Options
W32.Allim.B Could Use some assistance
I am attempting to help a friend fix a Computer infected with W32.Allim.B .. I was pointed to this worm being the culprit and the exact file.. I understand there are other fixes needed as this log shows. I'm dealing with a partially impatient friend of the net with little computer knowledge.. Also there is an O20 Wiki.DLL if ANYONE knows what this is I'd love some insight. Anyone dealt with this exact worm that coudl give some precise dir that would be nice.. I know I need to replace th hosts file, it's been suggested after that to do a reboot disconnected from the network and run a virus scan also.
HIJACK
Logfile of HijackThis v1.99.1
Scan saved at 9:28:08 PM, on 8/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\rundll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\BM\Local Settings\Temp\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.turnerclassicmovies.com/index.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Generic Proc] procmsg.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad- Watch.exe"
O4 - HKCU\..\RunServices: [Windows Generic Proc] procmsg.exe
O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\BARBIE~1\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: rundll.exe - Unknown owner - C:\WINDOWS\rundll.exe
Filelist
Root
Volume in drive C has no label.
Volume Serial Number is 94F7-A8A6
Directory of C:\
08/24/2006 09:26 PM 43 filelist.txt
08/24/2006 07:08 PM 534,827,008 hiberfil.sys
08/24/2006 07:08 PM 805,306,368 pagefile.sys
08/24/2006 06:53 PM 211 BOOT.INI
08/24/2006 04:59 PM 12,288,592 AVG7QT.DAT
08/23/2006 10:30 PM 141,534 hpfr5100.log
10/31/2005 10:56 AM 700,416 StubInstaller.exe
07/06/2005 09:17 PM 50 AUTOEXEC.BAT
09/28/2004 03:21 PM 47,564 NTDETECT.COM
09/28/2004 03:21 PM 250,032 NTLDR
07/20/2004 11:06 AM 87 SystemInfo.ini
07/20/2004 11:06 AM 855 IPH.PH
07/20/2004 10:43 AM 6,065 DELL.SDR
09/03/2002 08:59 AM 0 CONFIG.SYS
09/03/2002 08:59 AM 0 IO.SYS
09/03/2002 08:59 AM 0 MSDOS.SYS
09/03/2002 08:38 AM 512 BOOTSECT.DOS
17 File(s) 1,353,569,337 bytes
0 Dir(s) 38,902,157,312 bytes free
System
Volume in drive C has no label.
Volume Serial Number is 94F7-A8A6
Directory of C:\WINDOWS\system32
08/24/2006 07:09 PM 1,170 WPA.DBL
08/24/2006 07:09 PM 16,896 TFTP.EXE
08/24/2006 07:09 PM 42,496 ftp.exe
08/24/2006 04:54 PM 499,712 msvcp71.dll
08/24/2006 03:43 PM 8,428 jupdate-1.5.0_08-b03.log
08/09/2006 02:03 PM 8,325,544 MRT.exe
08/06/2006 07:25 PM 308 results.txt
07/28/2006 06:30 AM 3,058,176 mshtml.dll
07/27/2006 08:24 AM 679,424 inetcomm.dll
07/26/2006 10:34 AM 230 spupdsvc.inf
07/26/2006 03:03 AM 127,078 javaws.exe
07/26/2006 03:03 AM 49,265 jpicpl32.cpl
07/26/2006 01:26 AM 53,346 javaw.exe
07/26/2006 01:25 AM 49,248 java.exe
07/25/2006 03:42 PM 615,424 urlmon.dll
07/21/2006 03:24 AM 72,704 hlink.dll
Re: AIM IM Hijacking
Heres the rest of the filelist she missed
Windows
Volume in drive C has no label.
Volume Serial Number is 94F7-A8A6
Directory of C:\WINDOWS
08/24/2006 09:08 PM 665,084 setupapi.log
08/24/2006 07:09 PM 0 0.LOG
08/24/2006 07:09 PM 3,880 ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
08/24/2006 07:09 PM 1,998,616 WindowsUpdate.log
08/24/2006 07:09 PM 159 WIADEBUG.LOG
08/24/2006 07:09 PM 49 WIASERVC.LOG
08/24/2006 07:09 PM 2,048 BOOTSTAT.DAT
08/24/2006 07:08 PM 32,618 SchedLgU.Txt
08/24/2006 06:53 PM 619 WIN.INI
08/24/2006 06:53 PM 227 SYSTEM.INI
08/24/2006 04:29 PM 21,250 KB921883.log
08/24/2006 02:11 PM 1,161,216 rundll.exe
08/21/2006 10:21 PM 1,409 QTFont.for
08/21/2006 10:21 PM 54,156 QTFont.qfn
08/17/2006 01:30 AM 1,374 imsins.log
08/17/2006 01:30 AM 34,022 OCMSN.LOG
08/17/2006 01:30 AM 98,167 IIS6.LOG
08/17/2006 01:30 AM 133,713 ntdtcsetup.log
08/17/2006 01:30 AM 219,450 COMSETUP.LOG
08/17/2006 01:30 AM 249,107 TSOC.LOG
08/17/2006 01:30 AM 16,101 KB920214.log
08/17/2006 01:30 AM 326,303 OCGEN.LOG
08/17/2006 01:30 AM 32,126 MSGSOCM.LOG
08/17/2006 01:30 AM 642,594 FaxSetup.log
08/17/2006 01:30 AM 1,374 imsins.BAK
08/17/2006 01:30 AM 86,853 updspapi.log
08/17/2006 01:30 AM 15,655 KB922616.log
08/17/2006 01:29 AM 16,050 KB921398.log
08/17/2006 01:29 AM 19,311 KB918899.log
08/17/2006 01:29 AM 11,932 KB920670.log
08/17/2006 01:29 AM 12,094 KB917422.log
08/17/2006 01:29 AM 12,342 KB920683.log
08/03/2006 04:28 PM 2,301 mozver.dat
07/26/2006 10:36 AM 1,819 iereseticons.log
07/26/2006 10:35 AM 28,999 ie7beta3Uninst.log
07/26/2006 10:22 AM 36,757 spupdsvc.log
07/26/2006 10:21 AM 20,607 ie7beta3_main.log
07/26/2006 10:19 AM 51,247 KB922880.log
07/26/2006 10:19 AM 56,756 ie7beta3.log
07/26/2006 10:17 AM 8,975 KB915865.log
07/26/2006 10:16 AM 9,674 KB914440.log
07/26/2006 10:16 AM 13,757 KB904942.log
07/13/2006 12:09 AM 11,636 KB917159.log
07/13/2006 12:09 AM 12,358 KB914388.log
07/13/2006 12:09 AM 10,386 KB916595.log
06/28/2006 09:06 AM 19,713 WgaNotify.log
06/15/2006 03:21 PM 92,225 wmsetup.log
Directory of C:\WINDOWS\tasks
08/24/2006 07:09 PM 6 SA.DAT
08/29/2002 05:00 AM 65 DESKTOP.INI
2 File(s) 71 bytes
0 Dir(s) 38,902,034,432 bytes free
Temp
Volume in drive C has no label.
Volume Serial Number is 94F7-A8A6
Directory of C:\DOCUME~1\BARBIE~1\LOCALS~1\Temp
08/24/2006 09:24 PM 1,836 filelist-1.txt
08/24/2006 09:19 PM 1,836 filelist.txt
08/24/2006 09:11 PM 212,849 hijackthis.zip
08/24/2006 08:27 PM 163,381 avg7inst.log
08/24/2006 07:19 PM 179,737 jusched.log
08/24/2006 07:12 PM 4,096 ~DF572E.tmp
08/24/2006 06:52 PM 4,096 ~DF4CC.tmp
08/24/2006 05:53 PM 4,096 ~DF3BF8.tmp
08/24/2006 04:56 PM 707,340 IMT82.xml
08/24/2006 04:56 PM 426 IMT81.xml
08/24/2006 04:56 PM 1,994 IMT80.xml
08/24/2006 03:43 PM 80,290 java_install_reg.log
08/24/2006 03:42 PM 142,430 java_install.log
08/24/2006 03:41 PM 1,151 jinstall.cfg
08/24/2006 02:53 PM 4,096 ~DFB6A5.tmp
08/24/2006 01:24 PM 0 pph61.tmp
08/24/2006 06:29 AM 4,096 ~DF2FF0.tmp
08/23/2006 11:26 AM 0 y9765.tmp
08/23/2006 11:25 AM 0 y9d46.tmp
08/23/2006 11:25 AM 0 un540.tmp
08/23/2006 11:24 AM 0 sqk3B.tmp
08/23/2006 07:13 AM 4,096 ~DFA874.tmp
08/22/2006 02:16 PM 9,305 Microsoft Office 2003 Setup(0002).txt
08/22/2006 02:16 PM 260,844 Microsoft Office 2003 Setup(0002)_Task(0001).txt
08/22/2006 02:15 PM 1,463 Microsoft Office 2003 Setup(0001).txt
08/22/2006 06:23 AM 4,096 ~DF9CC.tmp
08/21/2006 07:17 AM 4,096 ~DF2A89.tmp
08/20/2006 10:01 AM 4,096 ~DF6199.tmp
08/19/2006 10:02 AM 4,096 ~DF1FAA.tmp
08/18/2006 08:21 AM 4,096 ~DFD846.tmp
08/17/2006 10:17 PM 21,176 everyoneshero.bmp
08/17/2006 10:17 PM 21,176 ptchocolate.bmp
08/17/2006 10:17 PM 21,176 walmart.bmp
08/17/2006 10:17 PM 21,176 kyocera.bmp
08/17/2006 10:17 PM 21,176 gatoradefierce.bmp
08/17/2006 06:13 PM 4,096 ~DF89B5.tmp
08/17/2006 02:42 PM 4,096 ~DF6529.tmp
08/17/2006 02:37 PM 533 pcfE.tmp
08/16/2006 07:00 PM 0 fla17C.tmp
08/16/2006 04:43 PM 793,172 tmp.xpi
08/16/2006 04:04 PM 0 oj5DD.tmp
08/16/2006 11:35 AM 4,096 ~DFA291.tmp
08/15/2006 08:50 PM 4,096 ~DFD8C8.tmp
08/15/2006 08:39 PM 942,712 regv1.exe
08/15/2006 08:28 PM 4,096 ~DFC325.tmp
08/15/2006 07:06 PM 4,096 ~DF16AD.tmp
08/15/2006 02:48 PM 4,096 ~DF3162.tmp
08/15/2006 02:19 PM 707,340 IMT2A.xml
08/15/2006 02:19 PM 426 IMT29.xml
08/15/2006 02:19 PM 1,994 IMT28.xml
08/15/2006 12:42 PM 4,096 ~DF55C1.tmp
08/15/2006 12:36 PM 4,096 ~DF8B54.tmp
08/15/2006 12:36 PM 533 pcf3E.tmp
08/15/2006 11:34 AM 4,096 ~DFDAE6.tmp
08/14/2006 04:13 PM 4,096 ~DF23CA.tmp
08/11/2006 01:53 PM 4,096 ~DFAC97.tmp
08/11/2006 11:29 AM 4,096 ~DFD957.tmp
08/10/2006 10:39 PM 4,096 ~DF7B6E.tmp
08/10/2006 12:13 PM 4,096 ~DF843.tmp
08/09/2006 08:31 PM 4,096 ~DF2DF3.tmp
08/07/2006 05:24 PM 4,096 ~DFDAF6.tmp
08/06/2006 07:33 PM 4,096 ~DF8D0D.tmp
08/06/2006 07:28 PM 533 pcfC.tmp
08/06/2006 07:26 PM 4,096 ~DF4DEF.tmp
08/06/2006 07:23 PM 533 pcfB.tmp
08/04/2006 05:52 PM 1,303 TWAIN.LOG
08/04/2006 05:52 PM 4 Twain001.Mtx
08/04/2006 05:52 PM 156 Twunk001.MTX
08/04/2006 08:29 AM 4,096 ~DFE069.tmp
08/03/2006 12:14 PM 4,096 ~DF10D8.tmp
08/02/2006 10:36 AM 4,096 ~DF711A.tmp
08/01/2006 10:05 AM 4,096 ~DFBAFC.tmp
07/31/2006 09:50 AM 4,096 ~DF48F4.tmp
07/30/2006 01:32 PM 4,096 ~DF5B19.tmp
07/29/2006 12:14 PM 4,096 ~DFD1A.tmp
07/28/2006 10:37 AM 4,096 ~DF31B8.tmp
07/27/2006 10:10 AM 4,096 ~DF35AE.tmp
07/26/2006 10:39 AM 4,096 ~DF5F90.tmp
07/26/2006 10:23 AM 4,096 ~DF645.tmp
07/26/2006 10:04 AM 4,096 ~DFCC17.tmp
07/26/2006 10:00 AM 4,096 ~DF6BDD.tmp
07/26/2006 10:00 AM 533 pcfA.tmp
07/26/2006 09:12 AM 4,096 ~DFE28D.tmp
07/25/2006 05:32 PM 4,096 ~DFC768.tmp
07/25/2006 10:52 AM 4,096 ~DF53C3.tmp
07/24/2006 11:05 AM 4,096 ~DFD9BC.tmp
07/23/2006 06:37 PM 4,096 ~DF9922.tmp
HIJACK
Logfile of HijackThis v1.99.1
Scan saved at 9:28:08 PM, on 8/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\rundll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\BM\Local Settings\Temp\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.turnerclassicmovies.com/index.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Generic Proc] procmsg.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad- Watch.exe"
O4 - HKCU\..\RunServices: [Windows Generic Proc] procmsg.exe
O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\BARBIE~1\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: rundll.exe - Unknown owner - C:\WINDOWS\rundll.exe
Filelist
Root
Volume in drive C has no label.
Volume Serial Number is 94F7-A8A6
Directory of C:\
08/24/2006 09:26 PM 43 filelist.txt
08/24/2006 07:08 PM 534,827,008 hiberfil.sys
08/24/2006 07:08 PM 805,306,368 pagefile.sys
08/24/2006 06:53 PM 211 BOOT.INI
08/24/2006 04:59 PM 12,288,592 AVG7QT.DAT
08/23/2006 10:30 PM 141,534 hpfr5100.log
10/31/2005 10:56 AM 700,416 StubInstaller.exe
07/06/2005 09:17 PM 50 AUTOEXEC.BAT
09/28/2004 03:21 PM 47,564 NTDETECT.COM
09/28/2004 03:21 PM 250,032 NTLDR
07/20/2004 11:06 AM 87 SystemInfo.ini
07/20/2004 11:06 AM 855 IPH.PH
07/20/2004 10:43 AM 6,065 DELL.SDR
09/03/2002 08:59 AM 0 CONFIG.SYS
09/03/2002 08:59 AM 0 IO.SYS
09/03/2002 08:59 AM 0 MSDOS.SYS
09/03/2002 08:38 AM 512 BOOTSECT.DOS
17 File(s) 1,353,569,337 bytes
0 Dir(s) 38,902,157,312 bytes free
System
Volume in drive C has no label.
Volume Serial Number is 94F7-A8A6
Directory of C:\WINDOWS\system32
08/24/2006 07:09 PM 1,170 WPA.DBL
08/24/2006 07:09 PM 16,896 TFTP.EXE
08/24/2006 07:09 PM 42,496 ftp.exe
08/24/2006 04:54 PM 499,712 msvcp71.dll
08/24/2006 03:43 PM 8,428 jupdate-1.5.0_08-b03.log
08/09/2006 02:03 PM 8,325,544 MRT.exe
08/06/2006 07:25 PM 308 results.txt
07/28/2006 06:30 AM 3,058,176 mshtml.dll
07/27/2006 08:24 AM 679,424 inetcomm.dll
07/26/2006 10:34 AM 230 spupdsvc.inf
07/26/2006 03:03 AM 127,078 javaws.exe
07/26/2006 03:03 AM 49,265 jpicpl32.cpl
07/26/2006 01:26 AM 53,346 javaw.exe
07/26/2006 01:25 AM 49,248 java.exe
07/25/2006 03:42 PM 615,424 urlmon.dll
07/21/2006 03:24 AM 72,704 hlink.dll
Re: AIM IM Hijacking
Heres the rest of the filelist she missed
Windows
Volume in drive C has no label.
Volume Serial Number is 94F7-A8A6
Directory of C:\WINDOWS
08/24/2006 09:08 PM 665,084 setupapi.log
08/24/2006 07:09 PM 0 0.LOG
08/24/2006 07:09 PM 3,880 ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
08/24/2006 07:09 PM 1,998,616 WindowsUpdate.log
08/24/2006 07:09 PM 159 WIADEBUG.LOG
08/24/2006 07:09 PM 49 WIASERVC.LOG
08/24/2006 07:09 PM 2,048 BOOTSTAT.DAT
08/24/2006 07:08 PM 32,618 SchedLgU.Txt
08/24/2006 06:53 PM 619 WIN.INI
08/24/2006 06:53 PM 227 SYSTEM.INI
08/24/2006 04:29 PM 21,250 KB921883.log
08/24/2006 02:11 PM 1,161,216 rundll.exe
08/21/2006 10:21 PM 1,409 QTFont.for
08/21/2006 10:21 PM 54,156 QTFont.qfn
08/17/2006 01:30 AM 1,374 imsins.log
08/17/2006 01:30 AM 34,022 OCMSN.LOG
08/17/2006 01:30 AM 98,167 IIS6.LOG
08/17/2006 01:30 AM 133,713 ntdtcsetup.log
08/17/2006 01:30 AM 219,450 COMSETUP.LOG
08/17/2006 01:30 AM 249,107 TSOC.LOG
08/17/2006 01:30 AM 16,101 KB920214.log
08/17/2006 01:30 AM 326,303 OCGEN.LOG
08/17/2006 01:30 AM 32,126 MSGSOCM.LOG
08/17/2006 01:30 AM 642,594 FaxSetup.log
08/17/2006 01:30 AM 1,374 imsins.BAK
08/17/2006 01:30 AM 86,853 updspapi.log
08/17/2006 01:30 AM 15,655 KB922616.log
08/17/2006 01:29 AM 16,050 KB921398.log
08/17/2006 01:29 AM 19,311 KB918899.log
08/17/2006 01:29 AM 11,932 KB920670.log
08/17/2006 01:29 AM 12,094 KB917422.log
08/17/2006 01:29 AM 12,342 KB920683.log
08/03/2006 04:28 PM 2,301 mozver.dat
07/26/2006 10:36 AM 1,819 iereseticons.log
07/26/2006 10:35 AM 28,999 ie7beta3Uninst.log
07/26/2006 10:22 AM 36,757 spupdsvc.log
07/26/2006 10:21 AM 20,607 ie7beta3_main.log
07/26/2006 10:19 AM 51,247 KB922880.log
07/26/2006 10:19 AM 56,756 ie7beta3.log
07/26/2006 10:17 AM 8,975 KB915865.log
07/26/2006 10:16 AM 9,674 KB914440.log
07/26/2006 10:16 AM 13,757 KB904942.log
07/13/2006 12:09 AM 11,636 KB917159.log
07/13/2006 12:09 AM 12,358 KB914388.log
07/13/2006 12:09 AM 10,386 KB916595.log
06/28/2006 09:06 AM 19,713 WgaNotify.log
06/15/2006 03:21 PM 92,225 wmsetup.log
Directory of C:\WINDOWS\tasks
08/24/2006 07:09 PM 6 SA.DAT
08/29/2002 05:00 AM 65 DESKTOP.INI
2 File(s) 71 bytes
0 Dir(s) 38,902,034,432 bytes free
Temp
Volume in drive C has no label.
Volume Serial Number is 94F7-A8A6
Directory of C:\DOCUME~1\BARBIE~1\LOCALS~1\Temp
08/24/2006 09:24 PM 1,836 filelist-1.txt
08/24/2006 09:19 PM 1,836 filelist.txt
08/24/2006 09:11 PM 212,849 hijackthis.zip
08/24/2006 08:27 PM 163,381 avg7inst.log
08/24/2006 07:19 PM 179,737 jusched.log
08/24/2006 07:12 PM 4,096 ~DF572E.tmp
08/24/2006 06:52 PM 4,096 ~DF4CC.tmp
08/24/2006 05:53 PM 4,096 ~DF3BF8.tmp
08/24/2006 04:56 PM 707,340 IMT82.xml
08/24/2006 04:56 PM 426 IMT81.xml
08/24/2006 04:56 PM 1,994 IMT80.xml
08/24/2006 03:43 PM 80,290 java_install_reg.log
08/24/2006 03:42 PM 142,430 java_install.log
08/24/2006 03:41 PM 1,151 jinstall.cfg
08/24/2006 02:53 PM 4,096 ~DFB6A5.tmp
08/24/2006 01:24 PM 0 pph61.tmp
08/24/2006 06:29 AM 4,096 ~DF2FF0.tmp
08/23/2006 11:26 AM 0 y9765.tmp
08/23/2006 11:25 AM 0 y9d46.tmp
08/23/2006 11:25 AM 0 un540.tmp
08/23/2006 11:24 AM 0 sqk3B.tmp
08/23/2006 07:13 AM 4,096 ~DFA874.tmp
08/22/2006 02:16 PM 9,305 Microsoft Office 2003 Setup(0002).txt
08/22/2006 02:16 PM 260,844 Microsoft Office 2003 Setup(0002)_Task(0001).txt
08/22/2006 02:15 PM 1,463 Microsoft Office 2003 Setup(0001).txt
08/22/2006 06:23 AM 4,096 ~DF9CC.tmp
08/21/2006 07:17 AM 4,096 ~DF2A89.tmp
08/20/2006 10:01 AM 4,096 ~DF6199.tmp
08/19/2006 10:02 AM 4,096 ~DF1FAA.tmp
08/18/2006 08:21 AM 4,096 ~DFD846.tmp
08/17/2006 10:17 PM 21,176 everyoneshero.bmp
08/17/2006 10:17 PM 21,176 ptchocolate.bmp
08/17/2006 10:17 PM 21,176 walmart.bmp
08/17/2006 10:17 PM 21,176 kyocera.bmp
08/17/2006 10:17 PM 21,176 gatoradefierce.bmp
08/17/2006 06:13 PM 4,096 ~DF89B5.tmp
08/17/2006 02:42 PM 4,096 ~DF6529.tmp
08/17/2006 02:37 PM 533 pcfE.tmp
08/16/2006 07:00 PM 0 fla17C.tmp
08/16/2006 04:43 PM 793,172 tmp.xpi
08/16/2006 04:04 PM 0 oj5DD.tmp
08/16/2006 11:35 AM 4,096 ~DFA291.tmp
08/15/2006 08:50 PM 4,096 ~DFD8C8.tmp
08/15/2006 08:39 PM 942,712 regv1.exe
08/15/2006 08:28 PM 4,096 ~DFC325.tmp
08/15/2006 07:06 PM 4,096 ~DF16AD.tmp
08/15/2006 02:48 PM 4,096 ~DF3162.tmp
08/15/2006 02:19 PM 707,340 IMT2A.xml
08/15/2006 02:19 PM 426 IMT29.xml
08/15/2006 02:19 PM 1,994 IMT28.xml
08/15/2006 12:42 PM 4,096 ~DF55C1.tmp
08/15/2006 12:36 PM 4,096 ~DF8B54.tmp
08/15/2006 12:36 PM 533 pcf3E.tmp
08/15/2006 11:34 AM 4,096 ~DFDAE6.tmp
08/14/2006 04:13 PM 4,096 ~DF23CA.tmp
08/11/2006 01:53 PM 4,096 ~DFAC97.tmp
08/11/2006 11:29 AM 4,096 ~DFD957.tmp
08/10/2006 10:39 PM 4,096 ~DF7B6E.tmp
08/10/2006 12:13 PM 4,096 ~DF843.tmp
08/09/2006 08:31 PM 4,096 ~DF2DF3.tmp
08/07/2006 05:24 PM 4,096 ~DFDAF6.tmp
08/06/2006 07:33 PM 4,096 ~DF8D0D.tmp
08/06/2006 07:28 PM 533 pcfC.tmp
08/06/2006 07:26 PM 4,096 ~DF4DEF.tmp
08/06/2006 07:23 PM 533 pcfB.tmp
08/04/2006 05:52 PM 1,303 TWAIN.LOG
08/04/2006 05:52 PM 4 Twain001.Mtx
08/04/2006 05:52 PM 156 Twunk001.MTX
08/04/2006 08:29 AM 4,096 ~DFE069.tmp
08/03/2006 12:14 PM 4,096 ~DF10D8.tmp
08/02/2006 10:36 AM 4,096 ~DF711A.tmp
08/01/2006 10:05 AM 4,096 ~DFBAFC.tmp
07/31/2006 09:50 AM 4,096 ~DF48F4.tmp
07/30/2006 01:32 PM 4,096 ~DF5B19.tmp
07/29/2006 12:14 PM 4,096 ~DFD1A.tmp
07/28/2006 10:37 AM 4,096 ~DF31B8.tmp
07/27/2006 10:10 AM 4,096 ~DF35AE.tmp
07/26/2006 10:39 AM 4,096 ~DF5F90.tmp
07/26/2006 10:23 AM 4,096 ~DF645.tmp
07/26/2006 10:04 AM 4,096 ~DFCC17.tmp
07/26/2006 10:00 AM 4,096 ~DF6BDD.tmp
07/26/2006 10:00 AM 533 pcfA.tmp
07/26/2006 09:12 AM 4,096 ~DFE28D.tmp
07/25/2006 05:32 PM 4,096 ~DFC768.tmp
07/25/2006 10:52 AM 4,096 ~DF53C3.tmp
07/24/2006 11:05 AM 4,096 ~DFD9BC.tmp
07/23/2006 06:37 PM 4,096 ~DF9922.tmp
0