7fbd3de7177cb35c8f5e3335af3fbf18b925aadff0172e49219f41ba69f311ece45be5e
9
b5733d05b9ca5b6aa913201fca37dcc7004961644f3a91cacdf004a538b211f9a286aa224b93edc8
2
dfdd3c9165209ef0de4c780c9aa573698557b6e3629ca655de4cc9082ccf86a7704c26fb20751e62
9
789c023f82d279346ff771a05157ba8bb851bdb67c66cc07e6b4bb2e69e122179eb2ef4f23ffff71
8
f91f2eb418cc9c9b0210cd45b294d7732bb7302faec9309a5c5bb5f2df8b580caa90300c7800171f
6
9d530356e48389c0751ad74fd3ac4556914db1f8f2165591b07c772fcc7a1406fd1053749ee7becb
9
e5b68851a5fe8ec1dcafda83f8c8ec7e87d36aea883d876e0bf2af7ceaf5144f1ba5c4c528ef28bb
3
7fa2c6915292c1a890c9c22b4d6d2d076135fbaafeb99d62d1f3a3a155e47e47f98e2e7e7a206832
c
e558ab9aadb3c29547710b46a4b8f58c60381ef2a6bcfe91d4419b02fe1e6e4afa9d6743821364b5
b
7773c5f3f9ed7d1ea0bb04eda201c302a63b9c8958f62d6d818bf38f6cc7aeea5af6e51db55a00bd
3
802e30900e5f7f8ecd8965aff8d7dd29e7314d06ccfd154df7654868877b007e6eb4cdf2f3183aba
3
210be8505726b87f637fcd2077e5fa11b65fd6619c632712e29de9021bef07bcdc63b636b04e5c0e
e
5abf4671b01bb2c25552f91e54a16ae5e2fc18da1b0af24f1884b5aeab441ca5a56672ddc8e1c7fa
a
dcdfe68aed172897b0130bcef0b729f0904dd8247385e099c1a4a4909d36c08f192590456321a574
c
e997a6209733cc34ac7df4474b3cf2512754f8e1606f5f38c7a21a27d4374c09e90bac70f9a0f898
4
a5016e0ff3bae39d69d300796055e00518028b3e67fc84d7b747cc239c111ec832669bb2d8815225
e
a7151840d55db4c30120df3bad03e4e3b3fdc1b27ed74fed8e6b4e6ae3c7a107dbd303b1b72190f5
4
9c4a8f64bc98620e99e2a2c00a24a9ae70829421231c2b8e0350cc56e96689c305521ac28778834f
1
7d73b5d9c7de6a9041f493581fda77d4e78cf16e6f6cf4fbff66ce518c9d90a2ecdcecd45b93f1a5
d
ed36e7a89c47504414c9d5027060656ab2ef30c789971cbc87f30d44eec9f2958cd2bea36fcf18b9
f
1fb751f4b1af58e96e78d6b45fd552543a2b3751cd74dbc57d1b7d9484535cdd0860b15f7759780d
f
f9c82548b8db8e306583e323373b5fd4f6f86e317468d2a77793e8765ccb09e9d55ebea8cd3a2bfc
7
47dd5d93398cf23c3981185b8233dac273ead842069a595002e3009f6c59f05297c6bdb6d67a71e1
b
c2a152a9db0a942abe57206b742678b74c8d10f6954943a202ce224294716fb69dbf3aeafbb8d21d
1
b156b0c6588de1eb8ac02c83d3aea6a837dada1a6e0402b17426c7781ec6c6aa48eac8910cf06b38
9
f852e001d6b9549d5f3b7f41297271eb3c7d02b23e18297a04cc7f0d3b94930fa4c7e2d00ad9e57f
e
13c484e4de640dda9ae9ae79cdf2c2630091673b7d4e4b704916aaa658f2e8c1f28e98423e9783d8
f
31b4951c412c9306176d3f6122f9de3b15b36ce7b7d7bbffac977a74a416fafce87c899b03958e75
8
2101b172cad6d0a5288eb077c3aed2516a3e49d231ebeeacc06433e768bd379bcba98500702ffe08
f
3104e69df811341647b52dfa8afcd805da537bec15d6a98f59b5ac87d52b666609a8abd8f8eb1ff2
c
1c85734f2cedcb44b4e00e01705f90ee96296bbb2008350b207489b74d6c6fd818f45eb4251b77ef
c
19a31efd19f0b9f053bdb360d635c77e1c2b293cbba8709b6e3342906b1cd192e90f8df33c473657
3
658b0850cae87825b3b1c54893769cc8b33414277c713f5f6b16e572635b47eaad3c51f548b06226
3
fade21806d34d784b6915be89b2206c6ec351f40da2cc28df1c1b55f038075a7d58b9c5959e02e0f
b
0871e9b260ee22cfe6fa3b4b814146ab3d8593fd7c8341d7671b8d188aaa277d020882ef55e3e822
7
929150d633e0bb3c190d2b956541d6be34033e1ed982c2018e91f4f917e31785253eab13213b024a
2
287d81dff65b77996d04cabc2e5d67d8c40752861b9155e5b8561cf25371977159e2d7ca5e81148c
4
8cd83dc85678acb607186f51f93d6ff8adbb4561135a43b820da35c8de1b045c62eb329ebcb8df6c
c
3f8d3eb4d457dcebba3cb0722db1caaa5620a4c134b63ca863c63470a3cc02dea8f1d98380fbcd2c
b
d92f0aecaa2ad52c1bcb47e000adfe3d70cdc955715fd5c0906110b04bb91cd418b332dc270c9570
2
d77cc5ca80bfb942a16cb53fffd10229ae7aab8a10bc7aa012b0908d8d88937ca92b22823e54be1d
c
02707b558dd8536df21b969738ffe5fb218e6ffd910f4624671c16b99a14e9d547351ffe3b43a18e
6
11b52d1f7722df7fb976e4fd7406159e48516d39eea34f425b25bd36d263b7c2626907cdbf1c3ae9
d
74f223427e614a7a077fbb55ff00d836f0edc480f55747170d02ead53f98f84b43476ce68eb17c4a
8
8a0df88277ad16f7901475fddd958c2e91ef1e9e32bb424c107934d0b1be3d77b74befc3f698c75b
7
c6dbc088dfd91d56eefec743ba261ec5f5ebd443d351cf103e48ff0b49fac38dd39adec63b646eb5
c
f539db6c30853ebe5f61a3b776eb51552649fe8b549ede63e0b6b7b7afbbe816fe637a4a0d677cc2
4
6cadd99183e8ac933a800469bf78ab9e79660ae9a5bc47a0bae7b76b1a69e9cbd118706dbf5a5332
a
a7ffa6ae1270fd6cc5f49d72340ede234de95c5e8bd8dfa962f5efc2011e45a1b9ee6bf44ec43851
a
ea8225c22d1d12bb71198bf9517760be9b5bdba8fb130ba4ce7cbe0fde45d8a046714504e5191058
7
8459ce198ce2c387c5aa3060115fc46bd1dd7fc0b9f3ad60409f78399503dfb4d1bb583c44db80c8
0
7d5a94ba22cf9053e9e7279d2f15ce26241bddd30d163e1d68073cd18806addf99b9a85179785d2d
c
23d9b0b0cf5fa9c5a7e666a401a901d3fd868e62bb8d39d7ad5c47ec977a783ca5269c1597f7d478
2
f6c6c5d1086575dbc3a57f7fbccbf48b42218cced1ff1f6e683846145e4a22fb94dd71ed5c3048ce
6
6342cde441ba1e504b82658cd5e91af9b6eceb988d8d7ed5f42cdd23712634a26c2556c4552401db
1
95111dd2da3f82053d101ef7b78cec70a10f1272d89ebe02c890d7acf66ed7bff890cbafbe1a03fe
8
d527c1d8b7e6287437f40d3d2da5d074d11e65969ed2b4131e42e5f86f2ee7b8ad1506bd71240c96
c
bbbf1dd309fa23ab901cbd5a4a853531c061436e67632e4b22e5bebd6324a0c3c1837418b17d57db
5
410f211762de657258a51f8f3b89b6bc863df61d66acf5dcbf47f0c43de1df98aa44b8481afdce4f
8
5d122ea279acda86cd4ee8570005e660f7cdba9cda213b866b49a4b5b9cbda5f240f542f01354660
1
a8f08c1a2952f0415e75984140998c18b50535cbe8c8b65744d76e1e62ed12a7b0d08c94adb0ccda
e
545cd8d28e0befbc4bde89caeff008166e48efebcacbba48bb02fee56d979e5a7424652289acb7a6
9
1c5b4000b5969e7a32dbfbb718d08d5ca78b4dcceed9efa0840239c4df0f26c9a74563855845543a
4
cd228b185f09dd682dda83530b6e0550cccdb9c99838d16e7cf70e9c4d42716addc467266c56ca0b
d
2e16cdcb647a53f9909bfae24be6dafa0b7b38cc93fed954006c543c6d9a50aa3074f5a271f2e96a
2
1d91aeac134ad73286ff08426809835711ae68df511c81b4768d75d748812cf5a2752642c85991dd
8
1db306bcc79597f20e5f0a74235916edd4dcc45f89d40d86f8175fa007ea8810bc746b401d1018a7
2
ce5f514188ff
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgrsx.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-01 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-25 97928]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-25 231704]
R2 npkcmsvc;npkcmsvc;c:\nexon\Mabinogi\npkcmsvc.exe [2008-07-25 80528]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-14 24652]
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\Mabinogi\GameGuard\dump_wmimmc.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-28 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 18:12]
2007-02-28 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 17:46]
2008-12-02 c:\windows\Tasks\SpyHunter Scanner.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe []
2008-12-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 20:24]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-hcsystray - c:\program files\Kuma Games\hcsystray\hc_tray.exe
HKLM-Run-PCDrProfiler - (no file)
.
------- Supplementary Scan -------
.
uStart Page = www.rvschools.org/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZSzed029YYUS_ZZzer000
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 22:55:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\c_778251.nls 122880 bytes executable
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-12-02 23:05:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 05:04:23
Pre-Run: 141,157,343,232 bytes free
Post-Run: 141,284,302,848 bytes free
231 --- E O F --- 2008-11-12 09:17:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:49 PM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.rvschools.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Search - ?p=ZSzed029YYUS_ZZzer000
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161876157234
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 13333 bytes
What's next??
Please open a command prompt...click start-->run, then type CMD and press enter
Paste the following into the command prompt window:
sc stop Viewpoint Manager Service
sc delete Viewpoint Manager Service
When completed, close the command prompt window and press enter.
Please open a blank Notepad by clicking start-->run
Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe
Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
File::
c:\windows\system32\riplpslggisbk.dll-uninst.exe
Folder::
c:\program files\Viewpoint\
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"66778282"=-
"66778271"=-
"66778301"=-
"66778281"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
Paste the following into the command prompt window:
sc stop Viewpoint Manager Service
sc delete Viewpoint Manager Service
When completed, close the command prompt window and press enter.
Please open a blank Notepad by clicking start-->run
Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe
Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
File::
c:\windows\system32\riplpslggisbk.dll-uninst.exe
Folder::
c:\program files\Viewpoint\
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"66778282"=-
"66778271"=-
"66778301"=-
"66778281"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
Here you go 1972vet! Thanks!
ComboFix 08-12-01.03 - HP_Owner 2008-12-03 16:27:55.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.124 [GMT -6:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\system32\riplpslggisbk.dll-uninst.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Viewpoint\
c:\program files\Viewpoint\\Common\ViewpointService.exe
c:\program files\Viewpoint\\Common\VistaBoot.sdll
c:\program files\Viewpoint\\Viewpoint Manager\CPtask.xml
c:\program files\Viewpoint\\Viewpoint Manager\VETScriptInterpreter.dll
c:\program files\Viewpoint\\Viewpoint Manager\ViewCP.cpl
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\s.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\options.ini
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\viewpoint.ico
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\vmctrl.html
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPexe.exe
c:\program files\Viewpoint\\Viewpoint Manager\ViewMgr.exe
c:\program files\Viewpoint\\Viewpoint Manager\ViewMgrCore.dll
c:\program files\Viewpoint\\Viewpoint Manager\ViewMgrInstaller.exe
c:\program files\Viewpoint\\Viewpoint Media Player\AxMetaStream_0305000D.dll
c:\program files\Viewpoint\\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\\Viewpoint Media Player\ComponentMgr_0305000D.dll
c:\program files\Viewpoint\\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\Mts3Reader.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\SWFView.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\VMgr.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\VMPVideo.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\VMPVideo2.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\WaveletReader.dll
c:\program files\Viewpoint\\Viewpoint Media Player\DownLoadHist.ini
c:\program files\Viewpoint\\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\\Viewpoint Media Player\MTSDownloadSites.txt
c:\program files\Viewpoint\\Viewpoint Media Player\NewComponents\Cursors.dll
c:\windows\system32\riplpslggisbk.dll-uninst.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.
2008-12-01 19:58 . 2008-12-01 19:58 <DIR> d-------- c:\program files\Trend Micro
2008-12-01 16:54 . 2008-12-01 16:54 <DIR> d-------- c:\program files\Panda Security
2008-12-01 16:54 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-30 16:54 . 2008-11-30 16:54 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2008-11-30 16:53 . 2008-11-30 16:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 16:53 . 2008-11-30 16:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 16:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 16:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-29 14:09 . 2008-11-30 16:45 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-29 14:09 . 2008-11-29 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-29 09:19 . 2008-11-29 09:20 <DIR> d-------- c:\program files\iTunes
2008-11-29 09:19 . 2008-11-29 09:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 09:15 . 2008-11-29 09:16 <DIR> d-------- c:\program files\QuickTime
2008-11-28 21:24 . 2008-11-28 21:27 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-11 17:47 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 17:47 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 15:20 --------- d-----w c:\program files\iPod
2008-11-29 15:15 --------- d-----w c:\program files\Common Files\Apple
2008-11-29 04:52 --------- d-----w c:\program files\Coupons
2008-11-29 04:06 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\yoclient
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\bang
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\AVGTOOLBAR
2008-11-23 03:03 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-20 22:57 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-20 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-16 00:35 --------- d-----w c:\program files\EA Games
2008-10-25 08:09 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 00:24 --------- d-----w c:\program files\Full Tilt Poker.Org
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-13 21:52 --------- d-----w c:\program files\Bonjour
2008-10-13 21:43 --------- d-----w c:\program files\Apple Software Update
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 22:51 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-28 22:50 4,984 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-09-20 12:32 61,440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-09-20 12:32 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-09-20 12:32 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-09-20 12:32 40,960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-09-20 12:32 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-09-20 12:32 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-09-20 12:32 287,310 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2008-09-20 12:32 163,840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-06 13:11 3,645 ----a-w c:\windows\viassary-hp.reg
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2006-12-10 01:36 32 ----a-r c:\documents and settings\All Users\hash.dat
2006-06-10 16:54 154 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2006-06-02 21:09 774,144 ----a-w c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-08 180269]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 c:\windows\system32\HdAShCut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-03-19 299008]
PowerReg Scheduler.exe [2006-05-09 189952]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dataviz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-02-06 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-08-08 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"= c_778251.nls
"wave2"= c_778251.nls
"mixer2"= c_778251.nls
"midi1"= c_778251.nls
"aux2"= c_778251.nls
"wave1"= c_778251.nls
"mixer1"= c_778251.nls
"midi2"= c_778251.nls
"66778282"= 36384536434543432d394343362d344236302d383435342d383738373741313039314243
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgrsx.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-01 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-25 97928]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-25 231704]
R2 npkcmsvc;npkcmsvc;c:\nexon\Mabinogi\npkcmsvc.exe [2008-07-25 80528]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" []
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\Mabinogi\GameGuard\dump_wmimmc.sys []
.
Contents of the 'Scheduled Tasks' folder
2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-28 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 18:12]
2007-02-28 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 17:46]
2008-12-03 c:\windows\Tasks\SpyHunter Scanner.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe []
2008-12-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 20:24]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 16:32:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-12-03 16:36:27
ComboFix-quarantined-files.txt 2008-12-03 22:35:09
ComboFix2.txt 2008-12-03 05:05:52
Pre-Run: 141,361,659,904 bytes free
Post-Run: 141,354,500,096 bytes free
255 --- E O F --- 2008-11-12 09:17:00
ComboFix 08-12-01.03 - HP_Owner 2008-12-03 16:27:55.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.124 [GMT -6:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\system32\riplpslggisbk.dll-uninst.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Viewpoint\
c:\program files\Viewpoint\\Common\ViewpointService.exe
c:\program files\Viewpoint\\Common\VistaBoot.sdll
c:\program files\Viewpoint\\Viewpoint Manager\CPtask.xml
c:\program files\Viewpoint\\Viewpoint Manager\VETScriptInterpreter.dll
c:\program files\Viewpoint\\Viewpoint Manager\ViewCP.cpl
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\s.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\options.ini
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\viewpoint.ico
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPData\vmctrl.html
c:\program files\Viewpoint\\Viewpoint Manager\ViewCPexe.exe
c:\program files\Viewpoint\\Viewpoint Manager\ViewMgr.exe
c:\program files\Viewpoint\\Viewpoint Manager\ViewMgrCore.dll
c:\program files\Viewpoint\\Viewpoint Manager\ViewMgrInstaller.exe
c:\program files\Viewpoint\\Viewpoint Media Player\AxMetaStream_0305000D.dll
c:\program files\Viewpoint\\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\\Viewpoint Media Player\ComponentMgr_0305000D.dll
c:\program files\Viewpoint\\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\Mts3Reader.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\SWFView.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\VMgr.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\VMPVideo.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\VMPVideo2.dll
c:\program files\Viewpoint\\Viewpoint Media Player\Components\WaveletReader.dll
c:\program files\Viewpoint\\Viewpoint Media Player\DownLoadHist.ini
c:\program files\Viewpoint\\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\\Viewpoint Media Player\MTSDownloadSites.txt
c:\program files\Viewpoint\\Viewpoint Media Player\NewComponents\Cursors.dll
c:\windows\system32\riplpslggisbk.dll-uninst.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.
2008-12-01 19:58 . 2008-12-01 19:58 <DIR> d-------- c:\program files\Trend Micro
2008-12-01 16:54 . 2008-12-01 16:54 <DIR> d-------- c:\program files\Panda Security
2008-12-01 16:54 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-30 16:54 . 2008-11-30 16:54 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2008-11-30 16:53 . 2008-11-30 16:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 16:53 . 2008-11-30 16:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 16:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 16:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-29 14:09 . 2008-11-30 16:45 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-29 14:09 . 2008-11-29 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-29 09:19 . 2008-11-29 09:20 <DIR> d-------- c:\program files\iTunes
2008-11-29 09:19 . 2008-11-29 09:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 09:15 . 2008-11-29 09:16 <DIR> d-------- c:\program files\QuickTime
2008-11-28 21:24 . 2008-11-28 21:27 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-11 17:47 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 17:47 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 15:20 --------- d-----w c:\program files\iPod
2008-11-29 15:15 --------- d-----w c:\program files\Common Files\Apple
2008-11-29 04:52 --------- d-----w c:\program files\Coupons
2008-11-29 04:06 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\yoclient
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\bang
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\AVGTOOLBAR
2008-11-23 03:03 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-20 22:57 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-20 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-16 00:35 --------- d-----w c:\program files\EA Games
2008-10-25 08:09 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 00:24 --------- d-----w c:\program files\Full Tilt Poker.Org
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-13 21:52 --------- d-----w c:\program files\Bonjour
2008-10-13 21:43 --------- d-----w c:\program files\Apple Software Update
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 22:51 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-28 22:50 4,984 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-09-20 12:32 61,440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-09-20 12:32 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-09-20 12:32 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-09-20 12:32 40,960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-09-20 12:32 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-09-20 12:32 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-09-20 12:32 287,310 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2008-09-20 12:32 163,840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-06 13:11 3,645 ----a-w c:\windows\viassary-hp.reg
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2006-12-10 01:36 32 ----a-r c:\documents and settings\All Users\hash.dat
2006-06-10 16:54 154 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2006-06-02 21:09 774,144 ----a-w c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-08 180269]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 c:\windows\system32\HdAShCut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-03-19 299008]
PowerReg Scheduler.exe [2006-05-09 189952]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dataviz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-02-06 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-08-08 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"= c_778251.nls
"wave2"= c_778251.nls
"mixer2"= c_778251.nls
"midi1"= c_778251.nls
"aux2"= c_778251.nls
"wave1"= c_778251.nls
"mixer1"= c_778251.nls
"midi2"= c_778251.nls
"66778282"= 36384536434543432d394343362d344236302d383435342d383738373741313039314243
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgrsx.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-01 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-25 97928]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-25 231704]
R2 npkcmsvc;npkcmsvc;c:\nexon\Mabinogi\npkcmsvc.exe [2008-07-25 80528]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" []
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\Mabinogi\GameGuard\dump_wmimmc.sys []
.
Contents of the 'Scheduled Tasks' folder
2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-28 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 18:12]
2007-02-28 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 17:46]
2008-12-03 c:\windows\Tasks\SpyHunter Scanner.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe []
2008-12-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 20:24]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 16:32:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-12-03 16:36:27
ComboFix-quarantined-files.txt 2008-12-03 22:35:09
ComboFix2.txt 2008-12-03 05:05:52
Pre-Run: 141,361,659,904 bytes free
Post-Run: 141,354,500,096 bytes free
255 --- E O F --- 2008-11-12 09:17:00
Update your QuickTime application...the version you have has been exploited.
...and once more should do it. Please open another blank Notepad by clicking start-->run
Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe
Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Folder::
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
Please advise how the system behaves now and if you are having any other issues. Thanks!
...and once more should do it. Please open another blank Notepad by clicking start-->run
Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe
Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Folder::
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
Please advise how the system behaves now and if you are having any other issues. Thanks!
Here's the latest combofix log. So far the computer is working much better.
No more random popups, and running faster.
ComboFix 08-12-01.03 - HP_Owner 2008-12-04 15:46:38.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.181 [GMT -6:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.
2008-12-04 15:41 . 2008-12-04 15:41 <DIR> d-------- c:\program files\QuickTime
2008-12-01 19:58 . 2008-12-01 19:58 <DIR> d-------- c:\program files\Trend Micro
2008-12-01 16:54 . 2008-12-01 16:54 <DIR> d-------- c:\program files\Panda Security
2008-12-01 16:54 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-30 16:54 . 2008-11-30 16:54 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2008-11-30 16:53 . 2008-11-30 16:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 16:53 . 2008-11-30 16:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 16:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 16:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-29 14:09 . 2008-11-30 16:45 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-29 14:09 . 2008-11-29 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-29 09:19 . 2008-11-29 09:20 <DIR> d-------- c:\program files\iTunes
2008-11-29 09:19 . 2008-11-29 09:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-28 21:24 . 2008-11-28 21:27 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-11 17:47 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 17:47 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 19:10 --------- d-----w c:\program files\MSN Messenger
2008-11-29 15:20 --------- d-----w c:\program files\iPod
2008-11-29 15:15 --------- d-----w c:\program files\Common Files\Apple
2008-11-29 04:52 --------- d-----w c:\program files\Coupons
2008-11-29 04:06 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\yoclient
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\bang
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\AVGTOOLBAR
2008-11-23 03:03 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-20 22:57 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-20 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-16 00:35 --------- d-----w c:\program files\EA Games
2008-10-25 08:09 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 00:24 --------- d-----w c:\program files\Full Tilt Poker.Org
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-13 21:52 --------- d-----w c:\program files\Bonjour
2008-10-13 21:43 --------- d-----w c:\program files\Apple Software Update
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 22:51 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-28 22:50 4,984 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-09-20 12:32 61,440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-09-20 12:32 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-09-20 12:32 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-09-20 12:32 40,960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-09-20 12:32 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-09-20 12:32 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-09-20 12:32 287,310 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2008-09-20 12:32 163,840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-06 13:11 3,645 ----a-w c:\windows\viassary-hp.reg
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2006-12-10 01:36 32 ----a-r c:\documents and settings\All Users\hash.dat
2006-06-10 16:54 154 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2006-06-02 21:09 774,144 ----a-w c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-08 180269]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 c:\windows\system32\HdAShCut.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-03-19 299008]
PowerReg Scheduler.exe [2006-05-09 189952]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dataviz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-02-06 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-08-08 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"= c_778251.nls
"wave2"= c_778251.nls
"mixer2"= c_778251.nls
"midi1"= c_778251.nls
"aux2"= c_778251.nls
"wave1"= c_778251.nls
"mixer1"= c_778251.nls
"midi2"= c_778251.nls
"66778282"= 34324235334643412d373030342d344442312d414243352d464342334134443834343345
"66778271"= 8cba10ef9961d8d372e00723e707b64f2240ef96064e35f1b11824214d5ea16315a8dc1cc50f01f4
3960f58eefe8baa5557ed0ffaeff6cf49a7f04d1d99d3f60d1ca40776e73efc26b1399ac3a866158
2
667176b41125b4f743cb88b300557b5114d910ba6cae10262729a030a0a3ef2ebca5a3c7f35e8566
3
6f5bbcb48ad7ed64102d788018d565d4ce3251bde5b37485e8ff28d65d54ec596dd4644bceba7e4c
8
a8e4c96d582d6aca8f110e4aa68f9c608ecff0dd3b1a0da64c629bfd49359444d6f90949279de8fb
f
5d92f56ddfeb036f0e8e4994c2ecfca898491d63ae0c972875c0a8dea6f0dcd5a61a0384d57a67a6
3
2260fe51c2e3547192ad11f898f3b6a5d9e255b5cc57a4a043755b1ebc8ad67b7aa34d3c5d18a92f
a
93dcfc8ced833538be0485d76b450965b1bbf42607f3c8f071923caa765ee3fdc010e32006360bda
c
424e3d1ba05f92327c9b212a7f5d158da04e4e3c37d11f0a9219984680a9ab634c3b3a5a1a3006af
2
ccf283d8da0feaf730cfe59932388e638f75673dd0ea0132334195f39f56a7b218ec1c1331303231
0
0e400
"66778301"= b092cb132d697d8fb619d8dc1b6c471d959d6222d7785275ee3002e5d9c4cb04c51ed64a8590b0d7
6fa0c5c86f369be1dfe81baf0b5313f984cc8dabe1a499ecce39ab613d06d22c586b3f22ac909149
c
fa65c7f60d622be9fe56f8d1652848b037c3282b396b3bc6ae36e23f55d5f577d77119c2426b042d
c
c306a7bba24bf31ebd79ea3c2c6f090d5057313c4ea079430f472756c921bb9c2759f6b3c7551fda
0
5d326c4590ecdeb35935f8ba65a8cd8b64720a15d3ad091368434b67e6f366bd73ed5a17ea69f88f
3
d16497b42dff6e407f1b5e21ce7e7c0bdcd1a8215a4cc0fcd1a3c394a91abb2bd37f0cd63e9e840c
c
4ae5bfb5ebb473c8c05c4cb01c15300a42f352a69a3ac5685732da4c6965a10f8417ffcd8deece1c
8
4870413bb6eeab027e8da37be7ae95a63c0e6d3df4766885f1e1f55abb2c8197677eed115f6d792e
2
d0006ad21745cd7dfd10aa8f660bcee8298ea686a4f4ef1319d075c7e3eb01c23e9d36e79468897d
a
3deb0dc67a1f457a4613e76d6fba9c415d7b2ca62101aeaa0b3b62969410cde884bd3b01ee9a8a55
9
234caf72cb6516e5c23fe3e4efd05bb24bfc1a59ae834b92166a8f948cd943cd0fea2361bb764b49
e
f0e99f72f6178f1c355b4000f4089146d383467421890e2f65755e96432545d83a76ec5c51969c5e
8
f2d57aca48a3a1d1020a032fad6dcf94ae58b4e865453f9aa80bc029020d578397da9bd200e149f4
5
24c8e2fe671c72f9f1cd6e116583e86ef3c22e709741d0602f08665ac88c1d96107d04cef2284683
a
3c6d1d767c52914b12e6f662e0603340b4c1627578ad14475d5de42f3e9a96d92247a9ac60738be1
6
3f661fe2cb8f35a0f5aa1c0b30e014c52e680c46219fe7f78b80ed0c10863457209fcb5d70f40ff4
6
48f0bc9d7167169b640e2513220428571ebd97ec9ba7ceaa6739f6a2c1a1d71932dd10fc6aa74dc9
0
043636572ab5c518c0709060e175fb62cc07b8d2540181fca84f5dc3b4c39d8bb341656d68cdfd65
c
fd4c7689573ff1f7868263a3f816ea3f62e4443479c3f81b55d2b841defba77c11c3304d288f090c
b
dfed34c0a467dcbfbe77419343aaab55d2bb4fd9557e122dd1729b5ee031fc32311550531ab78b1e
e
3397a9260c26fec5f4d2e925fbdb9525eead7178ca405319e2d64a5c07cd5fe02e905b7e4cae37ae
d
0be3bf54fc39f60d662dcf745dbad53bd11c89c704c455df48649d6fa07317dc1cb39219946b48b1
9
614988ddae1312495f89ebc82e83e181bc7dbb67278d171252d7f1a19667390b626362c8388c3141
e
8411faf4c7d6d21facbd0490b62c8f7e341c6d985e19f55993ecc08692bdb2fe58ffe1ef4ab51eab
4
a6913efb2027025da5d6acec65e6e2712a39a9e83266d2ba3370219096ce806811799899e615dfa8
3
1a6e2e2f35feb86f002f5d4271ad00c773d626b7c64566f95a3be68a09cde0344eb23b18c2082ad1
5
f99d99ab8b63bdf0318306df0b60a70962b4f7576c960bed087b9c39a0c4ec257d8af4a616de61e6
c
254d6e013bbd612d5b5b960f83a0f1d51f176beb13bb06e821879a3b68b4133e53282ee4ad35c997
9
f6fbb3d3a7d839dfa02d96cc4a50d42863cb3a53b3bb455565809c885ee2220f84d6979c1f61afcb
7
cce8bc707ea132135a318be5544e2ec4d0b58855a39191d21960938172ac5aae633db28dcff18465
2
2cc8b07c17a5069c87c74a41e268116e1991a24c2e6dd08f2541ba26a3df3e611d2d0269f3fc729a
a
035d8e6538f66b86e2d1842e3a75c7b1f841d51dcfec016b76795c9876e98a902c01917dfc720234
4
ba23e9e8fb3d9579c0259dcc022a8776b1dd5fb6206350d2a1dbf79da132de7bb387d9d8eff9bc76
0
09c7d3a965cd4786d834527a4793e158ef4dac969baa3424dd87195a88b97753114834be10a33aef
d
cb54e4f7f5489fcf6fc506fff88aa5b4ebefb124d939992f0a4916bf60ec6e5b1d949ce3c86c1dcc
6
6d5e8bc9e238863e280a7bdd9fb5577f0002e09c3d6f15844f585e9294e93d105c827db4ba632b86
4
755ff570fbf0d33489d23798c966a18ec639a16cd133167778ab4ed61b8f9fa91e9e6722f753ee40
9
f00da8def2c9f95ee9dfb20e8d301d521b224b2317dcc4be6f6c3d6ccc375619c3129fbc73d80f61
8
cb96d64a54b569b5529b53c537454008154f1f877590d00248a30aac79dbddc6ebe2ef1c524829d3
4
1faaad38f715317d4b0186480fdc3aee799a0be67b851920fc80afeb187e178c64d60332493a269b
f
09d25c9a45a33220662bc5e0a33a4dea0abe4e327a8c5240f2c647c0c587d4ab197a0581b7888fe5
a
aaf4146f7cc5140a038e334178579455949aa72f0210b2e5f13da73e172713912effc6e236371381
e
4b32dc680635c1aa18f83a28525e3183c0ce6f41746a25bfff10bcc97ab260b96e760eb9a8fe88e6
3
d0db79c84233bcddbcab903ba7cd27e63bb9594aff22486eb4352dfbc102cc43ee5d2ccf5c57e80f
6
5a49a14db2e5d47a4a79741eafef488105491dff0a4b4620c0f60c73bb738789318797482b92f07f
1
32f4360c7a7d38a77b4ea3de5b6219b50130a7e9b7d8db9981a21268dc4691a0a5c27035cb642309
7
124c28e0c13112d4348681821b258a4b0b7f014ad3ff82732a478e99ef31fe2b58dadcebf7f4bb10
0
3de1e554d31e6f8f67b7eee68c09b238a43f4666c55fc8df761f4e6f4c2890bc1c69cd6c649a74b7
6
3e49f6bb51e31ad99ec39651a507802c9664d5a1bdbf8b18e7183eb5be387aee70d3eebd04ca065d
0
3fe8b35e62340b928e6f371ee4ad004d9eecd7175b37399dceaa3351b15a3cf16c49f99751fffed0
9
cb5f160e72b24c5cc567341acc3da04bec4459201dd4c8d57a60abb133c1a47b074076c1ab4e81a1
7
0754c0d12594b728ef834031fd9e8acd229b767cab90a7a5c76b75311e4c0e77155b649c7680a0fc
7
6ee2aa229a334a357b57c3f04775be90fbe16592fce5c96249a14cbb4f63b4dc003b28abb5691339
e
77965413f96b13b309d73a6995acaa574f4bcec74bd8a0b9a6cf5688ee5510e2a6144ed9f7cf2eaf
2
988247942f13c7cd53b6c538c0d5c6d6f9b43667844f91445f15eb18bb6310e7e00e1cae42cf237c
4
6653e43f4c3754c8aafac20d3b3dff09e8378898736d4ccd06b0b96a50681795904561f076b5346b
1
b416612a62098ba49676fc1ca04a9f92f20e5491bc8bfdab83fd02a8dbaab4bee88f481e782cde1d
4
d9cdb40af394ad37fdb3a1c6269ad6f46d5cf8dd87694aacf4f29b07c1ea0313543b118c3daf8c42
6
dbc85c24818af08c89c75c5bbd68f97c1376484cf7c144fc3731d9dd1c1d160495dfe42ad467f06f
c
10a89289778b593109ec70a0543e855cecc5e7d3053b018b73586894974feb66641593b5517bfac4
3
df31a829ca902d571263c9c04648483cf370db5e93d7c06f09592ae4ac1a82f675d6203cc77c84d9
1
4662f50c9fcb0911cac730bf93dbc235caaaf3e00ee56450f2ceda7a1ed8b3154f9f25be1aedb375
0
165c05785d9d613fe22270ec8a86862b5727eb2e462cc05743d92d0ce649e626d4030604a8e17e69
f
a7eb5cbd22d6ea879d95dfdb3efa4e9bf5547057514b08cddf75b77f5448f6aa1c1934e86cb1c567
3
df0301e3ef4ae12f244d436c6c2bdf8f7d06ce53cfcde9fbef1bec9596a337899b66d862aab683e7
c
db585b2689c0275fb844f22e0971e2197ac27949367a59feef13ba285bdf073328b9c3ea01feae94
e
e73c28412e4b56971095cb7406b2becfd5a965307c8f74c13eddea1d2ed0f54816a26b6390289da3
4
93cb68a299e69b93939f18d4bc1af561b63ee4e83267e9c0d9ff547c0031e6a3e8379e7060748a10
9
f325825e0419629e77a10a3f92cddb1588ac65d4000e5285e968f705787ce383993fb9287228776e
4
b385b25317810162ff463af71a68f1c2355b7a66692666a035ef3921a61444df236a324330d1621f
6
c5cbbe3b16adb51583935dc1a5e8113cadb0ea0c4bdc9fa506f35d387b0aca02a8ad1d17a5d78fb9
a
c3b8ae00824eb88387d66cbbd9465e0fa35aa3e6bcfbf49b85c772d8c87b6048027026156413bc88
d
32dfc7794452fefb016a5712dfb66efe62bffb0474814771ddccea09e483cac57b11868a3b04d148
8
8953ea5dd6c5de8e08e105b128c4a5909f963d27558a7c446f4ca064ebccd317946cf90fec1af90a
9
a081503530f3fe95f731ecfb3384c0c29a4b9369aec05c4644f6323c9765711488b0abed834d5ee9
e
91478afb28b782c2b8c1c8c7a67af58e462cb75bd74371d65c95e4bec6126694e2daecb318f08137
2
ddb18e419f0d2769c7d35516b21c15515d49dd3fbd1e45174bd3bf8bb237dc83c74b9e42e9e8e71a
4
ca957dfdd52dee6b1fa19bb2dbd8a86228a08dcc657834af7d08d25f2d552a3db16e51bf341ae443
4
6eef47f9a393fa8a5461051eea814d703ee92b82f99b0acf635ca70051244ff66a53eb046fe77121
8
83779e3eb10a4da9867b8ca158fa1a1d3692053171e770c0dfe5a7c43130cd8553a4dc203a5e202a
1
a78a25ce5aba99c5928ee9fde8c703b134eb76aa1d7e76242733291df30afd1357d7fcdf824804af
3
ef4dd98eaccc40405499a31b0d7e45410b6f95feac2aa1282909f2fd8a5dd886474153f7b72780e6
e
b179a453d0b8b5d1032be888cec7c343f5c6be681c251b20481359ea521cbb670ca6183493e6aafe
1
835c03a1e515413f575c98b32823274184e4f12c785312d17cb8be0bd7ce002f29cdfdc6bcd2beb4
9
d653bb4af56125b75d0b0adb4599b67df09dfc3175d6c3d818e0635cc499dbcd0b7d1618d75c2519
3
4c9cff9795beb434c1632edf1ea62bb52926f635fcefda2356ae27de97ccfe7db602af98b32067e8
b
65df5085dc5df701f5391bf8fa7117eecf441a1b48bf477a44cf4e8d0a5165df806d5dac95b850e6
a
de15c259fbc9da1345315842767ab787f0b868f35753a24c27bc181d5cd1480e01ccb57d33b3369a
c
674a29b95180998c01286b7fccb55f623fabac00d09d43915852b79472301344779a443fe46b07fa
1
b8bdc3a608704f564e00f1f609ac08763615033f88d335bda5a57c5ed76f5fa4f7b2539703997314
3
69352a89ad88fefcb37fdce309cfde1460f0ffd2361c54537590144b9747621f67f0199561ad8d05
4
a6ba32cd947525b9ea08cc04beeea7f9b2004c6cea31fd6b58c469e6483ca3cfb7874017f8bbaa92
f
a74e214a307ac8177f14746ce045cb0716388e988ac940e24afa0dae8cc0f8cac3e5a948a86ea1d6
2
66e49ee8ee28be5056f9c93ab726635196474054f8ac8df5ba00f83b8db5423ab797314af355cfcf
2
6fa41200af115897ffc89c933204b45d331bb701086bf3f60216861bff43298bd1be9992f8794f82
2
fc04c4c4e3f14f0a6b47add52d9e7993da7af69fa8dd5a8f88d252b8b4e79d51001819de5144eb4e
4
573add7dd26567c1cb9bb1032d97f129085a652df4858cf102a3f15fe9f8f6242cd83112ae7464a5
a
ab5d3331c36377f17db7e6d93cee151e68e21e7db75b90a2e1685eee956f986644d65671ebd6edf1
3
f1792341d3d3af2692bdf54d9c225d5cf420eafe2ac3af7fb8d8ff43af7e40e0d749f5e161c04ff5
5
b484a23b2a55de088056b2df88b37cfc9f416fc6b8588c509d4ca2aa7ab29cd2b0b24b5673d12816
1
372ff3d6c865cda41c5c897ea8b544801d9b6c1ee5dc3ba5e0be36265ea829130ac8eef875ac6ffb
d
5d85f77d578e4f0a641dbbb13b9b80121e8e8fa0339ac54331d613b8ca7e56ac4a8d95146f4389cc
1
6d12da552c0c84213e6710204cc7958eefd7a4b8c73caa768b014c6c4b4c40c8c287a2c7ae263696
6
51d386764d9d28b0cb037b10b37eab79f7d14b2d455cbbaac49163ebd95a34d03e523fd097bb7bcd
1
ed59670929f5edfa126938909a5daf230bfdb3cbcd8e332deacc508ac3bc39d73f1d541f790961d7
1
01a298d72a7cdf2e8fe8e4ae300a42d6f4dd395c410ff9a2ad1e08b11a1fa73a7c3f9c55aead6476
5
701d2b986b6d70f95020c781ac891eb8ec299b1d9b5f146e0659cdbc479827e46667af1f5aa45b0a
1
101b8bbe1dcaf0f465b88617174d452da367ee67383a1ed94e50eca8f51ab48799e133176ac69647
0
27158795b280d7dc76bcb837231b14e95b65eebf4e69a489c258eac9fd866f86a0c0efb79d9706ce
0
ceeff7fb81cc30da89fd2494d699005ddbaca3bb72ffac6722b9e6a8f0a1179647a26a9a8386c410
3
2ce765c0f33f7e18e8ed20acaaea7bc9338017aaed9fc060f8570e9eb7ef2457cbc622c0623bbea6
c
99440383d0a21bc4ddbecdb8f54795c1b1ae89f69ab5cff98444f47289072aab76215446f3a95c4c
5
32f1d54675f8366cdb08702fd2ab7f5a156b008c1c134fbdaa8f2f96e61a9155b7bff895b4b02d11
3
ef87a3c5ddd6a6dac33d97381ae6f20a107909d37ea149769762f56d8595b9a6cfa1626a577b6f7e
6
fe58f7441737b5d2a6a58df71350cc17e7ddcbf521be663858b549ace9486e9e659888228a13f87f
7
ab13c4c0db73596e5e73fd719a1d56f0d7ef4468f97043c4df82cd8343762e8426abacc1d7a4a55c
a
71b9af1dae6d655b89e00e6f52ea59c1e2e9d95658ede067712eb321ff19a795c1335b555d33f33e
7
d8b6076f4cd0c618245c8ee888b0095781ea0717d3ba880bcbe0c75a450fa12dcf56ea26c81db98d
7
aab1d97abcb7f67b069fecd7909ab0bbc71dc282cf51cc2b3361ba0f188985b7dc777fcde333d0e5
a
3fbe6a69dfd2a80a02ce45a52e87d6259014325af5b3be1da31873ea92b60e9de4c02103df84c11b
0
745dbba2f532296d91c92e2ea0dad16a11380017914b59c220a422a4b8723b49f67909146bcb40fb
1
ba4b261378beb9248b99f996990d6958b9a4621d4647cd560e3a7421ccd6c6dde7fa834f8f005de7
e
36a80b79d131214a9104483b9026686c096a2097d2029672b28fe9be6902fea9c7d598166fe2e1b0
4
a3c4d37533008fc37304620fba7e5d74ca14321f27b45751d6c38dcd6cc88a91ac58c8da78d576df
5
7da1c889e27dcb55c98915013da86516f8c82353739b05d761c479269616020358d6a6299d70afdb
2
22923aa917019dad44f4b2f3b3b10ad41fac79fc842ca74a1188111f1e2cd3df7c2a8b154f677940
8
38cd05a54f3fa67c37baa534fede73a64ecb0e5aed534dd4455d99a03bdfdf97b5987af64d371199
b
270608722b53ef2d8fbf9a7fccd25f478f235df1d33a3542bbfb324024cf8a1e5d24fa7d590e9bbe
5
e8796df44b13f60dcdbd71328eee0d7dfedcb38cf941aaca33e11446841700b617f4713fad1287b5
a
9af5e6aa1c708b335ab322a3f4695f6129bb35c9399968fca5adf2ca63e3f474ec36c26d3b2f62f1
0
3a5601098627a82b0966037ef0becda69d0ffdd3721e8e2c05968caf2e4a2616c43247d481a52611
3
b82357de38debca106c18f866d9471080f7564ab242bd690e3853192ca7cdcf802269dbad3e22744
4
b56a0f872c1b68fa49f1feddf14f2108a84a10e6b008cedee224d9ee6b3b156d9f53985f53c8d845
e
09aaa075aea527e0989f3d2e90f2040fa7ace53ab44959aac9f77936dfc4e293656ecaf184065597
2
f920bab3721a03bf356d888a828fe88415818451004985cfa941b8fd3ab2c8940b8d1b76c5f9a9b4
a
0decf36ec3872e0814f234cbd73cb5cf58028acf6e519652ecbe1551c54c2794c03c29ceb8fa4c1b
1
9346ca1ae4dcbf546ae7461598018dacec6aed51538cd367837d7c09abc9e8aa5aec3fea7c17f354
7
b12ad25bb44c04a9e4780400ad177220404ec78bedf62d96b50abe8af9b3fba93315520586f5dff2
2
df24c54915393ff05c84a6a9e5baec726c8dc9fc345f2692765ba3845abdf1207504cfffd096516b
6
1545930beeb57af7a5c81791f8dbfe1c7931d3a4ff04d5b13f709bd7e7add6c07b93137468f90193
4
59d71baa8a97ef17d8a07a193206deda0064141ff1e4889cb671682f22fb69a2ed454371fbc0971e
9
e4411c23d2703abeaeae7506423c6db584330bb94ee2b09f8cc285409e3791ef8c65f581ae38cd72
b
6fa515c3a418b1a48d48daa17d6f4eb3b822d13f4c8772fc9a86b24600eecf395cbe1451810ad8ae
f
dd13ecfccae32b6f7201eb9523fcd65e1f077f398e7a86263af84d2fae5d400bea8ca8fc78c8351b
0
98ad60a934902babd8a549280f9a5eda1893020134b9fe1985264e9100544e6edd46dea81b266d77
b
34cc29104461ba581063ddbad8b3726106927125359248b1add9086526696e2ef2b2c374d1c833f0
1
c760b5e91ec1c79286f0f6987999eacbdfc3549cb3858f042ae5674b9a041c2f2c4f7fe62b8ec8d6
9
134346dbfb0830723b078360d1561017446603e36071b29886e5cf3f003cad18cfa558481ff47567
0
00dccc3f2960640883ef96d1dab8f6a5c4fd6d90fd02cea84a6a5900ccda639bbd531c45a17e68df
8
04ede416382e043bac440509863b8448d8c4dea193a2dc390a490bcf4b130fb982a5b997eddc2ce2
2
7d5565a1912c86d850f43900979868422873670c91701aef0899ddc3d6d2e8002751951162d2d98c
d
7985c97198e12522eb52d7d03f0a637f4e47022d0a06386e11df3a18357336b6e5dc9ccf0c445119
b
f586486d5d5fc6cdc4a7271ccf87a75094f2c92c3dbf937d9659eff9af0f794aae962bd69b0430e7
d
3e870715aa765891ee91bce419195fd882f85d1753887bdb7950537fbbffcb0f8012ec2c56ebc3ee
4
24878ea57bb2f5e16fbc24d00b88892def178771dffb36ac6182dd0515732811d0a5c645cb2b6389
5
00a3c3913b2e65399a8f979884912bfb9f7ecf85c7780879ce53fe558cc031f933cb5189b4166ba4
f
20c283954810716e32deb5e081f097d6954535a7a826e304035fb350a498952cda6a94d0476134e1
1
96026d71f8e0889e5c246a0a761c305f1f67b920c300feb1388b0c8edbfba23231fef4e1b48febac
4
e76a47eba135e1f89083e08d73c590fe59e5d7fdfa6e6baac177c9c568f52e2d7b3cc9736d9a418a
8
84bc7f5f39d6a8f181e23abf05e8a2f43f4be5e06166f5a3020ebc72fc03547b0cecf2d0450e5702
6
1fc39f9c89a3f7285a6c95a2bbb975249dbce315d5fabcf66d75a2dbb68210a467e4355f1953b39e
a
a4e611659ee7f6677bf79478c0b3e6a53523aee186b846a214ec0f3e991302803ffb496dad02082c
5
1f1587533406872c0d027dbc2f0b693cbc103ddc4887974077e2591d4356221c6487547f2d7ff24a
f
922ec10163d3c495216393f257f7847fda0a51651e9aeb5936fe686174aaeb091634b06366b52ef8
a
c833c2c9664ef6a0bbae14d91aaac81a62463bdc744a0346572dbc148d66040c7ae572ae53c684e3
8
164275aee93682c31345e090438a15da8247302799f44e10d32b693c53a96981cb7d7fcc70a2c325
f
ca12a26ac15e7fe9b0901cb2293f1de5b4b18f0816c0344565909ee2b5f1f01d9d7411349d5da00a
5
6500f4c26e5489f9f0057d6e2e5b654400948cfd42235d3dd147b4d1da76fb207d63dd6dbfc7b93a
5
2ad439b3b35b01006274be5f982174f909e164302e1eafb3010b042793c6ce2b404ef0495d0b0729
0
ceb082a97b1de15c2f2d5a8bde5fe25e4fd5a02e83b1d50b5990a83a724ae601f67e5c2a9408116b
c
f63d3e0caca709a067e6ef11931e03a3ab8741da0aa4599a38865ab353adee9c752a50c3babf46fc
a
03eaaef3bec10726d0546fa3cd578ab824542206cbdb688efe537aa2d8a5ff19e74f0285451c0fc8
c
c4dacf718735244f61405c4d3f175d79282c3dd21441d3e11e4e70cddc85974fd11c4c798972714c
1
eaef516d6b86c338d38d9ebf36b994afa386467cd303f7f42d79a097f035372553c66e13a06a4128
e
e1a075d6ddac7c7bff90b3bd55bca3cfaadc06e36aa6052df3166b3129e39f22e87e4c6b0f85c861
3
42885f58b0c871d71c752ece64c3801510493bf8b8ae83e85813e1fdcef0a15d80e380dd0bb32984
7
2f6f40497ffa330881e3fedacfde55dc24af41cf38724c04f0d805374e2f158e737fbc68926778f1
9
ee62e248e01348243505cdb5d210479fc0705fff24992c291bbc72aab30150a683e601ce5e1a0f26
e
d2941d3634b392975c67b2029763b79079022e2b5e723a35a0931e2f1262baa038311801896ba016
8
fdd0393435d6d49a2ea66db9627f3f9d2420db0ac549242b542308918b3e787d3ca966a30334fd55
2
ce84caa57ed20e1d3258bfd0d418728824062e48b53a189af46f58ad644a05196d5bbd227d74a974
f
25f3f11efb148f57343fdad55aee22f53950b8ae5a39b5b2c31b53804ff19af5b3732e36008b3fd9
c
86477f7a0c713c6ca62fd9758ed846a073b84f55b80341a46de2ea21c7c562e2ea75308bb7c440b8
6
788f1fad9a7e1d63bd4e8a088e797736d8daca188f83c5d9dbeca9036defd63f79f88c93b0518a40
7
2b618b84c2bc6eb9b15fdf2590490b138abf093873dcd9e0c654bc7e5b0f778bcefc3164a2d63466
8
3993b676b923899c0860788a35e5a657299063cff04f754d6edbb13c03a13290f0a18ea906cca22e
4
efe95685ed9dbfb32ece47fcdbb0aac9dd2ab216ae9aa5a1dc18abe71b6a7e3685dca792b0766aa0
4
b466d6add69b9b9744ac2ad0d95d1964c86c99071328fa9df98f6b1699c3ad363c129ea23fb636fd
2
20ac17b01d94566b2c8a979dfe9a6a0d208c5ec66d4698cf9069a5894ae06c547e48e959b6e8a383
d
c011feae4ad79f55896b1c51238aaafd3bbf816eb696dba506c86ef8f00d749f4c1772f9145e7f3b
4
671a7f6d3c8c2b2e252f13b8f512feff8c85ff0b423630cdb8d54c18d3a461fa1159e707045282bf
5
bacf48eb24cf82e1f0126e7a1f21c6ee63612955f28eb1c9cae5ddd3792ecbfcb983c231c32c4c54
0
04a1388a508ff803ed3b62ba4f0d3f4a74b3edc4da1bf181576e2ad74594ba185b874591b9219c66
1
b1e6766c023e1a8accbc0ccb938989fe62c55f7ef23e56be17949bc55758dd2c8577a936e174d51e
9
0f6b0349af151e651134cab302796661718633b076b40824c2fd5d73eb7846df08941e2ef4713f04
6
dba350576972178d1123c9b848e736be3205c286b84838827b35874e4d1c8836a67111379aa1e7f9
d
e84ec76eb31d1142885a522945c5dc03969399d3a5ad7d7b93aceb9b77eeb42f3d1abfc6553efa87
2
ff51f85ed2a6ede26ca9668e6f678ba443f65c8261e6082791189664fa4b188ae00ec9014798c83c
a
a882ae601df90157f70c63551fdb5cc69f14c2ee99cb7fe9f4ef186ea84113208e7158d4ff2bff66
3
5f7a50004947ebfe78bf743ebe44f8b00f833e313570542b4952f78676d6c8655e6e3218eee96d40
3
acaadfacfe9ad574a521901093a4c8626861a84e0d84017b934335db74ce34741e6fc515642ffb95
f
e7e55214a71f4815b48e5e08877cb96e10f6fbe4f66361ad9884af37904b20c11540c4e208cd3d90
4
63179b73190f6141842c5f112af737d11602be2f03525711c2eed219963fd4a8e817f340af81ed3f
e
fa353c77ebcc21cd14bda397c8ed580e8948ef5e20bf21f979f3bd3cf4194125421704d652fe32a3
c
b0d672de297ef3732c60197a209bbc240aee697ca3aee280c1a764a937d76a7116b59dddac7693e2
c
70d2a4d72e1a7b68c6db31f78b8ca82213bd1a006e95d18e2395acf496ddcb272375b394e3b64580
8
d96b3b11f8efa5940d8b43bfe8f6c547cc78c79c9d5421e257529a3b48116197a498da2f0636caae
0
c9807ff28d694cafa2f5919d181186f648ae982d2a94b87379e942156de70cc1687398921ad98fb9
0
c63246e688913c09025771b5ec1ddcf7b984c833f83da9cb1cf5b03e9bf196b0e6eef86d84cd5be6
e
7da44581bec218a7e3a64f469c3288580d6817dc6b9dada5b50803045e52d4f65fa385d370d64006
a
5b65d80c27d36c8e889d270759ea27b09018e87193583449ba41207b217cf702bdcd1866aa2aac3b
b
25cfec2cff66ebd98764076c96f1dfd180acd4f563c2c4da26ee5d56dbcbd3f69ba24eb9e8a88879
4
5c091029f0d75d511d848a270ad3403ee2d20df54a61ac84c99a71c6dbe648bf545124f685b08322
7
61b5bd99e146bc8640c991d1d9e97800168959f47b7d4569556bf14eb42725130b61509f64fd221c
3
5cd41dc4a7f405be809fec430d38988d56afb642df963b6bc647568f769f2d1c40e9865dce75037c
5
9695a7caef2f745e5519c25dbee1ada2a6988a0655175ef5ff2ad186ff58fc915fcc56574ad13efe
e
ed01bfc64dc4d4794e4453a078351815c6276dc371394fe6137f4b9a7d79fc62779b9ecf8f0335c3
5
eda3fca713be487ac488f3789b4106fe976a9a49017bfd64811383ae388fd90133aaee9c3120f0e8
7
027ae006e03d2b452e26fbce69ae2cc382a58c9297885ebd6a5a894865c10d3c62b295a3038a1eba
c
4a6014317abaa4dace066632e53dba17409e973018b761347cb2c933fea2e132c6d2fe7351c9ac23
5
06c260a2909476aab8379ba858c7ede66ba0917937cdaa714f446ca0ff8394aadb7429a7353cc173
9
e7bec14e8c22ffeea5f7ae3906d628a9fe1576450e18850b58344eb1d7bd24455bd368ae7e15be45
9
50f971d6414b6ebb042712bebbb81a201991ef8c4482569248e7b5781f4d08fd46e0c767cee64d6d
9
2b918912fec268378ea1b55714f9a62193c51d7045d003e3985ad6ed9fc4ceaa60b6ea603fc1cb02
1
a9337cd03157e0e51edbedeb1ecae42ee339e9230362c8f6ed882391ddaf5a2ec3629accbd3ba1fd
e
d27dc993816cc764a50180f88b249159a85745fc39040914599775fb2841f682571e72d08163831d
6
70c864efbc1a4395d77134a82dd35ac01fd97315ff0e073ea8deb303bf073723bd8b02c75d17d5a6
0
3e4c85699a901d32d3d2e80d87a7883d4f4147559ba4ac24867a03eb8f4a745fbf08c2838364f144
4
e2d4edb76f689ac77d72d2d7bac3f71deabd3d82aa08319f5d328b83eb4c29c9aa1cb5f03a894688
6
863c9da58c58eb59066ea79c9f160328f29a14e5f36cc3bcb2caad13bce1d5b1132450b28045bbe0
f
cde291e433fb22a224978cc5aff97ed1436fd9d3804b10107bc38ae4e63306f1076ee3580ae43988
f
018cbdfefe7c2c1bba040f7a2aad4afe4c504f1f5a736934af94643faecc2de8bcefd544861c0fce
3
4578e44eafe02a82f8aff2b32216e9d0c5a68df928597a9a5ec2d848aa013f73d276012b8996d21a
5
09f807b4bbf80d2ac5ac543eddf2e91b230e8f45befe723499fe1f0836879e9e6e2a5113c887122e
5
9bd69ce55bcbcb8b836b75c27924cca7f6d8b4faf6eae4ea2cadb0be55ebd60a89bc35cfdc9420e7
2
e935fe93185f54b0ec47fb16c78f632bbbe231c4b3cbc57ae31b7dea8192041bd9ea8115362ea95d
d
9b325cb50ddda5c469fcabe298e794b50dece4e3bc6b6983c5ee9c2206c71f35f663cd78e6afc9f8
2
2fabc6f5bd752e95e0c62603773a33e8b29b69209fb2ce7adac9bcf312058fa8c800b3b4fe72081a
5
b3a093b368779db065d556b04855e89ddd7b41a2d1c90d2511a8380aaf92bf90c57a5ba218d1cc58
a
1c16f0c2eb4858485205f5e6fa996739b0ee3ceb7b2e21fda3a001387d97091b699dc59e5f8dcaf5
9
1e60405fb856956ff7a5911adcd02235627b920e58891a816ea07d3cf345a0ee1db9366b6747af6a
d
cdab5cceba8f73700a5a1cefc0f8dfcf5562a85f82901e08d49eb614f818476fd3b17285dfaa3bb7
e
76697928a686da50751708928568a2e96bf53eb00c7e5d652115f67c33f6db59b4d4e3e05ebbce12
3
739f3911fc6bf1c4515df5d2065ca2674cfba69186f3d7dbc4267afd4b0a189ef9f3585212083c25
4
61a0f978633ac43950c85799886ed85ee57b0562feef5c1675cb731ee42254545fdac12dc7bbf916
a
d712d6edcc0c061cdaafb599c2f62a96b430124dc555b2acb6422a55d6ec57dd5e9d62b994c8a9bc
4
54f169ddf6d8fd98edd8e6b5ec1554f8c2ab9538fded1c64704c8d513ba6ffd25c9eee47b4a28d39
3
1a245c95871b2a46ff47684875ec4a80e3d78c82d14b7867adf2f969b96b8df8ad87ee58870cd851
3
13df7eb268c61489b6f567efbc540bc1006a7171f8ef58b165c4929b27efe58d9efabb8c3a1432ea
1
5a92487a55909420e9a10bdcbbab44cfd7e10bb8f07217d67e604c776faa7e6a41ee9bb04b204958
e
5ed3ef806e3e216489e963a282006655bffbb60bb3a86f25d8e41eda7e6cd709373dc008c398d78d
b
d2b661d38db9529a899825dc754b21ee4e846a678bd998824c1a6499ee3215b85fc50eeb6994716e
1
1883bba04da09a6a80d13aa984b8a02ecd625f2ce2e01526d42d2900551e3ed011410c2c1b28a676
4
8a978934bb1a6501e5f83a28ae59dbc2f0a3c73b007c227277a4c222f0560da5770a5fc7a840ae62
3
1cf6f988b949ba02c7689790e5496490b867b914b9ed51f486888ceb70617658e1790be2ffb5e322
f
ae56afed42e390a01ebd3ac7ee5635bc186096b4f86291e945f94f777c1193b1d6adc8e43850c73a
9
e936b62e009427fb293dca75d117a102915df3f32f729791b2403f88d713773d34e0aa1b48f01e89
c
540d8139d1bcba15aa64dde21afbadf5c310a1b081ac73c3d5e5299f47de23cc801b31a5a420ad47
a
78beffb40ab23e91881b2316d3f42efa2d38dae09636dc4df6744d6e9de5fc19ad86c3fc02827d82
7
4f80aff92506b8f38c2ceeb20d4e5ed70455d3111c50e6eea814bd57faa440fcfd2c4f1c4be31bde
8
a3dae1ccd9d9ae0966dfca2dd6522cf73784d40025a84f519b5a6c23a100b71f719ba49c0f9465c6
5
07428c4b9cec5c950ecde08e5e024ddb2bade31f38796f63f8b800cffd1edf7d14b1338d299bbb9e
3
ce9cb6fecf31b6df5c95d1479ff6afb5a0ce0a722bc08db39617eac609fcf67c61b5b6954c86f6b5
9
f6e0d99cd77e53b1c243fd798c37b1ee1560ff07910ca0fd4c47f0a7842b6f1b426d4492728c8247
7
7a0195652829046bd498bcab2d57fc3e3941a93f742d88c33f988da7907c1814250ebd4f682f7794
1
6b0413c9f4ea9b26e3f7a7cacea6f1df250a1547a27ed6a5ad25096b8ceb61c04085a49db7c0946b
d
07b23983b90df258b072cba6099769ec3a3d3f9767a86fa28b2315696459ab39f10753885f2fa8a3
5
9290367ed52aa4bebb51dd58b56b1971c14f49532591ff47fc0922076f5877db3ed51367ad51bc24
8
8f8047b951b3252fbd475af0f01cd541eba97f7fb8479d245b797735984d07bb5bcb41471b37cd69
8
a8668ea192ca52b0f570bda03e3b52b04860f289fe98114b4fab842a55fb3eee1c41e0b57642fc93
d
da351ebb9f249ccbb1a684437782cd65c414b0b7063004abd7a48c25eb2f4b0c952adc906fd7d54c
b
32846c26c19307ccfee97ac14bfcead3a5ec66e2f6a1e2e2ddaac57ae9e4f9f42f4bc25d3ad292aa
9
d1f75b17618c737e2917b25aacbedca9122b28385c7e85df77bb2dec6ba469ae7145686b21e3e50a
4
c438d8b57ac3d9b98824870f2381b83c1b9e29470bb8629af451ec5381aabd442ed7ebac69c5d0d6
f
603fbb94ca6c981cfc4feadc0e63f82d57e86d3b55188e3a41be898c0d7348da6dd4ea4749fb949e
c
3e63f6ca52c0ab045c8763c7b3698e89b6922403aab242a069fd3acc41150b49a223095e166fcf95
0
9516cc550b9a32e579dd58f467e52306f868ddbfe1998eb38ded06d050d289cd8009aebb65c94849
a
a55f52d35bfd3016af6c1577d4ab8a1c38ed9068ef0521d74f55c6d434e050a9de4a3f88925f3775
1
11c8cba1f2321e04dd3b971496411fcf4307d25af6020ac0ce5af87e4789b22c8b2f965f279186aa
6
9421d6718bbab95c5fbb1636e6f90a944f8870fc1aa5fbf504c964d20a34252fb54b5dab7f3674aa
3
59f561ac59a8a74a391bd6300ef2246f366ea67633ca2a8bb25261a3e40a50733eb12aa24681d202
e
c64520bda8f2c30a346ce9dfe3f38cc893a3b5b310e74d8e0fdbc1040f126f4d288c7f0b9880822b
1
398809e3dcf8d75be6a7a394eb179ad4db3d27f2a1576557b718abad0fe33e7d50b7c34b1accd866
c
7fbe312f2c652900dcd3261ebb243ef92542f4f4ef4a2b3f48622322a5ae05f301014153a150383c
5
866468974eba6398fa7a38b3853d9afa0216eecc522dc9dfd533f97e70c05d168f6491ef5a8f77be
a
8221ce7c436f57c8f5c65291cca41a8a8aba3defa424fc5eaa85cc4e1a805cd45f5d36a08a9f8a51
9
7624dd2ec7a97cf325cffe04301e8fe2c8c1d2fab6e7f438d0bbd103a095123753321c8b3e0220bb
8
91a2015a30d3e3ad92f051bcbab415c6df1a81da071899ced4dc4ab5ad7ace57d47953cc0f395845
f
3cde8afd4438decfa741c78fa87cb250be6a4a537d44445a67ea858f592728c554d446a0c907ab40
e
025a4b527ebc8bae15e999e49f13fffb4ceb00fa5076f89a9f05109886764e27bb868514434a5cba
e
37f91ac7d7758876b0e309300da6bfe8f6e17fde0f76b1fb632aa4d673f70c90fd6aa0db7f66a7ba
7
8a324ab008c9f1351494ada25644521752f885196f2aa87cb5c4e73bdde6390310d78e7cb91cf157
2
f5282229799313802fd4c8fb1d3667f53098d0a2b7420fbdf175085d27898116ced75193f74a80fd
1
cba11d5e2a506bdc7a8a0478e90826dabc6cd2137c989ff894fb2edc6b8d9b0cd370bc790a0656e5
5
243d209a8b1
"66778281"= 8f76b6d390f9e05f8db4308f96b7e35fc9dab17804e10ac3447d8a1572ec40d3fb2b2d1efac7be45
b1f89c6a6442f855641299b6b7f3d2951a3fe9e83ed9948779927d20124899ef7623a3c7882f10cc
3
dc48324107307ae757da76b57ae4c4c76b162092a22aa46c1a444df6ad435560a764510aecfa4bbd
1
f9be6feffe99c7524cb8f63d341226abc802285a84d0c6145b438ca85c85808d5223b53fedba4c67
a
d38e47b3f0a1487f381b5c297418bc578f06990db637e6eb75fe29fa8b2d01b309cf013d2f8d6932
f
5b5cc2d8fc8cb32eef2201d625689d0ab697d43e3a09d6f3af737d53536d9dc06a6427c9f42cd315
e
9adcd7f4c88e75456f528026c1c414af066801e8afd2bc7e2cdc5e4d53ff470e8b8b01800a4dc387
9
197c52ded2a2f10785c7f75789e1af8b463c31f3349c9323cba5f612065cdfcb205bc891c14624e6
9
38ae5ee8c7fbd3de7177cb35c8f5e3335af3fbf18b925aadff0172e49219f41ba69f311ece45be5e
9
b5733d05b9ca5b6aa913201fca37dcc7004961644f3a91cacdf004a538b211f9a286aa224b93edc8
2
dfdd3c9165209ef0de4c780c9aa573698557b6e3629ca655de4cc9082ccf86a7704c26fb20751e62
9
789c023f82d279346ff771a05157ba8bb851bdb67c66cc07e6b4bb2e69e122179eb2ef4f23ffff71
8
f91f2eb418cc9c9b0210cd45b294d7732bb7302faec9309a5c5bb5f2df8b580caa90300c7800171f
6
9d530356e48389c0751ad74fd3ac4556914db1f8f2165591b07c772fcc7a1406fd1053749ee7becb
9
e5b68851a5fe8ec1dcafda83f8c8ec7e87d36aea883d876e0bf2af7ceaf5144f1ba5c4c528ef28bb
3
7fa2c6915292c1a890c9c22b4d6d2d076135fbaafeb99d62d1f3a3a155e47e47f98e2e7e7a206832
c
e558ab9aadb3c29547710b46a4b8f58c60381ef2a6bcfe91d4419b02fe1e6e4afa9d6743821364b5
b
7773c5f3f9ed7d1ea0bb04eda201c302a63b9c8958f62d6d818bf38f6cc7aeea5af6e51db55a00bd
3
802e30900e5f7f8ecd8965aff8d7dd29e7314d06ccfd154df7654868877b007e6eb4cdf2f3183aba
3
210be8505726b87f637fcd2077e5fa11b65fd6619c632712e29de9021bef07bcdc63b636b04e5c0e
e
5abf4671b01bb2c25552f91e54a16ae5e2fc18da1b0af24f1884b5aeab441ca5a56672ddc8e1c7fa
a
dcdfe68aed172897b0130bcef0b729f0904dd8247385e099c1a4a4909d36c08f192590456321a574
c
e997a6209733cc34ac7df4474b3cf2512754f8e1606f5f38c7a21a27d4374c09e90bac70f9a0f898
4
a5016e0ff3bae39d69d300796055e00518028b3e67fc84d7b747cc239c111ec832669bb2d8815225
e
a7151840d55db4c30120df3bad03e4e3b3fdc1b27ed74fed8e6b4e6ae3c7a107dbd303b1b72190f5
4
9c4a8f64bc98620e99e2a2c00a24a9ae70829421231c2b8e0350cc56e96689c305521ac28778834f
1
7d73b5d9c7de6a9041f493581fda77d4e78cf16e6f6cf4fbff66ce518c9d90a2ecdcecd45b93f1a5
d
ed36e7a89c47504414c9d5027060656ab2ef30c789971cbc87f30d44eec9f2958cd2bea36fcf18b9
f
1fb751f4b1af58e96e78d6b45fd552543a2b3751cd74dbc57d1b7d9484535cdd0860b15f7759780d
f
f9c82548b8db8e306583e323373b5fd4f6f86e317468d2a77793e8765ccb09e9d55ebea8cd3a2bfc
7
47dd5d93398cf23c3981185b8233dac273ead842069a595002e3009f6c59f05297c6bdb6d67a71e1
b
c2a152a9db0a942abe57206b742678b74c8d10f6954943a202ce224294716fb69dbf3aeafbb8d21d
1
b156b0c6588de1eb8ac02c83d3aea6a837dada1a6e0402b17426c7781ec6c6aa48eac8910cf06b38
9
f852e001d6b9549d5f3b7f41297271eb3c7d02b23e18297a04cc7f0d3b94930fa4c7e2d00ad9e57f
e
13c484e4de640dda9ae9ae79cdf2c2630091673b7d4e4b704916aaa658f2e8c1f28e98423e9783d8
f
31b4951c412c9306176d3f6122f9de3b15b36ce7b7d7bbffac977a74a416fafce87c899b03958e75
8
2101b172cad6d0a5288eb077c3aed2516a3e49d231ebeeacc06433e768bd379bcba98500702ffe08
f
3104e69df811341647b52dfa8afcd805da537bec15d6a98f59b5ac87d52b666609a8abd8f8eb1ff2
c
1c85734f2cedcb44b4e00e01705f90ee96296bbb2008350b207489b74d6c6fd818f45eb4251b77ef
c
19a31efd19f0b9f053bdb360d635c77e1c2b293cbba8709b6e3342906b1cd192e90f8df33c473657
3
658b0850cae87825b3b1c54893769cc8b33414277c713f5f6b16e572635b47eaad3c51f548b06226
3
fade21806d34d784b6915be89b2206c6ec351f40da2cc28df1c1b55f038075a7d58b9c5959e02e0f
b
0871e9b260ee22cfe6fa3b4b814146ab3d8593fd7c8341d7671b8d188aaa277d020882ef55e3e822
7
929150d633e0bb3c190d2b956541d6be34033e1ed982c2018e91f4f917e31785253eab13213b024a
2
287d81dff65b77996d04cabc2e5d67d8c40752861b9155e5b8561cf25371977159e2d7ca5e81148c
4
8cd83dc85678acb607186f51f93d6ff8adbb4561135a43b820da35c8de1b045c62eb329ebcb8df6c
c
3f8d3eb4d457dcebba3cb0722db1caaa5620a4c134b63ca863c63470a3cc02dea8f1d98380fbcd2c
b
d92f0aecaa2ad52c1bcb47e000adfe3d70cdc955715fd5c0906110b04bb91cd418b332dc270c9570
2
d77cc5ca80bfb942a16cb53fffd10229ae7aab8a10bc7aa012b0908d8d88937ca92b22823e54be1d
c
02707b558dd8536df21b969738ffe5fb218e6ffd910f4624671c16b99a14e9d547351ffe3b43a18e
6
11b52d1f7722df7fb976e4fd7406159e48516d39eea34f425b25bd36d263b7c2626907cdbf1c3ae9
d
74f223427e614a7a077fbb55ff00d836f0edc480f55747170d02ead53f98f84b43476ce68eb17c4a
8
8a0df88277ad16f7901475fddd958c2e91ef1e9e32bb424c107934d0b1be3d77b74befc3f698c75b
7
c6dbc088dfd91d56eefec743ba261ec5f5ebd443d351cf103e48ff0b49fac38dd39adec63b646eb5
c
f539db6c30853ebe5f61a3b776eb51552649fe8b549ede63e0b6b7b7afbbe816fe637a4a0d677cc2
4
6cadd99183e8ac933a800469bf78ab9e79660ae9a5bc47a0bae7b76b1a69e9cbd118706dbf5a5332
a
a7ffa6ae1270fd6cc5f49d72340ede234de95c5e8bd8dfa962f5efc2011e45a1b9ee6bf44ec43851
a
ea8225c22d1d12bb71198bf9517760be9b5bdba8fb130ba4ce7cbe0fde45d8a046714504e5191058
7
8459ce198ce2c387c5aa3060115fc46bd1dd7fc0b9f3ad60409f78399503dfb4d1bb583c44db80c8
0
7d5a94ba22cf9053e9e7279d2f15ce26241bddd30d163e1d68073cd18806addf99b9a85179785d2d
c
23d9b0b0cf5fa9c5a7e666a401a901d3fd868e62bb8d39d7ad5c47ec977a783ca5269c1597f7d478
2
f6c6c5d1086575dbc3a57f7fbccbf48b42218cced1ff1f6e683846145e4a22fb94dd71ed5c3048ce
6
6342cde441ba1e504b82658cd5e91af9b6eceb988d8d7ed5f42cdd23712634a26c2556c4552401db
1
95111dd2da3f82053d101ef7b78cec70a10f1272d89ebe02c890d7acf66ed7bff890cbafbe1a03fe
8
d527c1d8b7e6287437f40d3d2da5d074d11e65969ed2b4131e42e5f86f2ee7b8ad1506bd71240c96
c
bbbf1dd309fa23ab901cbd5a4a853531c061436e67632e4b22e5bebd6324a0c3c1837418b17d57db
5
410f211762de657258a51f8f3b89b6bc863df61d66acf5dcbf47f0c43de1df98aa44b8481afdce4f
8
5d122ea279acda86cd4ee8570005e660f7cdba9cda213b866b49a4b5b9cbda5f240f542f01354660
1
a8f08c1a2952f0415e75984140998c18b50535cbe8c8b65744d76e1e62ed12a7b0d08c94adb0ccda
e
545cd8d28e0befbc4bde89caeff008166e48efebcacbba48bb02fee56d979e5a7424652289acb7a6
9
1c5b4000b5969e7a32dbfbb718d08d5ca78b4dcceed9efa0840239c4df0f26c9a74563855845543a
4
cd228b185f09dd682dda83530b6e0550cccdb9c99838d16e7cf70e9c4d42716addc467266c56ca0b
d
2e16cdcb647a53f9909bfae24be6dafa0b7b38cc93fed954006c543c6d9a50aa3074f5a271f2e96a
2
1d91aeac134ad73286ff08426809835711ae68df511c81b4768d75d748812cf5a2752642c85991dd
8
1db306bcc79597f20e5f0a74235916edd4dcc45f89d40d86f8175fa007ea8810bc746b401d1018a7
2
ce5f514188ff
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgrsx.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-01 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-25 97928]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-25 231704]
R2 npkcmsvc;npkcmsvc;c:\nexon\Mabinogi\npkcmsvc.exe [2008-07-25 80528]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" []
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\Mabinogi\GameGuard\dump_wmimmc.sys []
.
Contents of the 'Scheduled Tasks' folder
2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-28 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 18:12]
2007-02-28 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 17:46]
2008-12-04 c:\windows\Tasks\SpyHunter Scanner.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe []
2008-12-04 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 20:24]
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-<NO NAME> - (no file)
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 15:53:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\c_778251.nls 122880 bytes executable
**************************************************************************
.
Completion time: 2008-12-04 15:57:18
ComboFix-quarantined-files.txt 2008-12-04 21:55:59
ComboFix2.txt 2008-12-03 22:36:30
ComboFix3.txt 2008-12-03 05:05:52
Pre-Run: 141,122,064,384 bytes free
Post-Run: 141,139,742,720 bytes free
197 --- E O F --- 2008-11-12 09:17:00
No more random popups, and running faster.
ComboFix 08-12-01.03 - HP_Owner 2008-12-04 15:46:38.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.181 [GMT -6:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.
2008-12-04 15:41 . 2008-12-04 15:41 <DIR> d-------- c:\program files\QuickTime
2008-12-01 19:58 . 2008-12-01 19:58 <DIR> d-------- c:\program files\Trend Micro
2008-12-01 16:54 . 2008-12-01 16:54 <DIR> d-------- c:\program files\Panda Security
2008-12-01 16:54 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-30 16:54 . 2008-11-30 16:54 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2008-11-30 16:53 . 2008-11-30 16:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 16:53 . 2008-11-30 16:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 16:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 16:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-29 14:09 . 2008-11-30 16:45 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-29 14:09 . 2008-11-29 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-29 09:19 . 2008-11-29 09:20 <DIR> d-------- c:\program files\iTunes
2008-11-29 09:19 . 2008-11-29 09:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-28 21:24 . 2008-11-28 21:27 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-11 17:47 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 17:47 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 19:10 --------- d-----w c:\program files\MSN Messenger
2008-11-29 15:20 --------- d-----w c:\program files\iPod
2008-11-29 15:15 --------- d-----w c:\program files\Common Files\Apple
2008-11-29 04:52 --------- d-----w c:\program files\Coupons
2008-11-29 04:06 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\yoclient
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\bang
2008-11-25 13:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\AVGTOOLBAR
2008-11-23 03:03 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-20 22:57 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-20 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-16 00:35 --------- d-----w c:\program files\EA Games
2008-10-25 08:09 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 00:24 --------- d-----w c:\program files\Full Tilt Poker.Org
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-13 21:52 --------- d-----w c:\program files\Bonjour
2008-10-13 21:43 --------- d-----w c:\program files\Apple Software Update
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 22:51 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-28 22:50 4,984 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-09-20 12:32 61,440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-09-20 12:32 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-09-20 12:32 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-09-20 12:32 40,960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-09-20 12:32 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-09-20 12:32 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-09-20 12:32 287,310 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2008-09-20 12:32 163,840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-06 13:11 3,645 ----a-w c:\windows\viassary-hp.reg
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2006-12-10 01:36 32 ----a-r c:\documents and settings\All Users\hash.dat
2006-06-10 16:54 154 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2006-06-02 21:09 774,144 ----a-w c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-08 180269]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 c:\windows\system32\HdAShCut.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-03-19 299008]
PowerReg Scheduler.exe [2006-05-09 189952]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dataviz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-02-06 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-08-08 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"= c_778251.nls
"wave2"= c_778251.nls
"mixer2"= c_778251.nls
"midi1"= c_778251.nls
"aux2"= c_778251.nls
"wave1"= c_778251.nls
"mixer1"= c_778251.nls
"midi2"= c_778251.nls
"66778282"= 34324235334643412d373030342d344442312d414243352d464342334134443834343345
"66778271"= 8cba10ef9961d8d372e00723e707b64f2240ef96064e35f1b11824214d5ea16315a8dc1cc50f01f4
3960f58eefe8baa5557ed0ffaeff6cf49a7f04d1d99d3f60d1ca40776e73efc26b1399ac3a866158
2
667176b41125b4f743cb88b300557b5114d910ba6cae10262729a030a0a3ef2ebca5a3c7f35e8566
3
6f5bbcb48ad7ed64102d788018d565d4ce3251bde5b37485e8ff28d65d54ec596dd4644bceba7e4c
8
a8e4c96d582d6aca8f110e4aa68f9c608ecff0dd3b1a0da64c629bfd49359444d6f90949279de8fb
f
5d92f56ddfeb036f0e8e4994c2ecfca898491d63ae0c972875c0a8dea6f0dcd5a61a0384d57a67a6
3
2260fe51c2e3547192ad11f898f3b6a5d9e255b5cc57a4a043755b1ebc8ad67b7aa34d3c5d18a92f
a
93dcfc8ced833538be0485d76b450965b1bbf42607f3c8f071923caa765ee3fdc010e32006360bda
c
424e3d1ba05f92327c9b212a7f5d158da04e4e3c37d11f0a9219984680a9ab634c3b3a5a1a3006af
2
ccf283d8da0feaf730cfe59932388e638f75673dd0ea0132334195f39f56a7b218ec1c1331303231
0
0e400
"66778301"= b092cb132d697d8fb619d8dc1b6c471d959d6222d7785275ee3002e5d9c4cb04c51ed64a8590b0d7
6fa0c5c86f369be1dfe81baf0b5313f984cc8dabe1a499ecce39ab613d06d22c586b3f22ac909149
c
fa65c7f60d622be9fe56f8d1652848b037c3282b396b3bc6ae36e23f55d5f577d77119c2426b042d
c
c306a7bba24bf31ebd79ea3c2c6f090d5057313c4ea079430f472756c921bb9c2759f6b3c7551fda
0
5d326c4590ecdeb35935f8ba65a8cd8b64720a15d3ad091368434b67e6f366bd73ed5a17ea69f88f
3
d16497b42dff6e407f1b5e21ce7e7c0bdcd1a8215a4cc0fcd1a3c394a91abb2bd37f0cd63e9e840c
c
4ae5bfb5ebb473c8c05c4cb01c15300a42f352a69a3ac5685732da4c6965a10f8417ffcd8deece1c
8
4870413bb6eeab027e8da37be7ae95a63c0e6d3df4766885f1e1f55abb2c8197677eed115f6d792e
2
d0006ad21745cd7dfd10aa8f660bcee8298ea686a4f4ef1319d075c7e3eb01c23e9d36e79468897d
a
3deb0dc67a1f457a4613e76d6fba9c415d7b2ca62101aeaa0b3b62969410cde884bd3b01ee9a8a55
9
234caf72cb6516e5c23fe3e4efd05bb24bfc1a59ae834b92166a8f948cd943cd0fea2361bb764b49
e
f0e99f72f6178f1c355b4000f4089146d383467421890e2f65755e96432545d83a76ec5c51969c5e
8
f2d57aca48a3a1d1020a032fad6dcf94ae58b4e865453f9aa80bc029020d578397da9bd200e149f4
5
24c8e2fe671c72f9f1cd6e116583e86ef3c22e709741d0602f08665ac88c1d96107d04cef2284683
a
3c6d1d767c52914b12e6f662e0603340b4c1627578ad14475d5de42f3e9a96d92247a9ac60738be1
6
3f661fe2cb8f35a0f5aa1c0b30e014c52e680c46219fe7f78b80ed0c10863457209fcb5d70f40ff4
6
48f0bc9d7167169b640e2513220428571ebd97ec9ba7ceaa6739f6a2c1a1d71932dd10fc6aa74dc9
0
043636572ab5c518c0709060e175fb62cc07b8d2540181fca84f5dc3b4c39d8bb341656d68cdfd65
c
fd4c7689573ff1f7868263a3f816ea3f62e4443479c3f81b55d2b841defba77c11c3304d288f090c
b
dfed34c0a467dcbfbe77419343aaab55d2bb4fd9557e122dd1729b5ee031fc32311550531ab78b1e
e
3397a9260c26fec5f4d2e925fbdb9525eead7178ca405319e2d64a5c07cd5fe02e905b7e4cae37ae
d
0be3bf54fc39f60d662dcf745dbad53bd11c89c704c455df48649d6fa07317dc1cb39219946b48b1
9
614988ddae1312495f89ebc82e83e181bc7dbb67278d171252d7f1a19667390b626362c8388c3141
e
8411faf4c7d6d21facbd0490b62c8f7e341c6d985e19f55993ecc08692bdb2fe58ffe1ef4ab51eab
4
a6913efb2027025da5d6acec65e6e2712a39a9e83266d2ba3370219096ce806811799899e615dfa8
3
1a6e2e2f35feb86f002f5d4271ad00c773d626b7c64566f95a3be68a09cde0344eb23b18c2082ad1
5
f99d99ab8b63bdf0318306df0b60a70962b4f7576c960bed087b9c39a0c4ec257d8af4a616de61e6
c
254d6e013bbd612d5b5b960f83a0f1d51f176beb13bb06e821879a3b68b4133e53282ee4ad35c997
9
f6fbb3d3a7d839dfa02d96cc4a50d42863cb3a53b3bb455565809c885ee2220f84d6979c1f61afcb
7
cce8bc707ea132135a318be5544e2ec4d0b58855a39191d21960938172ac5aae633db28dcff18465
2
2cc8b07c17a5069c87c74a41e268116e1991a24c2e6dd08f2541ba26a3df3e611d2d0269f3fc729a
a
035d8e6538f66b86e2d1842e3a75c7b1f841d51dcfec016b76795c9876e98a902c01917dfc720234
4
ba23e9e8fb3d9579c0259dcc022a8776b1dd5fb6206350d2a1dbf79da132de7bb387d9d8eff9bc76
0
09c7d3a965cd4786d834527a4793e158ef4dac969baa3424dd87195a88b97753114834be10a33aef
d
cb54e4f7f5489fcf6fc506fff88aa5b4ebefb124d939992f0a4916bf60ec6e5b1d949ce3c86c1dcc
6
6d5e8bc9e238863e280a7bdd9fb5577f0002e09c3d6f15844f585e9294e93d105c827db4ba632b86
4
755ff570fbf0d33489d23798c966a18ec639a16cd133167778ab4ed61b8f9fa91e9e6722f753ee40
9
f00da8def2c9f95ee9dfb20e8d301d521b224b2317dcc4be6f6c3d6ccc375619c3129fbc73d80f61
8
cb96d64a54b569b5529b53c537454008154f1f877590d00248a30aac79dbddc6ebe2ef1c524829d3
4
1faaad38f715317d4b0186480fdc3aee799a0be67b851920fc80afeb187e178c64d60332493a269b
f
09d25c9a45a33220662bc5e0a33a4dea0abe4e327a8c5240f2c647c0c587d4ab197a0581b7888fe5
a
aaf4146f7cc5140a038e334178579455949aa72f0210b2e5f13da73e172713912effc6e236371381
e
4b32dc680635c1aa18f83a28525e3183c0ce6f41746a25bfff10bcc97ab260b96e760eb9a8fe88e6
3
d0db79c84233bcddbcab903ba7cd27e63bb9594aff22486eb4352dfbc102cc43ee5d2ccf5c57e80f
6
5a49a14db2e5d47a4a79741eafef488105491dff0a4b4620c0f60c73bb738789318797482b92f07f
1
32f4360c7a7d38a77b4ea3de5b6219b50130a7e9b7d8db9981a21268dc4691a0a5c27035cb642309
7
124c28e0c13112d4348681821b258a4b0b7f014ad3ff82732a478e99ef31fe2b58dadcebf7f4bb10
0
3de1e554d31e6f8f67b7eee68c09b238a43f4666c55fc8df761f4e6f4c2890bc1c69cd6c649a74b7
6
3e49f6bb51e31ad99ec39651a507802c9664d5a1bdbf8b18e7183eb5be387aee70d3eebd04ca065d
0
3fe8b35e62340b928e6f371ee4ad004d9eecd7175b37399dceaa3351b15a3cf16c49f99751fffed0
9
cb5f160e72b24c5cc567341acc3da04bec4459201dd4c8d57a60abb133c1a47b074076c1ab4e81a1
7
0754c0d12594b728ef834031fd9e8acd229b767cab90a7a5c76b75311e4c0e77155b649c7680a0fc
7
6ee2aa229a334a357b57c3f04775be90fbe16592fce5c96249a14cbb4f63b4dc003b28abb5691339
e
77965413f96b13b309d73a6995acaa574f4bcec74bd8a0b9a6cf5688ee5510e2a6144ed9f7cf2eaf
2
988247942f13c7cd53b6c538c0d5c6d6f9b43667844f91445f15eb18bb6310e7e00e1cae42cf237c
4
6653e43f4c3754c8aafac20d3b3dff09e8378898736d4ccd06b0b96a50681795904561f076b5346b
1
b416612a62098ba49676fc1ca04a9f92f20e5491bc8bfdab83fd02a8dbaab4bee88f481e782cde1d
4
d9cdb40af394ad37fdb3a1c6269ad6f46d5cf8dd87694aacf4f29b07c1ea0313543b118c3daf8c42
6
dbc85c24818af08c89c75c5bbd68f97c1376484cf7c144fc3731d9dd1c1d160495dfe42ad467f06f
c
10a89289778b593109ec70a0543e855cecc5e7d3053b018b73586894974feb66641593b5517bfac4
3
df31a829ca902d571263c9c04648483cf370db5e93d7c06f09592ae4ac1a82f675d6203cc77c84d9
1
4662f50c9fcb0911cac730bf93dbc235caaaf3e00ee56450f2ceda7a1ed8b3154f9f25be1aedb375
0
165c05785d9d613fe22270ec8a86862b5727eb2e462cc05743d92d0ce649e626d4030604a8e17e69
f
a7eb5cbd22d6ea879d95dfdb3efa4e9bf5547057514b08cddf75b77f5448f6aa1c1934e86cb1c567
3
df0301e3ef4ae12f244d436c6c2bdf8f7d06ce53cfcde9fbef1bec9596a337899b66d862aab683e7
c
db585b2689c0275fb844f22e0971e2197ac27949367a59feef13ba285bdf073328b9c3ea01feae94
e
e73c28412e4b56971095cb7406b2becfd5a965307c8f74c13eddea1d2ed0f54816a26b6390289da3
4
93cb68a299e69b93939f18d4bc1af561b63ee4e83267e9c0d9ff547c0031e6a3e8379e7060748a10
9
f325825e0419629e77a10a3f92cddb1588ac65d4000e5285e968f705787ce383993fb9287228776e
4
b385b25317810162ff463af71a68f1c2355b7a66692666a035ef3921a61444df236a324330d1621f
6
c5cbbe3b16adb51583935dc1a5e8113cadb0ea0c4bdc9fa506f35d387b0aca02a8ad1d17a5d78fb9
a
c3b8ae00824eb88387d66cbbd9465e0fa35aa3e6bcfbf49b85c772d8c87b6048027026156413bc88
d
32dfc7794452fefb016a5712dfb66efe62bffb0474814771ddccea09e483cac57b11868a3b04d148
8
8953ea5dd6c5de8e08e105b128c4a5909f963d27558a7c446f4ca064ebccd317946cf90fec1af90a
9
a081503530f3fe95f731ecfb3384c0c29a4b9369aec05c4644f6323c9765711488b0abed834d5ee9
e
91478afb28b782c2b8c1c8c7a67af58e462cb75bd74371d65c95e4bec6126694e2daecb318f08137
2
ddb18e419f0d2769c7d35516b21c15515d49dd3fbd1e45174bd3bf8bb237dc83c74b9e42e9e8e71a
4
ca957dfdd52dee6b1fa19bb2dbd8a86228a08dcc657834af7d08d25f2d552a3db16e51bf341ae443
4
6eef47f9a393fa8a5461051eea814d703ee92b82f99b0acf635ca70051244ff66a53eb046fe77121
8
83779e3eb10a4da9867b8ca158fa1a1d3692053171e770c0dfe5a7c43130cd8553a4dc203a5e202a
1
a78a25ce5aba99c5928ee9fde8c703b134eb76aa1d7e76242733291df30afd1357d7fcdf824804af
3
ef4dd98eaccc40405499a31b0d7e45410b6f95feac2aa1282909f2fd8a5dd886474153f7b72780e6
e
b179a453d0b8b5d1032be888cec7c343f5c6be681c251b20481359ea521cbb670ca6183493e6aafe
1
835c03a1e515413f575c98b32823274184e4f12c785312d17cb8be0bd7ce002f29cdfdc6bcd2beb4
9
d653bb4af56125b75d0b0adb4599b67df09dfc3175d6c3d818e0635cc499dbcd0b7d1618d75c2519
3
4c9cff9795beb434c1632edf1ea62bb52926f635fcefda2356ae27de97ccfe7db602af98b32067e8
b
65df5085dc5df701f5391bf8fa7117eecf441a1b48bf477a44cf4e8d0a5165df806d5dac95b850e6
a
de15c259fbc9da1345315842767ab787f0b868f35753a24c27bc181d5cd1480e01ccb57d33b3369a
c
674a29b95180998c01286b7fccb55f623fabac00d09d43915852b79472301344779a443fe46b07fa
1
b8bdc3a608704f564e00f1f609ac08763615033f88d335bda5a57c5ed76f5fa4f7b2539703997314
3
69352a89ad88fefcb37fdce309cfde1460f0ffd2361c54537590144b9747621f67f0199561ad8d05
4
a6ba32cd947525b9ea08cc04beeea7f9b2004c6cea31fd6b58c469e6483ca3cfb7874017f8bbaa92
f
a74e214a307ac8177f14746ce045cb0716388e988ac940e24afa0dae8cc0f8cac3e5a948a86ea1d6
2
66e49ee8ee28be5056f9c93ab726635196474054f8ac8df5ba00f83b8db5423ab797314af355cfcf
2
6fa41200af115897ffc89c933204b45d331bb701086bf3f60216861bff43298bd1be9992f8794f82
2
fc04c4c4e3f14f0a6b47add52d9e7993da7af69fa8dd5a8f88d252b8b4e79d51001819de5144eb4e
4
573add7dd26567c1cb9bb1032d97f129085a652df4858cf102a3f15fe9f8f6242cd83112ae7464a5
a
ab5d3331c36377f17db7e6d93cee151e68e21e7db75b90a2e1685eee956f986644d65671ebd6edf1
3
f1792341d3d3af2692bdf54d9c225d5cf420eafe2ac3af7fb8d8ff43af7e40e0d749f5e161c04ff5
5
b484a23b2a55de088056b2df88b37cfc9f416fc6b8588c509d4ca2aa7ab29cd2b0b24b5673d12816
1
372ff3d6c865cda41c5c897ea8b544801d9b6c1ee5dc3ba5e0be36265ea829130ac8eef875ac6ffb
d
5d85f77d578e4f0a641dbbb13b9b80121e8e8fa0339ac54331d613b8ca7e56ac4a8d95146f4389cc
1
6d12da552c0c84213e6710204cc7958eefd7a4b8c73caa768b014c6c4b4c40c8c287a2c7ae263696
6
51d386764d9d28b0cb037b10b37eab79f7d14b2d455cbbaac49163ebd95a34d03e523fd097bb7bcd
1
ed59670929f5edfa126938909a5daf230bfdb3cbcd8e332deacc508ac3bc39d73f1d541f790961d7
1
01a298d72a7cdf2e8fe8e4ae300a42d6f4dd395c410ff9a2ad1e08b11a1fa73a7c3f9c55aead6476
5
701d2b986b6d70f95020c781ac891eb8ec299b1d9b5f146e0659cdbc479827e46667af1f5aa45b0a
1
101b8bbe1dcaf0f465b88617174d452da367ee67383a1ed94e50eca8f51ab48799e133176ac69647
0
27158795b280d7dc76bcb837231b14e95b65eebf4e69a489c258eac9fd866f86a0c0efb79d9706ce
0
ceeff7fb81cc30da89fd2494d699005ddbaca3bb72ffac6722b9e6a8f0a1179647a26a9a8386c410
3
2ce765c0f33f7e18e8ed20acaaea7bc9338017aaed9fc060f8570e9eb7ef2457cbc622c0623bbea6
c
99440383d0a21bc4ddbecdb8f54795c1b1ae89f69ab5cff98444f47289072aab76215446f3a95c4c
5
32f1d54675f8366cdb08702fd2ab7f5a156b008c1c134fbdaa8f2f96e61a9155b7bff895b4b02d11
3
ef87a3c5ddd6a6dac33d97381ae6f20a107909d37ea149769762f56d8595b9a6cfa1626a577b6f7e
6
fe58f7441737b5d2a6a58df71350cc17e7ddcbf521be663858b549ace9486e9e659888228a13f87f
7
ab13c4c0db73596e5e73fd719a1d56f0d7ef4468f97043c4df82cd8343762e8426abacc1d7a4a55c
a
71b9af1dae6d655b89e00e6f52ea59c1e2e9d95658ede067712eb321ff19a795c1335b555d33f33e
7
d8b6076f4cd0c618245c8ee888b0095781ea0717d3ba880bcbe0c75a450fa12dcf56ea26c81db98d
7
aab1d97abcb7f67b069fecd7909ab0bbc71dc282cf51cc2b3361ba0f188985b7dc777fcde333d0e5
a
3fbe6a69dfd2a80a02ce45a52e87d6259014325af5b3be1da31873ea92b60e9de4c02103df84c11b
0
745dbba2f532296d91c92e2ea0dad16a11380017914b59c220a422a4b8723b49f67909146bcb40fb
1
ba4b261378beb9248b99f996990d6958b9a4621d4647cd560e3a7421ccd6c6dde7fa834f8f005de7
e
36a80b79d131214a9104483b9026686c096a2097d2029672b28fe9be6902fea9c7d598166fe2e1b0
4
a3c4d37533008fc37304620fba7e5d74ca14321f27b45751d6c38dcd6cc88a91ac58c8da78d576df
5
7da1c889e27dcb55c98915013da86516f8c82353739b05d761c479269616020358d6a6299d70afdb
2
22923aa917019dad44f4b2f3b3b10ad41fac79fc842ca74a1188111f1e2cd3df7c2a8b154f677940
8
38cd05a54f3fa67c37baa534fede73a64ecb0e5aed534dd4455d99a03bdfdf97b5987af64d371199
b
270608722b53ef2d8fbf9a7fccd25f478f235df1d33a3542bbfb324024cf8a1e5d24fa7d590e9bbe
5
e8796df44b13f60dcdbd71328eee0d7dfedcb38cf941aaca33e11446841700b617f4713fad1287b5
a
9af5e6aa1c708b335ab322a3f4695f6129bb35c9399968fca5adf2ca63e3f474ec36c26d3b2f62f1
0
3a5601098627a82b0966037ef0becda69d0ffdd3721e8e2c05968caf2e4a2616c43247d481a52611
3
b82357de38debca106c18f866d9471080f7564ab242bd690e3853192ca7cdcf802269dbad3e22744
4
b56a0f872c1b68fa49f1feddf14f2108a84a10e6b008cedee224d9ee6b3b156d9f53985f53c8d845
e
09aaa075aea527e0989f3d2e90f2040fa7ace53ab44959aac9f77936dfc4e293656ecaf184065597
2
f920bab3721a03bf356d888a828fe88415818451004985cfa941b8fd3ab2c8940b8d1b76c5f9a9b4
a
0decf36ec3872e0814f234cbd73cb5cf58028acf6e519652ecbe1551c54c2794c03c29ceb8fa4c1b
1
9346ca1ae4dcbf546ae7461598018dacec6aed51538cd367837d7c09abc9e8aa5aec3fea7c17f354
7
b12ad25bb44c04a9e4780400ad177220404ec78bedf62d96b50abe8af9b3fba93315520586f5dff2
2
df24c54915393ff05c84a6a9e5baec726c8dc9fc345f2692765ba3845abdf1207504cfffd096516b
6
1545930beeb57af7a5c81791f8dbfe1c7931d3a4ff04d5b13f709bd7e7add6c07b93137468f90193
4
59d71baa8a97ef17d8a07a193206deda0064141ff1e4889cb671682f22fb69a2ed454371fbc0971e
9
e4411c23d2703abeaeae7506423c6db584330bb94ee2b09f8cc285409e3791ef8c65f581ae38cd72
b
6fa515c3a418b1a48d48daa17d6f4eb3b822d13f4c8772fc9a86b24600eecf395cbe1451810ad8ae
f
dd13ecfccae32b6f7201eb9523fcd65e1f077f398e7a86263af84d2fae5d400bea8ca8fc78c8351b
0
98ad60a934902babd8a549280f9a5eda1893020134b9fe1985264e9100544e6edd46dea81b266d77
b
34cc29104461ba581063ddbad8b3726106927125359248b1add9086526696e2ef2b2c374d1c833f0
1
c760b5e91ec1c79286f0f6987999eacbdfc3549cb3858f042ae5674b9a041c2f2c4f7fe62b8ec8d6
9
134346dbfb0830723b078360d1561017446603e36071b29886e5cf3f003cad18cfa558481ff47567
0
00dccc3f2960640883ef96d1dab8f6a5c4fd6d90fd02cea84a6a5900ccda639bbd531c45a17e68df
8
04ede416382e043bac440509863b8448d8c4dea193a2dc390a490bcf4b130fb982a5b997eddc2ce2
2
7d5565a1912c86d850f43900979868422873670c91701aef0899ddc3d6d2e8002751951162d2d98c
d
7985c97198e12522eb52d7d03f0a637f4e47022d0a06386e11df3a18357336b6e5dc9ccf0c445119
b
f586486d5d5fc6cdc4a7271ccf87a75094f2c92c3dbf937d9659eff9af0f794aae962bd69b0430e7
d
3e870715aa765891ee91bce419195fd882f85d1753887bdb7950537fbbffcb0f8012ec2c56ebc3ee
4
24878ea57bb2f5e16fbc24d00b88892def178771dffb36ac6182dd0515732811d0a5c645cb2b6389
5
00a3c3913b2e65399a8f979884912bfb9f7ecf85c7780879ce53fe558cc031f933cb5189b4166ba4
f
20c283954810716e32deb5e081f097d6954535a7a826e304035fb350a498952cda6a94d0476134e1
1
96026d71f8e0889e5c246a0a761c305f1f67b920c300feb1388b0c8edbfba23231fef4e1b48febac
4
e76a47eba135e1f89083e08d73c590fe59e5d7fdfa6e6baac177c9c568f52e2d7b3cc9736d9a418a
8
84bc7f5f39d6a8f181e23abf05e8a2f43f4be5e06166f5a3020ebc72fc03547b0cecf2d0450e5702
6
1fc39f9c89a3f7285a6c95a2bbb975249dbce315d5fabcf66d75a2dbb68210a467e4355f1953b39e
a
a4e611659ee7f6677bf79478c0b3e6a53523aee186b846a214ec0f3e991302803ffb496dad02082c
5
1f1587533406872c0d027dbc2f0b693cbc103ddc4887974077e2591d4356221c6487547f2d7ff24a
f
922ec10163d3c495216393f257f7847fda0a51651e9aeb5936fe686174aaeb091634b06366b52ef8
a
c833c2c9664ef6a0bbae14d91aaac81a62463bdc744a0346572dbc148d66040c7ae572ae53c684e3
8
164275aee93682c31345e090438a15da8247302799f44e10d32b693c53a96981cb7d7fcc70a2c325
f
ca12a26ac15e7fe9b0901cb2293f1de5b4b18f0816c0344565909ee2b5f1f01d9d7411349d5da00a
5
6500f4c26e5489f9f0057d6e2e5b654400948cfd42235d3dd147b4d1da76fb207d63dd6dbfc7b93a
5
2ad439b3b35b01006274be5f982174f909e164302e1eafb3010b042793c6ce2b404ef0495d0b0729
0
ceb082a97b1de15c2f2d5a8bde5fe25e4fd5a02e83b1d50b5990a83a724ae601f67e5c2a9408116b
c
f63d3e0caca709a067e6ef11931e03a3ab8741da0aa4599a38865ab353adee9c752a50c3babf46fc
a
03eaaef3bec10726d0546fa3cd578ab824542206cbdb688efe537aa2d8a5ff19e74f0285451c0fc8
c
c4dacf718735244f61405c4d3f175d79282c3dd21441d3e11e4e70cddc85974fd11c4c798972714c
1
eaef516d6b86c338d38d9ebf36b994afa386467cd303f7f42d79a097f035372553c66e13a06a4128
e
e1a075d6ddac7c7bff90b3bd55bca3cfaadc06e36aa6052df3166b3129e39f22e87e4c6b0f85c861
3
42885f58b0c871d71c752ece64c3801510493bf8b8ae83e85813e1fdcef0a15d80e380dd0bb32984
7
2f6f40497ffa330881e3fedacfde55dc24af41cf38724c04f0d805374e2f158e737fbc68926778f1
9
ee62e248e01348243505cdb5d210479fc0705fff24992c291bbc72aab30150a683e601ce5e1a0f26
e
d2941d3634b392975c67b2029763b79079022e2b5e723a35a0931e2f1262baa038311801896ba016
8
fdd0393435d6d49a2ea66db9627f3f9d2420db0ac549242b542308918b3e787d3ca966a30334fd55
2
ce84caa57ed20e1d3258bfd0d418728824062e48b53a189af46f58ad644a05196d5bbd227d74a974
f
25f3f11efb148f57343fdad55aee22f53950b8ae5a39b5b2c31b53804ff19af5b3732e36008b3fd9
c
86477f7a0c713c6ca62fd9758ed846a073b84f55b80341a46de2ea21c7c562e2ea75308bb7c440b8
6
788f1fad9a7e1d63bd4e8a088e797736d8daca188f83c5d9dbeca9036defd63f79f88c93b0518a40
7
2b618b84c2bc6eb9b15fdf2590490b138abf093873dcd9e0c654bc7e5b0f778bcefc3164a2d63466
8
3993b676b923899c0860788a35e5a657299063cff04f754d6edbb13c03a13290f0a18ea906cca22e
4
efe95685ed9dbfb32ece47fcdbb0aac9dd2ab216ae9aa5a1dc18abe71b6a7e3685dca792b0766aa0
4
b466d6add69b9b9744ac2ad0d95d1964c86c99071328fa9df98f6b1699c3ad363c129ea23fb636fd
2
20ac17b01d94566b2c8a979dfe9a6a0d208c5ec66d4698cf9069a5894ae06c547e48e959b6e8a383
d
c011feae4ad79f55896b1c51238aaafd3bbf816eb696dba506c86ef8f00d749f4c1772f9145e7f3b
4
671a7f6d3c8c2b2e252f13b8f512feff8c85ff0b423630cdb8d54c18d3a461fa1159e707045282bf
5
bacf48eb24cf82e1f0126e7a1f21c6ee63612955f28eb1c9cae5ddd3792ecbfcb983c231c32c4c54
0
04a1388a508ff803ed3b62ba4f0d3f4a74b3edc4da1bf181576e2ad74594ba185b874591b9219c66
1
b1e6766c023e1a8accbc0ccb938989fe62c55f7ef23e56be17949bc55758dd2c8577a936e174d51e
9
0f6b0349af151e651134cab302796661718633b076b40824c2fd5d73eb7846df08941e2ef4713f04
6
dba350576972178d1123c9b848e736be3205c286b84838827b35874e4d1c8836a67111379aa1e7f9
d
e84ec76eb31d1142885a522945c5dc03969399d3a5ad7d7b93aceb9b77eeb42f3d1abfc6553efa87
2
ff51f85ed2a6ede26ca9668e6f678ba443f65c8261e6082791189664fa4b188ae00ec9014798c83c
a
a882ae601df90157f70c63551fdb5cc69f14c2ee99cb7fe9f4ef186ea84113208e7158d4ff2bff66
3
5f7a50004947ebfe78bf743ebe44f8b00f833e313570542b4952f78676d6c8655e6e3218eee96d40
3
acaadfacfe9ad574a521901093a4c8626861a84e0d84017b934335db74ce34741e6fc515642ffb95
f
e7e55214a71f4815b48e5e08877cb96e10f6fbe4f66361ad9884af37904b20c11540c4e208cd3d90
4
63179b73190f6141842c5f112af737d11602be2f03525711c2eed219963fd4a8e817f340af81ed3f
e
fa353c77ebcc21cd14bda397c8ed580e8948ef5e20bf21f979f3bd3cf4194125421704d652fe32a3
c
b0d672de297ef3732c60197a209bbc240aee697ca3aee280c1a764a937d76a7116b59dddac7693e2
c
70d2a4d72e1a7b68c6db31f78b8ca82213bd1a006e95d18e2395acf496ddcb272375b394e3b64580
8
d96b3b11f8efa5940d8b43bfe8f6c547cc78c79c9d5421e257529a3b48116197a498da2f0636caae
0
c9807ff28d694cafa2f5919d181186f648ae982d2a94b87379e942156de70cc1687398921ad98fb9
0
c63246e688913c09025771b5ec1ddcf7b984c833f83da9cb1cf5b03e9bf196b0e6eef86d84cd5be6
e
7da44581bec218a7e3a64f469c3288580d6817dc6b9dada5b50803045e52d4f65fa385d370d64006
a
5b65d80c27d36c8e889d270759ea27b09018e87193583449ba41207b217cf702bdcd1866aa2aac3b
b
25cfec2cff66ebd98764076c96f1dfd180acd4f563c2c4da26ee5d56dbcbd3f69ba24eb9e8a88879
4
5c091029f0d75d511d848a270ad3403ee2d20df54a61ac84c99a71c6dbe648bf545124f685b08322
7
61b5bd99e146bc8640c991d1d9e97800168959f47b7d4569556bf14eb42725130b61509f64fd221c
3
5cd41dc4a7f405be809fec430d38988d56afb642df963b6bc647568f769f2d1c40e9865dce75037c
5
9695a7caef2f745e5519c25dbee1ada2a6988a0655175ef5ff2ad186ff58fc915fcc56574ad13efe
e
ed01bfc64dc4d4794e4453a078351815c6276dc371394fe6137f4b9a7d79fc62779b9ecf8f0335c3
5
eda3fca713be487ac488f3789b4106fe976a9a49017bfd64811383ae388fd90133aaee9c3120f0e8
7
027ae006e03d2b452e26fbce69ae2cc382a58c9297885ebd6a5a894865c10d3c62b295a3038a1eba
c
4a6014317abaa4dace066632e53dba17409e973018b761347cb2c933fea2e132c6d2fe7351c9ac23
5
06c260a2909476aab8379ba858c7ede66ba0917937cdaa714f446ca0ff8394aadb7429a7353cc173
9
e7bec14e8c22ffeea5f7ae3906d628a9fe1576450e18850b58344eb1d7bd24455bd368ae7e15be45
9
50f971d6414b6ebb042712bebbb81a201991ef8c4482569248e7b5781f4d08fd46e0c767cee64d6d
9
2b918912fec268378ea1b55714f9a62193c51d7045d003e3985ad6ed9fc4ceaa60b6ea603fc1cb02
1
a9337cd03157e0e51edbedeb1ecae42ee339e9230362c8f6ed882391ddaf5a2ec3629accbd3ba1fd
e
d27dc993816cc764a50180f88b249159a85745fc39040914599775fb2841f682571e72d08163831d
6
70c864efbc1a4395d77134a82dd35ac01fd97315ff0e073ea8deb303bf073723bd8b02c75d17d5a6
0
3e4c85699a901d32d3d2e80d87a7883d4f4147559ba4ac24867a03eb8f4a745fbf08c2838364f144
4
e2d4edb76f689ac77d72d2d7bac3f71deabd3d82aa08319f5d328b83eb4c29c9aa1cb5f03a894688
6
863c9da58c58eb59066ea79c9f160328f29a14e5f36cc3bcb2caad13bce1d5b1132450b28045bbe0
f
cde291e433fb22a224978cc5aff97ed1436fd9d3804b10107bc38ae4e63306f1076ee3580ae43988
f
018cbdfefe7c2c1bba040f7a2aad4afe4c504f1f5a736934af94643faecc2de8bcefd544861c0fce
3
4578e44eafe02a82f8aff2b32216e9d0c5a68df928597a9a5ec2d848aa013f73d276012b8996d21a
5
09f807b4bbf80d2ac5ac543eddf2e91b230e8f45befe723499fe1f0836879e9e6e2a5113c887122e
5
9bd69ce55bcbcb8b836b75c27924cca7f6d8b4faf6eae4ea2cadb0be55ebd60a89bc35cfdc9420e7
2
e935fe93185f54b0ec47fb16c78f632bbbe231c4b3cbc57ae31b7dea8192041bd9ea8115362ea95d
d
9b325cb50ddda5c469fcabe298e794b50dece4e3bc6b6983c5ee9c2206c71f35f663cd78e6afc9f8
2
2fabc6f5bd752e95e0c62603773a33e8b29b69209fb2ce7adac9bcf312058fa8c800b3b4fe72081a
5
b3a093b368779db065d556b04855e89ddd7b41a2d1c90d2511a8380aaf92bf90c57a5ba218d1cc58
a
1c16f0c2eb4858485205f5e6fa996739b0ee3ceb7b2e21fda3a001387d97091b699dc59e5f8dcaf5
9
1e60405fb856956ff7a5911adcd02235627b920e58891a816ea07d3cf345a0ee1db9366b6747af6a
d
cdab5cceba8f73700a5a1cefc0f8dfcf5562a85f82901e08d49eb614f818476fd3b17285dfaa3bb7
e
76697928a686da50751708928568a2e96bf53eb00c7e5d652115f67c33f6db59b4d4e3e05ebbce12
3
739f3911fc6bf1c4515df5d2065ca2674cfba69186f3d7dbc4267afd4b0a189ef9f3585212083c25
4
61a0f978633ac43950c85799886ed85ee57b0562feef5c1675cb731ee42254545fdac12dc7bbf916
a
d712d6edcc0c061cdaafb599c2f62a96b430124dc555b2acb6422a55d6ec57dd5e9d62b994c8a9bc
4
54f169ddf6d8fd98edd8e6b5ec1554f8c2ab9538fded1c64704c8d513ba6ffd25c9eee47b4a28d39
3
1a245c95871b2a46ff47684875ec4a80e3d78c82d14b7867adf2f969b96b8df8ad87ee58870cd851
3
13df7eb268c61489b6f567efbc540bc1006a7171f8ef58b165c4929b27efe58d9efabb8c3a1432ea
1
5a92487a55909420e9a10bdcbbab44cfd7e10bb8f07217d67e604c776faa7e6a41ee9bb04b204958
e
5ed3ef806e3e216489e963a282006655bffbb60bb3a86f25d8e41eda7e6cd709373dc008c398d78d
b
d2b661d38db9529a899825dc754b21ee4e846a678bd998824c1a6499ee3215b85fc50eeb6994716e
1
1883bba04da09a6a80d13aa984b8a02ecd625f2ce2e01526d42d2900551e3ed011410c2c1b28a676
4
8a978934bb1a6501e5f83a28ae59dbc2f0a3c73b007c227277a4c222f0560da5770a5fc7a840ae62
3
1cf6f988b949ba02c7689790e5496490b867b914b9ed51f486888ceb70617658e1790be2ffb5e322
f
ae56afed42e390a01ebd3ac7ee5635bc186096b4f86291e945f94f777c1193b1d6adc8e43850c73a
9
e936b62e009427fb293dca75d117a102915df3f32f729791b2403f88d713773d34e0aa1b48f01e89
c
540d8139d1bcba15aa64dde21afbadf5c310a1b081ac73c3d5e5299f47de23cc801b31a5a420ad47
a
78beffb40ab23e91881b2316d3f42efa2d38dae09636dc4df6744d6e9de5fc19ad86c3fc02827d82
7
4f80aff92506b8f38c2ceeb20d4e5ed70455d3111c50e6eea814bd57faa440fcfd2c4f1c4be31bde
8
a3dae1ccd9d9ae0966dfca2dd6522cf73784d40025a84f519b5a6c23a100b71f719ba49c0f9465c6
5
07428c4b9cec5c950ecde08e5e024ddb2bade31f38796f63f8b800cffd1edf7d14b1338d299bbb9e
3
ce9cb6fecf31b6df5c95d1479ff6afb5a0ce0a722bc08db39617eac609fcf67c61b5b6954c86f6b5
9
f6e0d99cd77e53b1c243fd798c37b1ee1560ff07910ca0fd4c47f0a7842b6f1b426d4492728c8247
7
7a0195652829046bd498bcab2d57fc3e3941a93f742d88c33f988da7907c1814250ebd4f682f7794
1
6b0413c9f4ea9b26e3f7a7cacea6f1df250a1547a27ed6a5ad25096b8ceb61c04085a49db7c0946b
d
07b23983b90df258b072cba6099769ec3a3d3f9767a86fa28b2315696459ab39f10753885f2fa8a3
5
9290367ed52aa4bebb51dd58b56b1971c14f49532591ff47fc0922076f5877db3ed51367ad51bc24
8
8f8047b951b3252fbd475af0f01cd541eba97f7fb8479d245b797735984d07bb5bcb41471b37cd69
8
a8668ea192ca52b0f570bda03e3b52b04860f289fe98114b4fab842a55fb3eee1c41e0b57642fc93
d
da351ebb9f249ccbb1a684437782cd65c414b0b7063004abd7a48c25eb2f4b0c952adc906fd7d54c
b
32846c26c19307ccfee97ac14bfcead3a5ec66e2f6a1e2e2ddaac57ae9e4f9f42f4bc25d3ad292aa
9
d1f75b17618c737e2917b25aacbedca9122b28385c7e85df77bb2dec6ba469ae7145686b21e3e50a
4
c438d8b57ac3d9b98824870f2381b83c1b9e29470bb8629af451ec5381aabd442ed7ebac69c5d0d6
f
603fbb94ca6c981cfc4feadc0e63f82d57e86d3b55188e3a41be898c0d7348da6dd4ea4749fb949e
c
3e63f6ca52c0ab045c8763c7b3698e89b6922403aab242a069fd3acc41150b49a223095e166fcf95
0
9516cc550b9a32e579dd58f467e52306f868ddbfe1998eb38ded06d050d289cd8009aebb65c94849
a
a55f52d35bfd3016af6c1577d4ab8a1c38ed9068ef0521d74f55c6d434e050a9de4a3f88925f3775
1
11c8cba1f2321e04dd3b971496411fcf4307d25af6020ac0ce5af87e4789b22c8b2f965f279186aa
6
9421d6718bbab95c5fbb1636e6f90a944f8870fc1aa5fbf504c964d20a34252fb54b5dab7f3674aa
3
59f561ac59a8a74a391bd6300ef2246f366ea67633ca2a8bb25261a3e40a50733eb12aa24681d202
e
c64520bda8f2c30a346ce9dfe3f38cc893a3b5b310e74d8e0fdbc1040f126f4d288c7f0b9880822b
1
398809e3dcf8d75be6a7a394eb179ad4db3d27f2a1576557b718abad0fe33e7d50b7c34b1accd866
c
7fbe312f2c652900dcd3261ebb243ef92542f4f4ef4a2b3f48622322a5ae05f301014153a150383c
5
866468974eba6398fa7a38b3853d9afa0216eecc522dc9dfd533f97e70c05d168f6491ef5a8f77be
a
8221ce7c436f57c8f5c65291cca41a8a8aba3defa424fc5eaa85cc4e1a805cd45f5d36a08a9f8a51
9
7624dd2ec7a97cf325cffe04301e8fe2c8c1d2fab6e7f438d0bbd103a095123753321c8b3e0220bb
8
91a2015a30d3e3ad92f051bcbab415c6df1a81da071899ced4dc4ab5ad7ace57d47953cc0f395845
f
3cde8afd4438decfa741c78fa87cb250be6a4a537d44445a67ea858f592728c554d446a0c907ab40
e
025a4b527ebc8bae15e999e49f13fffb4ceb00fa5076f89a9f05109886764e27bb868514434a5cba
e
37f91ac7d7758876b0e309300da6bfe8f6e17fde0f76b1fb632aa4d673f70c90fd6aa0db7f66a7ba
7
8a324ab008c9f1351494ada25644521752f885196f2aa87cb5c4e73bdde6390310d78e7cb91cf157
2
f5282229799313802fd4c8fb1d3667f53098d0a2b7420fbdf175085d27898116ced75193f74a80fd
1
cba11d5e2a506bdc7a8a0478e90826dabc6cd2137c989ff894fb2edc6b8d9b0cd370bc790a0656e5
5
243d209a8b1
"66778281"= 8f76b6d390f9e05f8db4308f96b7e35fc9dab17804e10ac3447d8a1572ec40d3fb2b2d1efac7be45
b1f89c6a6442f855641299b6b7f3d2951a3fe9e83ed9948779927d20124899ef7623a3c7882f10cc
3
dc48324107307ae757da76b57ae4c4c76b162092a22aa46c1a444df6ad435560a764510aecfa4bbd
1
f9be6feffe99c7524cb8f63d341226abc802285a84d0c6145b438ca85c85808d5223b53fedba4c67
a
d38e47b3f0a1487f381b5c297418bc578f06990db637e6eb75fe29fa8b2d01b309cf013d2f8d6932
f
5b5cc2d8fc8cb32eef2201d625689d0ab697d43e3a09d6f3af737d53536d9dc06a6427c9f42cd315
e
9adcd7f4c88e75456f528026c1c414af066801e8afd2bc7e2cdc5e4d53ff470e8b8b01800a4dc387
9
197c52ded2a2f10785c7f75789e1af8b463c31f3349c9323cba5f612065cdfcb205bc891c14624e6
9
38ae5ee8c7fbd3de7177cb35c8f5e3335af3fbf18b925aadff0172e49219f41ba69f311ece45be5e
9
b5733d05b9ca5b6aa913201fca37dcc7004961644f3a91cacdf004a538b211f9a286aa224b93edc8
2
dfdd3c9165209ef0de4c780c9aa573698557b6e3629ca655de4cc9082ccf86a7704c26fb20751e62
9
789c023f82d279346ff771a05157ba8bb851bdb67c66cc07e6b4bb2e69e122179eb2ef4f23ffff71
8
f91f2eb418cc9c9b0210cd45b294d7732bb7302faec9309a5c5bb5f2df8b580caa90300c7800171f
6
9d530356e48389c0751ad74fd3ac4556914db1f8f2165591b07c772fcc7a1406fd1053749ee7becb
9
e5b68851a5fe8ec1dcafda83f8c8ec7e87d36aea883d876e0bf2af7ceaf5144f1ba5c4c528ef28bb
3
7fa2c6915292c1a890c9c22b4d6d2d076135fbaafeb99d62d1f3a3a155e47e47f98e2e7e7a206832
c
e558ab9aadb3c29547710b46a4b8f58c60381ef2a6bcfe91d4419b02fe1e6e4afa9d6743821364b5
b
7773c5f3f9ed7d1ea0bb04eda201c302a63b9c8958f62d6d818bf38f6cc7aeea5af6e51db55a00bd
3
802e30900e5f7f8ecd8965aff8d7dd29e7314d06ccfd154df7654868877b007e6eb4cdf2f3183aba
3
210be8505726b87f637fcd2077e5fa11b65fd6619c632712e29de9021bef07bcdc63b636b04e5c0e
e
5abf4671b01bb2c25552f91e54a16ae5e2fc18da1b0af24f1884b5aeab441ca5a56672ddc8e1c7fa
a
dcdfe68aed172897b0130bcef0b729f0904dd8247385e099c1a4a4909d36c08f192590456321a574
c
e997a6209733cc34ac7df4474b3cf2512754f8e1606f5f38c7a21a27d4374c09e90bac70f9a0f898
4
a5016e0ff3bae39d69d300796055e00518028b3e67fc84d7b747cc239c111ec832669bb2d8815225
e
a7151840d55db4c30120df3bad03e4e3b3fdc1b27ed74fed8e6b4e6ae3c7a107dbd303b1b72190f5
4
9c4a8f64bc98620e99e2a2c00a24a9ae70829421231c2b8e0350cc56e96689c305521ac28778834f
1
7d73b5d9c7de6a9041f493581fda77d4e78cf16e6f6cf4fbff66ce518c9d90a2ecdcecd45b93f1a5
d
ed36e7a89c47504414c9d5027060656ab2ef30c789971cbc87f30d44eec9f2958cd2bea36fcf18b9
f
1fb751f4b1af58e96e78d6b45fd552543a2b3751cd74dbc57d1b7d9484535cdd0860b15f7759780d
f
f9c82548b8db8e306583e323373b5fd4f6f86e317468d2a77793e8765ccb09e9d55ebea8cd3a2bfc
7
47dd5d93398cf23c3981185b8233dac273ead842069a595002e3009f6c59f05297c6bdb6d67a71e1
b
c2a152a9db0a942abe57206b742678b74c8d10f6954943a202ce224294716fb69dbf3aeafbb8d21d
1
b156b0c6588de1eb8ac02c83d3aea6a837dada1a6e0402b17426c7781ec6c6aa48eac8910cf06b38
9
f852e001d6b9549d5f3b7f41297271eb3c7d02b23e18297a04cc7f0d3b94930fa4c7e2d00ad9e57f
e
13c484e4de640dda9ae9ae79cdf2c2630091673b7d4e4b704916aaa658f2e8c1f28e98423e9783d8
f
31b4951c412c9306176d3f6122f9de3b15b36ce7b7d7bbffac977a74a416fafce87c899b03958e75
8
2101b172cad6d0a5288eb077c3aed2516a3e49d231ebeeacc06433e768bd379bcba98500702ffe08
f
3104e69df811341647b52dfa8afcd805da537bec15d6a98f59b5ac87d52b666609a8abd8f8eb1ff2
c
1c85734f2cedcb44b4e00e01705f90ee96296bbb2008350b207489b74d6c6fd818f45eb4251b77ef
c
19a31efd19f0b9f053bdb360d635c77e1c2b293cbba8709b6e3342906b1cd192e90f8df33c473657
3
658b0850cae87825b3b1c54893769cc8b33414277c713f5f6b16e572635b47eaad3c51f548b06226
3
fade21806d34d784b6915be89b2206c6ec351f40da2cc28df1c1b55f038075a7d58b9c5959e02e0f
b
0871e9b260ee22cfe6fa3b4b814146ab3d8593fd7c8341d7671b8d188aaa277d020882ef55e3e822
7
929150d633e0bb3c190d2b956541d6be34033e1ed982c2018e91f4f917e31785253eab13213b024a
2
287d81dff65b77996d04cabc2e5d67d8c40752861b9155e5b8561cf25371977159e2d7ca5e81148c
4
8cd83dc85678acb607186f51f93d6ff8adbb4561135a43b820da35c8de1b045c62eb329ebcb8df6c
c
3f8d3eb4d457dcebba3cb0722db1caaa5620a4c134b63ca863c63470a3cc02dea8f1d98380fbcd2c
b
d92f0aecaa2ad52c1bcb47e000adfe3d70cdc955715fd5c0906110b04bb91cd418b332dc270c9570
2
d77cc5ca80bfb942a16cb53fffd10229ae7aab8a10bc7aa012b0908d8d88937ca92b22823e54be1d
c
02707b558dd8536df21b969738ffe5fb218e6ffd910f4624671c16b99a14e9d547351ffe3b43a18e
6
11b52d1f7722df7fb976e4fd7406159e48516d39eea34f425b25bd36d263b7c2626907cdbf1c3ae9
d
74f223427e614a7a077fbb55ff00d836f0edc480f55747170d02ead53f98f84b43476ce68eb17c4a
8
8a0df88277ad16f7901475fddd958c2e91ef1e9e32bb424c107934d0b1be3d77b74befc3f698c75b
7
c6dbc088dfd91d56eefec743ba261ec5f5ebd443d351cf103e48ff0b49fac38dd39adec63b646eb5
c
f539db6c30853ebe5f61a3b776eb51552649fe8b549ede63e0b6b7b7afbbe816fe637a4a0d677cc2
4
6cadd99183e8ac933a800469bf78ab9e79660ae9a5bc47a0bae7b76b1a69e9cbd118706dbf5a5332
a
a7ffa6ae1270fd6cc5f49d72340ede234de95c5e8bd8dfa962f5efc2011e45a1b9ee6bf44ec43851
a
ea8225c22d1d12bb71198bf9517760be9b5bdba8fb130ba4ce7cbe0fde45d8a046714504e5191058
7
8459ce198ce2c387c5aa3060115fc46bd1dd7fc0b9f3ad60409f78399503dfb4d1bb583c44db80c8
0
7d5a94ba22cf9053e9e7279d2f15ce26241bddd30d163e1d68073cd18806addf99b9a85179785d2d
c
23d9b0b0cf5fa9c5a7e666a401a901d3fd868e62bb8d39d7ad5c47ec977a783ca5269c1597f7d478
2
f6c6c5d1086575dbc3a57f7fbccbf48b42218cced1ff1f6e683846145e4a22fb94dd71ed5c3048ce
6
6342cde441ba1e504b82658cd5e91af9b6eceb988d8d7ed5f42cdd23712634a26c2556c4552401db
1
95111dd2da3f82053d101ef7b78cec70a10f1272d89ebe02c890d7acf66ed7bff890cbafbe1a03fe
8
d527c1d8b7e6287437f40d3d2da5d074d11e65969ed2b4131e42e5f86f2ee7b8ad1506bd71240c96
c
bbbf1dd309fa23ab901cbd5a4a853531c061436e67632e4b22e5bebd6324a0c3c1837418b17d57db
5
410f211762de657258a51f8f3b89b6bc863df61d66acf5dcbf47f0c43de1df98aa44b8481afdce4f
8
5d122ea279acda86cd4ee8570005e660f7cdba9cda213b866b49a4b5b9cbda5f240f542f01354660
1
a8f08c1a2952f0415e75984140998c18b50535cbe8c8b65744d76e1e62ed12a7b0d08c94adb0ccda
e
545cd8d28e0befbc4bde89caeff008166e48efebcacbba48bb02fee56d979e5a7424652289acb7a6
9
1c5b4000b5969e7a32dbfbb718d08d5ca78b4dcceed9efa0840239c4df0f26c9a74563855845543a
4
cd228b185f09dd682dda83530b6e0550cccdb9c99838d16e7cf70e9c4d42716addc467266c56ca0b
d
2e16cdcb647a53f9909bfae24be6dafa0b7b38cc93fed954006c543c6d9a50aa3074f5a271f2e96a
2
1d91aeac134ad73286ff08426809835711ae68df511c81b4768d75d748812cf5a2752642c85991dd
8
1db306bcc79597f20e5f0a74235916edd4dcc45f89d40d86f8175fa007ea8810bc746b401d1018a7
2
ce5f514188ff
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgrsx.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-01 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-25 97928]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-25 231704]
R2 npkcmsvc;npkcmsvc;c:\nexon\Mabinogi\npkcmsvc.exe [2008-07-25 80528]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" []
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\Mabinogi\GameGuard\dump_wmimmc.sys []
.
Contents of the 'Scheduled Tasks' folder
2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-28 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 18:12]
2007-02-28 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 17:46]
2008-12-04 c:\windows\Tasks\SpyHunter Scanner.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe []
2008-12-04 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 20:24]
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-<NO NAME> - (no file)
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 15:53:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\c_778251.nls 122880 bytes executable
**************************************************************************
.
Completion time: 2008-12-04 15:57:18
ComboFix-quarantined-files.txt 2008-12-04 21:55:59
ComboFix2.txt 2008-12-03 22:36:30
ComboFix3.txt 2008-12-03 05:05:52
Pre-Run: 141,122,064,384 bytes free
Post-Run: 141,139,742,720 bytes free
197 --- E O F --- 2008-11-12 09:17:00
May we see a fresh HijackThis now please?
QUOTE (1972vet @ Dec 4 2008, 06:34 PM)
May we see a fresh HijackThis now please?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:28 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.rvschools.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Search - ?p=ZSzed029YYUS_ZZzer000
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161876157234
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
--
End of file - 13063 bytes
Copy and paste the following into a blank NotePad:
sc stop Viewpoint Manager Service
sc delete Viewpoint Manager Service
Click File-->Save as and name the file delservice.bat
Under "Save as type" Select "all files" and save it to your Desktop.
Double-click the delservice.bat file on your Desktop. When the batch completes, delete the .bat file and Reboot the system.
This entry in your hijackthis log:
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
...is related to KeyCrypt Encryption Manager Service from INCA Internet Co. However, the service should be running from the following location:
C:\Windows\System32
...but is instead, running from:
C:\Nexon\Mabinogi\npkcmsvc.exe
This implies to me that it failed to install properly and THAT fact may relate to your other on board antivirus application.
I'm not entirely convinced that you should even have this program installed alongside the AVG8 software but since you do, please upload that file for a free scan Here. Make note of the findings and post them back here on your next reply.
While your Spybot Tea Timer is still disabled, please run HijackThis again and check the box next to these entries:
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O8 - Extra context menu item: &Search - ?p=ZSzed029YYUS_ZZzer000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
Close all windows, then click the Fix Checked button. Reboot the system and post back a fresh HijackThis log. Thanks!
sc stop Viewpoint Manager Service
sc delete Viewpoint Manager Service
Click File-->Save as and name the file delservice.bat
Under "Save as type" Select "all files" and save it to your Desktop.
Double-click the delservice.bat file on your Desktop. When the batch completes, delete the .bat file and Reboot the system.
This entry in your hijackthis log:
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
...is related to KeyCrypt Encryption Manager Service from INCA Internet Co. However, the service should be running from the following location:
C:\Windows\System32
...but is instead, running from:
C:\Nexon\Mabinogi\npkcmsvc.exe
This implies to me that it failed to install properly and THAT fact may relate to your other on board antivirus application.
I'm not entirely convinced that you should even have this program installed alongside the AVG8 software but since you do, please upload that file for a free scan Here. Make note of the findings and post them back here on your next reply.
While your Spybot Tea Timer is still disabled, please run HijackThis again and check the box next to these entries:
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O8 - Extra context menu item: &Search - ?p=ZSzed029YYUS_ZZzer000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
Close all windows, then click the Fix Checked button. Reboot the system and post back a fresh HijackThis log. Thanks!
I did the delservice.bat file per your instructions.
The first scan {VirScan} that I completed for that Mabinogi game showed no malware.
** This Mabinogi is a game that my daughter plays, but it wouldn't run on this computer. I thought we uninstalled it (well we did from the control panel -> Add/remove programs), but obviously it didn't completely uninstall. I don't see it in the Start->Programs or Add/remove programs. Can it be completely removed from my computer so it doesn't cause any more problems?
My daughter does play this game on her laptop, could it cause problems on that computer? She also has AVG8 but the game runs fine. I think it may be installed the same way, but I'm not sure. She probably just accepted the installation however the game automatically did it.
Fresh HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:29 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.rvschools.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161876157234
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
--
End of file - 12057 bytes
The first scan {VirScan} that I completed for that Mabinogi game showed no malware.
** This Mabinogi is a game that my daughter plays, but it wouldn't run on this computer. I thought we uninstalled it (well we did from the control panel -> Add/remove programs), but obviously it didn't completely uninstall. I don't see it in the Start->Programs or Add/remove programs. Can it be completely removed from my computer so it doesn't cause any more problems?
My daughter does play this game on her laptop, could it cause problems on that computer? She also has AVG8 but the game runs fine. I think it may be installed the same way, but I'm not sure. She probably just accepted the installation however the game automatically did it.
Fresh HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:29 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.rvschools.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161876157234
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
--
End of file - 12057 bytes
If the game runs fine on her laptop then I wouldn't be concerned. Since it doesn't play on this machine, just run hjt again and check/fix this entry:
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
Don't forget to close all windows before clicking Fix Checked...then reboot to properly record the changes made to the hard disk.
Post back a fresh hijackthis log and advise how the system is behaving for you now and if you are having any other issues. Thanks!
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
Don't forget to close all windows before clicking Fix Checked...then reboot to properly record the changes made to the hard disk.
Post back a fresh hijackthis log and advise how the system is behaving for you now and if you are having any other issues. Thanks!
Here's the latest HJT log. The PC seems to be running much better now. No more random popups or someone in the background telling me I won a free Nintendo Wii system! Is it time to reinstall Java and Acrobat yet? Do you think my PC might be clean now?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:40 PM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.rvschools.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161876157234
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
--
End of file - 11907 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:40 PM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.rvschools.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161876157234
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
--
End of file - 11907 bytes
I finally see a clean log...congratulations! Download the latest Acrobat reader Here and download the latetest Java Here. Scroll down to the first download link, "Java SE Runtime Environment (JRE) 6 Update 11" and click the "Download" button to the right. Select the platform for "Windows".
Then, click on the link to download Windows Offline Installation. Save it to your desktop.
Now, from your desktop, double-click on the executable to install the newest version.
Now, please click start-->run...then copy and paste the Bold text below into the run box and click "OK":
ComboFix /u
Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically. Now you can re-enable Tea Timer.
To assist in the prevention of spyware infections:
Immunize your browser by installing Spywareblaster. What does it do?
Keep your anti-virus and spyware definitions up to date. Be sure to scan often.
Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.
You should always have at least (but not more than ) one of these types of third party firewalls running on board:
Kerio Personal Firewall
Zone Alarm
Outpost Free
Comodo
Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.
Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.
Using an alternate browser can reduce your chance of certain infections installing themselves. I recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.
If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.
Become familiar with the MalwareBytes anti-malware application. Use it often especially if you begin to notice the system performance behavior is not what it should be. Learn more about the program Here where you can also request assistance if you have some concerns about the programs findings.
***Note***
The licensed version provides real time protection and other automatic features otherwise not available.
Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup or else just download the Slim version (no toolbar...third download link at the bottom of that page)..
Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:
Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.
So how did I get infected in the first place?
Regards, and Happy Surfing!
- Check the box that says: "I agree to the Java SE Runtime Environment # License Agreement", then click Continue...The page will refresh
Then, click on the link to download Windows Offline Installation. Save it to your desktop.
Now, from your desktop, double-click on the executable to install the newest version.
Now, please click start-->run...then copy and paste the Bold text below into the run box and click "OK":
ComboFix /u
Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically. Now you can re-enable Tea Timer.
To assist in the prevention of spyware infections:
Immunize your browser by installing Spywareblaster. What does it do?
- Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
- Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
- Restricts the actions of potentially unwanted sites in Internet Explorer.
Keep your anti-virus and spyware definitions up to date. Be sure to scan often.
Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.
You should always have at least (but not more than ) one of these types of third party firewalls running on board:
Kerio Personal Firewall
Zone Alarm
Outpost Free
Comodo
Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.
Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.
Using an alternate browser can reduce your chance of certain infections installing themselves. I recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.
If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.
Become familiar with the MalwareBytes anti-malware application. Use it often especially if you begin to notice the system performance behavior is not what it should be. Learn more about the program Here where you can also request assistance if you have some concerns about the programs findings.
***Note***
The licensed version provides real time protection and other automatic features otherwise not available.
Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup or else just download the Slim version (no toolbar...third download link at the bottom of that page)..
Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:
Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.
So how did I get infected in the first place?
Regards, and Happy Surfing!
This issue appears resolved and the thread is closed to prevent others from posting here.
Other members who need assistance please start your own topic in a new thread. Thanks!
The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.
Other members who need assistance please start your own topic in a new thread. Thanks!
The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.