Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Infected with Trojan.Adclicker.HB & trojan generic 826214

This is a discussion on Infected with Trojan.Adclicker.HB & trojan generic 826214 within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi there : heres my log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:39:07, on 06/11/2008 Platform: Windows


 
 
Thread Tools Search this Thread
Old 11-06-2008, 07:40 AM   #1
Guest
 
Join Date: Nov 2008
Posts: 30
OS:



Hi there :

heres my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:07, on 06/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PC Apps 3\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://us.mcafee.com/root/learnmore/...ue&lcode=en-us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9083 bytes
KennyLegend is offline  
Sponsored Links
Advertisement
 
Old 11-08-2008, 08:47 PM   #2
Guest
 
Join Date: Nov 2008
Posts: 30
OS:



bump
KennyLegend is offline  
Old 11-10-2008, 01:49 AM   #3
Guest
 
Join Date: Nov 2008
Posts: 30
OS:



tried a bit of cleaning myself but still cant get rid of Adclicker.
heres an updated log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:47:56, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
C:\PC Apps 3\Hijackthis\HijackThis.exe
KennyLegend is offline  
Sponsored Links
Advertisement
 
Old 11-10-2008, 05:49 AM   #4
Guest
 
Join Date: Nov 2008
Posts: 30
OS:



Ooops...left out half the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:46:52, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
C:\WINDOWS\system32\rundll32.exe
C:\PC Apps 3\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://us.mcafee.com/root/learnmore/...ue&lcode=en-us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33107fe9-e799-49ce-a747-8d04d428adec} - C:\WINDOWS\system32\leborivo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s
O4 - HKLM\..\Run: [845f2c22] rundll32.exe "C:\WINDOWS\system32\kajopezi.dll",b
O4 - HKLM\..\Run: [CPM876c1fbe] Rundll32.exe "c:\windows\system32\lutirada.dll",a
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\dagitufa.dll c:\windows\system32\lutirada.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lutirada.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lutirada.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9868 bytes
KennyLegend is offline  
Old 11-11-2008, 01:58 AM   #5
Guest
 
Join Date: Nov 2008
Posts: 30
OS:



bump
KennyLegend is offline  
Old 11-11-2008, 06:15 AM   #6
TSF Team, Emeritus
 
Join Date: Oct 2006
Location: UK
Posts: 5,264
OS: OS



Hello and welcome to TSF

Please follow the instruction outlined in our sticky entitled https://www.techsupportforum.com/secu...oval-help.html

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

If there is no response to this post within 72hrs, this thread will be closed.
TheBruce1 is offline  
Old 11-12-2008, 02:40 AM   #7
Guest
 
Join Date: Nov 2008
Posts: 30
OS:



Hi and thanks for the reply.

My problem is my AV keeps alerting me to Trojan.Adclicker.HB and trojan.Generic 827614 being blocked and moved to quarantine. My Internet Browser is re-directing me to other sites (mainly ads) and even when the internet is closed it can open and go to various sites of its own accord.

I have 2 problems with your "first steps" request.
1. DDS is hanging when the dos screen opens and wont run.
2. I dont understand about attaching under the Management attachment buttons. Where are these located ?

Heres is the Gmer report anyway:

GMER 1.0.14.14536 - https://www.gmer.net
Rootkit scan 2008-11-12 10:24:40
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xB9F8E818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xB9F8E7D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xB9F82A20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xB9F832A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xB9F8E910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xB9F8E794]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xAB006B4C]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xAB006C3A]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xB9F832C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xB9F8E866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xB9F8E0B0]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xAB006AB0]

---- Kernel code sections - GMER 1.0.14 ----

? System32\Drivers\6b11c0b9.sys The system cannot find the file specified. !
? System32\Drivers\4e3c06de.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[7504] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 00A42487 c:\windows\system32\hurikupu.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7504] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00A42A53 c:\windows\system32\hurikupu.dll

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A079488

AttachedDevice \FileSystem\Ntfs \Ntfs trufos.sys

Device \FileSystem\Fastfat \FatCdrom 896F7FB0

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)

Device \Driver\Cdrom \Device\CdRom0 89FA8410
Device \FileSystem\Rdbss \Device\FsWrap 8996C030
Device \Driver\iastor \Device\Ide\iaStor0 8AA263C0
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 8AA263C0
Device \Driver\iastor \Device\Ide\IAAStorageDevice-1 8AA263C0
Device \Driver\iastor \Device\Ide\IAAStorageDevice-2 8AA263C0
Device \Driver\Cdrom \Device\CdRom1 89FA8410
Device \FileSystem\Srv \Device\LanmanServer 89E37C40

AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89927320
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89927320
Device \FileSystem\Npfs \Device\NamedPipe 899633D8
Device \FileSystem\Msfs \Device\Mailslot 89DFAC00
Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 89FAEC70
Device \Driver\d347prt \Device\Scsi\d347prt1 89FAEC70
Device \FileSystem\Fastfat \Fat 896F7FB0

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat trufos.sys

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89E1B460
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89E1B460
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89E1B460
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89E1B460
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89E1B460
Device \FileSystem\Cdfs \Cdfs 89F0C1A8

---- Threads - GMER 1.0.14 ----

Thread 4:2092 AC18BAB0
Thread 4:2156 AC1D3AB0
Thread 4:4248 9FA4EAB0
Thread 4:4332 A3A8BAB0
Thread 4:5516 AC1A3AB0

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected]34z0 0xC3 0xA5 0xFF 0xCC ...

---- EOF - GMER 1.0.14 ----
KennyLegend is offline  
Old 11-12-2008, 06:40 AM   #8
TSF Team, Emeritus
 
Join Date: Oct 2006
Location: UK
Posts: 5,264
OS: OS



Quote:
My problem is my AV keeps alerting me to Trojan.Adclicker.HB and trojan.Generic 827614 being blocked and moved to quarantine.
Does it give you more information than that, does it inform you which files are infected, if so, please post those in your reply.

Quote:
1. DDS is hanging when the dos screen opens and wont run.
Bitdefender may well be interfering with DDS, please disconnect from the internet, disable Bitdefender and then run DDS. Remember to enable Bitdefender before re-connecting to the internet.

Download DDS again from the link below.

Link
TheBruce1 is offline  
Old 11-12-2008, 05:52 PM   #9
Guest
 
Join Date: Nov 2008
Posts: 30
OS:



Quote:
Originally Posted by TheBruce1 View Post
Does it give you more information than that, does it inform you which files are infected, if so, please post those in your reply.
Ok Bruce...Im getting a few detections with "trojan.clicker.cm" with filename "popup[1].htm"...located at C:\Documents and settings\local settings\ temporary Internet files since ive returned from work. Internet explorer has been opened and pop ups everywhere.

Also...Ive gotten trojan.adclicker.hb at same location and also at C:\documents and settings\local settings\temp

I have trojan.Adclicker and Trojan.generic at C:\Windows\system32.

I have Trojan.Rincux located at C:\Windows\temp.

I have AdwareAleert.exe .."Trojan.FakeAV" at C:\documents and settings\local settings\Temp\7zS75.tmp\AdwareAlert
KennyLegend is offline  
Old 11-13-2008, 01:53 AM   #10
Guest
 
Join Date: Nov 2008
Posts: 30
OS:



Ive tried DDS again and it still doesnt produce a log.

I disconnected fromt he internet, disabled Bitdefender and double clicked on the DDs application. The DOS screen opened and i got the "It doesnt do squat" screen where it tells me that its only "required to run once". the cursor kept flashing but nothing happens after that. Does it run automatically ?? Ive tried this a few times.
KennyLegend is offline  
Old 11-13-2008, 04:41 AM   #11
TSF Team, Emeritus
 
Join Date: Oct 2006
Location: UK
Posts: 5,264
OS: OS



Delete DDS and follow instructions below.
  • Download RSIT by random/random and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
TheBruce1 is offline  
Old 11-14-2008, 01:44 AM   #12
Guest
 
Join Date: Nov 2008
Posts: 30
OS:



As requested :

Logfile of random's system information tool 1.04 (written by random/random)
Run by Ken & Caroline at 2008-11-14 09:41:46
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 37 GB (25%) free of 149 GB
Total RAM: 2046 MB (1% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:42:00, on 14/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ken & Caroline\Desktop\RSIT.exe
C:\PC Apps 3\Hijackthis\Ken & Caroline.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://us.mcafee.com/root/learnmore/...ue&lcode=en-us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33107fe9-e799-49ce-a747-8d04d428adec} - C:\WINDOWS\system32\leborivo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\y0c2k2wj.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s
O4 - HKLM\..\Run: [845f2c22] rundll32.exe "C:\WINDOWS\system32\mogiwate.dll",b
O4 - HKLM\..\Run: [CPM876c1fbe] Rundll32.exe "c:\windows\system32\vomotuzi.dll",a
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\dagitufa.dll c:\windows\system32\vomotuzi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vomotuzi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vomotuzi.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9958 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33107fe9-e799-49ce-a747-8d04d428adec}]
C:\WINDOWS\system32\leborivo.dll [2008-08-07 60928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}]
solution Class - C:\WINDOWS\system32\y0c2k2wj.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2008-03-04 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-08 7630848]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2004-06-03 204800]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"NWEReboot"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]
"basicsmssmenu"=C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [2007-10-09 169328]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-09-15 368640]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [2007-12-26 61440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"rizozoribo"=C:\WINDOWS\system32\yekugebe.dll [2008-08-07 60928]
"RegistryMechanic"= []
"845f2c22"=C:\WINDOWS\system32\mogiwate.dll [2008-11-12 86068]
"CPM876c1fbe"=c:\windows\system32\vomotuzi.dll [2008-11-13 92212]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\Ken & Caroline\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\dagitufa.dll c:\windows\system32\vomotuzi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vomotuzi.dll [2008-11-13 92212]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vomotuzi.dll [2008-11-13 92212]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOWS\syste
scecli
C:\WINDOWS\system32\dagitufa.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-11-14 09:41:46 ----D---- C:\rsit
2008-11-14 04:22:19 ----SH---- C:\WINDOWS\system32\jumobiva.exe
2008-11-12 13:42:27 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\Publish Providers
2008-11-12 13:42:08 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\Sony
2008-11-12 13:37:34 ----A---- C:\WINDOWS\system32\w3a5i5uh.exe.a_a
2008-11-12 13:37:27 ----D---- C:\Program Files\Vstplugins
2008-11-12 13:37:24 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2008-11-12 13:37:11 ----D---- C:\Program Files\Sony
2008-11-12 13:31:48 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\Sony Setup
2008-11-12 13:31:25 ----D---- C:\Program Files\Sony Setup
2008-11-12 10:17:59 ----SH---- C:\WINDOWS\system32\etawigom.ini
2008-11-12 10:11:25 ----A---- C:\WINDOWS\gmer.ini
2008-11-12 10:11:22 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-12 10:11:22 ----A---- C:\WINDOWS\gmer.dll
2008-11-12 10:11:21 ----A---- C:\WINDOWS\gmer.exe
2008-11-11 22:17:57 ----SH---- C:\WINDOWS\system32\esumajit.ini
2008-11-11 10:17:44 ----SH---- C:\WINDOWS\system32\asuzarot.ini
2008-11-10 22:29:25 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2008-11-10 22:29:21 ----D---- C:\Program Files\Registry Mechanic
2008-11-10 22:17:31 ----SH---- C:\WINDOWS\system32\oyozonav.ini
2008-11-10 10:17:16 ----SH---- C:\WINDOWS\system32\izepojak.ini
2008-11-09 22:17:06 ----SH---- C:\WINDOWS\system32\uwozedop.ini
2008-11-09 10:16:45 ----SH---- C:\WINDOWS\system32\uzigufan.ini
2008-11-08 22:16:16 ----SH---- C:\WINDOWS\system32\avituvut.ini
2008-11-08 10:16:03 ----SH---- C:\WINDOWS\system32\atilideg.ini
2008-11-07 22:15:45 ----SH---- C:\WINDOWS\system32\ayofugul.ini
2008-11-05 2233 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\AdwareAlert
2008-11-02 14:11:21 ----D---- C:\Program Files\CDex_150
2008-11-02 12:51:34 ----A---- C:\WINDOWS\system32\4iSOK8ua.exe.a_a
2008-11-02 12:51:33 ----A---- C:\WINDOWS\system32\4iSOK8ua.exe
2008-11-01 10:01:38 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-11-01 10:01:38 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\locator.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\localspl.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\ftp.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\format.com
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\cmd.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\cacls.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\autochk.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\smss.exe
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\services.exe
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\schannel.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\savedump.exe
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\samlib.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rasman.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\printui.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\userinit.exe
2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\untfs.dll
2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\ulib.dll
2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-11-01 10:01:02 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-11-01 10:01:02 ----A---- C:\WINDOWS\system32\hal.dll
2008-11-01 10:01:01 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-10-31 23:21:56 ----A---- C:\WINDOWS\system32\SET84F.tmp
2008-10-31 23:21:56 ----A---- C:\WINDOWS\system32\SET84B.tmp
2008-10-31 23:21:55 ----A---- C:\WINDOWS\system32\SET847.tmp
2008-10-31 23:21:55 ----A---- C:\WINDOWS\system32\SET844.tmp
2008-10-31 23:21:53 ----A---- C:\WINDOWS\system32\SET83F.tmp
2008-10-31 23:21:53 ----A---- C:\WINDOWS\system32\SET83D.tmp
2008-10-31 23:21:53 ----A---- C:\WINDOWS\system32\SET83A.tmp
2008-10-31 23:21:53 ----A---- C:\WINDOWS\system32\SET839.tmp
2008-10-31 23:21:53 ----A---- C:\WINDOWS\system32\SET835.tmp
2008-10-31 23:21:53 ----A---- C:\WINDOWS\system32\SET834.tmp
2008-10-31 23:21:53 ----A---- C:\WINDOWS\system32\SET831.tmp
2008-10-31 23:21:53 ----A---- C:\WINDOWS\system32\SET830.tmp
2008-10-31 23:21:53 ----A---- C:\WINDOWS\system32\SET82F.tmp
2008-10-31 23:21:53 ----A---- C:\WINDOWS\system32\SET1479.tmp
2008-10-31 23:21:53 ----A---- C:\WINDOWS\system32\SET1478.tmp
2008-10-31 23:21:51 ----A---- C:\WINDOWS\system32\SET82D.tmp
2008-10-31 23:21:51 ----A---- C:\WINDOWS\system32\SET829.tmp
2008-10-31 23:21:51 ----A---- C:\WINDOWS\system32\SET827.tmp
2008-10-31 23:21:51 ----A---- C:\WINDOWS\system32\SET824.tmp
2008-10-31 23:21:51 ----A---- C:\WINDOWS\system32\SET821.tmp
2008-10-31 23:21:51 ----A---- C:\WINDOWS\system32\SET81C.tmp
2008-10-31 23:21:51 ----A---- C:\WINDOWS\system32\SET815.tmp
2008-10-31 23:21:51 ----A---- C:\WINDOWS\system32\SET80D.tmp
2008-10-31 23:21:50 ----A---- C:\WINDOWS\system32\SET80C.tmp
2008-10-31 23:21:50 ----A---- C:\WINDOWS\system32\SET807.tmp
2008-10-31 23:21:50 ----A---- C:\WINDOWS\system32\SET805.tmp
2008-10-31 23:21:50 ----A---- C:\WINDOWS\system32\SET802.tmp
2008-10-31 23:21:49 ----A---- C:\WINDOWS\system32\SET800.tmp
2008-10-31 23:21:49 ----A---- C:\WINDOWS\system32\SET7FF.tmp
2008-10-31 23:21:49 ----A---- C:\WINDOWS\system32\SET7FD.tmp
2008-10-31 23:21:49 ----A---- C:\WINDOWS\system32\SET7FB.tmp
2008-10-31 23:21:49 ----A---- C:\WINDOWS\system32\SET7FA.tmp
2008-10-31 23:21:49 ----A---- C:\WINDOWS\system32\SET7F9.tmp
2008-10-31 23:21:49 ----A---- C:\WINDOWS\system32\SET7F8.tmp
2008-10-31 23:21:49 ----A---- C:\WINDOWS\system32\SET7F6.tmp
2008-10-31 23:21:49 ----A---- C:\WINDOWS\system32\SET7F5.tmp
2008-10-31 23:21:49 ----A---- C:\WINDOWS\system32\SET7F4.tmp
2008-10-31 23:21:49 ----A---- C:\WINDOWS\system32\SET7ED.tmp
2008-10-31 23:21:49 ----A---- C:\WINDOWS\system32\SET7EB.tmp
2008-10-31 23:21:49 ----A---- C:\WINDOWS\system32\SET7E6.tmp
2008-10-31 23:21:49 ----A---- C:\WINDOWS\system32\SET7E3.tmp
2008-10-31 23:21:47 ----A---- C:\WINDOWS\system32\SET7C1.tmp
2008-10-31 23:21:47 ----A---- C:\WINDOWS\system32\SET7C0.tmp
2008-10-31 23:21:47 ----A---- C:\WINDOWS\system32\SET7AE.tmp
2008-10-31 23:21:46 ----A---- C:\WINDOWS\system32\SET7A8.tmp
2008-10-31 23:21:46 ----A---- C:\WINDOWS\system32\SET7A3.tmp
2008-10-31 23:21:46 ----A---- C:\WINDOWS\system32\SET79F.tmp
2008-10-31 23:21:45 ----A---- C:\WINDOWS\system32\SET797.tmp
2008-10-31 23:21:45 ----A---- C:\WINDOWS\system32\SET796.tmp
2008-10-31 23:21:45 ----A---- C:\WINDOWS\system32\SET795.tmp
2008-10-31 23:21:45 ----A---- C:\WINDOWS\system32\SET792.tmp
2008-10-31 23:21:45 ----A---- C:\WINDOWS\system32\SET1456.tmp
2008-10-31 23:21:45 ----A---- C:\WINDOWS\SET876.tmp
2008-10-31 23:21:45 ----A---- C:\WINDOWS\002721_.tmp
2008-10-31 23:21:44 ----A---- C:\WINDOWS\system32\SET77D.tmp
2008-10-31 23:21:44 ----A---- C:\WINDOWS\system32\SET771.tmp
2008-10-31 23:21:44 ----A---- C:\WINDOWS\system32\SET76F.tmp
2008-10-31 23:21:44 ----A---- C:\WINDOWS\system32\SET76A.tmp
2008-10-31 23:21:43 ----A---- C:\WINDOWS\system32\SET760.tmp
2008-10-31 23:21:43 ----A---- C:\WINDOWS\system32\SET75C.tmp
2008-10-31 23:21:43 ----A---- C:\WINDOWS\system32\SET755.tmp
2008-10-31 23:21:43 ----A---- C:\WINDOWS\system32\SET754.tmp
2008-10-31 23:21:43 ----A---- C:\WINDOWS\system32\SET753.tmp
2008-10-31 23:21:43 ----A---- C:\WINDOWS\system32\SET74F.tmp
2008-10-31 23:21:42 ----A---- C:\WINDOWS\system32\SET144F.tmp
2008-10-31 23:21:41 ----A---- C:\WINDOWS\system32\SET746.tmp
2008-10-31 23:21:40 ----A---- C:\WINDOWS\system32\SET72D.tmp
2008-10-31 23:21:40 ----A---- C:\WINDOWS\system32\SET727.tmp
2008-10-31 23:21:39 ----A---- C:\WINDOWS\system32\SET721.tmp
2008-10-31 23:21:39 ----A---- C:\WINDOWS\system32\SET71F.tmp
2008-10-31 23:21:39 ----A---- C:\WINDOWS\system32\SET71D.tmp
2008-10-31 23:21:39 ----A---- C:\WINDOWS\system32\SET719.tmp
2008-10-31 23:21:37 ----A---- C:\WINDOWS\system32\SET707.tmp
2008-10-31 23:21:37 ----A---- C:\WINDOWS\system32\SET703.tmp
2008-10-31 23:21:36 ----A---- C:\WINDOWS\system32\SET700.tmp
2008-10-31 23:21:33 ----A---- C:\WINDOWS\system32\SET6FD.tmp
2008-10-31 23:21:33 ----A---- C:\WINDOWS\system32\SET6FB.tmp
2008-10-31 23:21:33 ----A---- C:\WINDOWS\system32\SET6F4.tmp
2008-10-31 23:21:32 ----A---- C:\WINDOWS\system32\SET6EA.tmp
2008-10-31 23:21:31 ----A---- C:\WINDOWS\system32\SET6E5.tmp
2008-10-31 23:21:31 ----A---- C:\WINDOWS\system32\SET6E3.tmp
2008-10-31 23:21:30 ----A---- C:\WINDOWS\system32\SET6E0.tmp
2008-10-31 23:21:30 ----A---- C:\WINDOWS\system32\SET6D1.tmp
2008-10-31 23:21:29 ----A---- C:\WINDOWS\system32\SET6CB.tmp
2008-10-31 23:21:29 ----A---- C:\WINDOWS\system32\SET6C9.tmp
2008-10-31 23:21:29 ----A---- C:\WINDOWS\system32\SET6C7.tmp
2008-10-31 23:21:28 ----A---- C:\WINDOWS\system32\SET6C0.tmp
2008-10-31 23:21:28 ----A---- C:\WINDOWS\system32\SET6BD.tmp
2008-10-31 23:21:28 ----A---- C:\WINDOWS\system32\SET6BB.tmp
2008-10-31 23:21:28 ----A---- C:\WINDOWS\system32\SET6BA.tmp
2008-10-31 23:21:28 ----A---- C:\WINDOWS\system32\SET6B9.tmp
2008-10-31 23:21:28 ----A---- C:\WINDOWS\system32\SET6B6.tmp
2008-10-31 23:21:28 ----A---- C:\WINDOWS\system32\SET142C.tmp
2008-10-31 23:21:27 ----A---- C:\WINDOWS\system32\SET6A7.tmp
2008-10-31 23:21:27 ----A---- C:\WINDOWS\system32\SET6A3.tmp
2008-10-31 23:21:27 ----A---- C:\WINDOWS\system32\SET6A1.tmp
2008-10-31 23:21:27 ----A---- C:\WINDOWS\system32\SET69F.tmp
2008-10-31 23:21:27 ----A---- C:\WINDOWS\system32\SET69E.tmp
2008-10-31 23:21:27 ----A---- C:\WINDOWS\system32\SET69D.tmp
2008-10-31 23:21:27 ----A---- C:\WINDOWS\system32\SET69C.tmp
2008-10-31 23:21:27 ----A---- C:\WINDOWS\system32\SET69A.tmp
2008-10-31 23:21:23 ----A---- C:\WINDOWS\system32\SET693.tmp
2008-10-31 23:21:23 ----A---- C:\WINDOWS\system32\SET691.tmp
2008-10-31 23:21:23 ----A---- C:\WINDOWS\system32\SET68F.tmp
2008-10-31 23:21:23 ----A---- C:\WINDOWS\system32\SET68E.tmp
2008-10-31 23:21:22 ----A---- C:\WINDOWS\system32\SET685.tmp
2008-10-31 23:21:22 ----A---- C:\WINDOWS\system32\SET683.tmp
2008-10-31 23:21:22 ----A---- C:\WINDOWS\system32\SET680.tmp
2008-10-31 23:21:22 ----A---- C:\WINDOWS\system32\SET67F.tmp
2008-10-31 23:21:22 ----A---- C:\WINDOWS\system32\SET67D.tmp
2008-10-31 23:21:22 ----A---- C:\WINDOWS\system32\SET679.tmp
2008-10-31 23:21:21 ----A---- C:\WINDOWS\system32\SET676.tmp
2008-10-31 23:21:21 ----A---- C:\WINDOWS\system32\SET674.tmp
2008-10-31 23:21:21 ----A---- C:\WINDOWS\system32\SET66D.tmp
2008-10-31 23:21:20 ----A---- C:\WINDOWS\system32\SET669.tmp
2008-10-31 23:21:20 ----A---- C:\WINDOWS\system32\SET667.tmp
2008-10-31 23:21:20 ----A---- C:\WINDOWS\system32\SET664.tmp
2008-10-31 23:21:20 ----A---- C:\WINDOWS\system32\SET660.tmp
2008-10-31 23:21:20 ----A---- C:\WINDOWS\system32\SET65F.tmp
2008-10-31 23:21:20 ----A---- C:\WINDOWS\system32\SET65C.tmp
2008-10-31 23:21:20 ----A---- C:\WINDOWS\system32\SET65B.tmp
2008-10-31 23:21:20 ----A---- C:\WINDOWS\system32\SET658.tmp
2008-10-31 23:21:20 ----A---- C:\WINDOWS\system32\SET653.tmp
2008-10-31 23:21:20 ----A---- C:\WINDOWS\system32\SET650.tmp
2008-10-31 23:21:20 ----A---- C:\WINDOWS\system32\SET64F.tmp
2008-10-31 23:21:19 ----A---- C:\WINDOWS\system32\SET64E.tmp
2008-10-31 23:21:18 ----A---- C:\WINDOWS\system32\SET649.tmp
2008-10-31 23:21:17 ----A---- C:\WINDOWS\system32\SET648.tmp
2008-10-31 23:21:17 ----A---- C:\WINDOWS\system32\SET647.tmp
2008-10-31 23:21:17 ----A---- C:\WINDOWS\system32\SET641.tmp
2008-10-31 23:21:16 ----A---- C:\WINDOWS\system32\SET63B.tmp
2008-10-31 23:21:16 ----A---- C:\WINDOWS\system32\SET639.tmp
2008-10-31 23:21:15 ----A---- C:\WINDOWS\system32\SET637.tmp
2008-10-31 23:21:15 ----A---- C:\WINDOWS\system32\SET635.tmp
2008-10-31 23:21:15 ----A---- C:\WINDOWS\system32\SET62F.tmp
2008-10-31 23:21:15 ----A---- C:\WINDOWS\system32\SET62E.tmp
2008-10-31 23:21:15 ----A---- C:\WINDOWS\system32\SET62D.tmp
2008-10-31 23:21:15 ----A---- C:\WINDOWS\system32\SET62B.tmp
2008-10-31 23:21:15 ----A---- C:\WINDOWS\system32\SET62A.tmp
2008-10-31 23:21:15 ----A---- C:\WINDOWS\system32\SET629.tmp
2008-10-31 23:21:15 ----A---- C:\WINDOWS\system32\SET628.tmp
2008-10-31 23:21:15 ----A---- C:\WINDOWS\system32\SET627.tmp
2008-10-31 23:21:15 ----A---- C:\WINDOWS\system32\SET622.tmp
2008-10-31 23:21:15 ----A---- C:\WINDOWS\system32\SET620.tmp
2008-10-31 23:21:15 ----A---- C:\WINDOWS\system32\SET612.tmp
2008-10-31 23:21:15 ----A---- C:\WINDOWS\system32\SET60F.tmp
2008-10-31 23:21:15 ----A---- C:\WINDOWS\system32\SET60C.tmp
2008-10-31 23:21:14 ----A---- C:\WINDOWS\system32\SET601.tmp
2008-10-31 23:21:14 ----A---- C:\WINDOWS\system32\SET5FB.tmp
2008-10-31 23:21:14 ----A---- C:\WINDOWS\system32\SET5F9.tmp
2008-10-31 23:21:13 ----A---- C:\WINDOWS\system32\SET5F4.tmp
2008-10-31 23:21:13 ----A---- C:\WINDOWS\system32\SET5EE.tmp
2008-10-31 23:21:13 ----A---- C:\WINDOWS\system32\SET5EA.tmp
2008-10-31 23:21:13 ----A---- C:\WINDOWS\system32\SET5E3.tmp
2008-10-31 23:21:13 ----A---- C:\WINDOWS\system32\SET5E1.tmp
2008-10-31 23:21:13 ----A---- C:\WINDOWS\system32\SET5D8.tmp
2008-10-31 23:21:11 ----A---- C:\WINDOWS\system32\SET5CB.tmp
2008-10-31 23:21:11 ----A---- C:\WINDOWS\system32\SET5B8.tmp
2008-10-31 23:21:11 ----A---- C:\WINDOWS\system32\SET5B3.tmp
2008-10-31 23:21:11 ----A---- C:\WINDOWS\system32\SET5AC.tmp
2008-10-31 23:21:11 ----A---- C:\WINDOWS\system32\SET5A7.tmp
2008-10-31 23:21:11 ----A---- C:\WINDOWS\system32\SET5A5.tmp
2008-10-31 23:21:10 ----A---- C:\WINDOWS\system32\SET586.tmp
2008-10-31 23:21:10 ----A---- C:\WINDOWS\system32\SET57A.tmp
2008-10-31 23:21:10 ----A---- C:\WINDOWS\system32\SET575.tmp
2008-10-31 23:21:10 ----A---- C:\WINDOWS\system32\SET574.tmp
2008-10-31 23:21:10 ----A---- C:\WINDOWS\system32\SET571.tmp
2008-10-31 23:21:10 ----A---- C:\WINDOWS\system32\SET56F.tmp
2008-10-31 23:21:10 ----A---- C:\WINDOWS\system32\SET569.tmp
2008-10-31 23:21:09 ----A---- C:\WINDOWS\system32\SET55C.tmp
2008-10-31 23:21:09 ----A---- C:\WINDOWS\system32\SET55B.tmp
2008-10-31 23:21:09 ----A---- C:\WINDOWS\system32\SET55A.tmp
2008-10-31 23:21:09 ----A---- C:\WINDOWS\system32\SET552.tmp
2008-10-31 23:21:09 ----A---- C:\WINDOWS\system32\SET550.tmp
2008-10-31 23:21:08 ----A---- C:\WINDOWS\system32\SET54C.tmp
2008-10-31 23:21:08 ----A---- C:\WINDOWS\system32\SET54A.tmp
2008-10-31 23:21:08 ----A---- C:\WINDOWS\system32\SET541.tmp
2008-10-31 23:21:08 ----A---- C:\WINDOWS\system32\SET540.tmp
2008-10-31 23:21:08 ----A---- C:\WINDOWS\system32\SET53C.tmp
2008-10-31 23:21:08 ----A---- C:\WINDOWS\system32\SET53B.tmp
2008-10-31 23:21:08 ----A---- C:\WINDOWS\system32\SET53A.tmp
2008-10-31 23:21:08 ----A---- C:\WINDOWS\system32\SET539.tmp
2008-10-31 23:21:08 ----A---- C:\WINDOWS\system32\SET536.tmp
2008-10-31 23:21:08 ----A---- C:\WINDOWS\system32\SET530.tmp
2008-10-31 23:21:08 ----A---- C:\WINDOWS\system32\SET525.tmp
2008-10-31 23:21:06 ----A---- C:\WINDOWS\system32\SET506.tmp
2008-10-31 23:21:06 ----A---- C:\WINDOWS\system32\SET505.tmp
2008-10-31 23:21:06 ----A---- C:\WINDOWS\system32\SET503.tmp
2008-10-31 23:21:06 ----A---- C:\WINDOWS\system32\SET502.tmp
2008-10-31 23:21:06 ----A---- C:\WINDOWS\system32\SET501.tmp
2008-10-31 23:21:06 ----A---- C:\WINDOWS\system32\SET500.tmp
2008-10-31 23:21:06 ----A---- C:\WINDOWS\system32\SET4FB.tmp
2008-10-31 23:21:06 ----A---- C:\WINDOWS\system32\SET4F7.tmp
2008-10-31 23:21:06 ----A---- C:\WINDOWS\system32\SET4F6.tmp
2008-10-31 23:21:05 ----A---- C:\WINDOWS\system32\SET4E1.tmp
2008-10-31 23:21:05 ----A---- C:\WINDOWS\system32\SET4DB.tmp
2008-10-31 23:21:05 ----A---- C:\WINDOWS\system32\SET4D5.tmp
2008-10-31 23:21:05 ----A---- C:\WINDOWS\system32\SET4D1.tmp
2008-10-31 23:21:05 ----A---- C:\WINDOWS\system32\SET1405.tmp
2008-10-31 23:21:04 ----A---- C:\WINDOWS\system32\SET4C8.tmp
2008-10-31 23:21:04 ----A---- C:\WINDOWS\system32\SET4C6.tmp
2008-10-31 23:21:04 ----A---- C:\WINDOWS\system32\SET4BF.tmp
2008-10-31 23:21:04 ----A---- C:\WINDOWS\system32\SET4BB.tmp
2008-10-31 23:21:04 ----A---- C:\WINDOWS\system32\SET4B9.tmp
2008-10-31 23:21:04 ----A---- C:\WINDOWS\system32\SET4AC.tmp
2008-10-31 23:21:03 ----A---- C:\WINDOWS\system32\SET49D.tmp
2008-10-31 23:21:03 ----A---- C:\WINDOWS\system32\SET49C.tmp
2008-10-31 23:21:03 ----A---- C:\WINDOWS\system32\SET49B.tmp
2008-10-31 23:21:03 ----A---- C:\WINDOWS\system32\SET49A.tmp
2008-10-31 23:21:03 ----A---- C:\WINDOWS\system32\SET497.tmp
2008-10-31 23:21:03 ----A---- C:\WINDOWS\system32\SET48A.tmp
2008-10-31 23:21:03 ----A---- C:\WINDOWS\system32\SET487.tmp
2008-10-31 23:21:02 ----A---- C:\WINDOWS\system32\SET485.tmp
2008-10-31 23:21:02 ----A---- C:\WINDOWS\system32\SET481.tmp
2008-10-31 23:21:02 ----A---- C:\WINDOWS\system32\SET47E.tmp
2008-10-31 23:21:02 ----A---- C:\WINDOWS\system32\SET462.tmp
2008-10-31 23:21:02 ----A---- C:\WINDOWS\system32\SET45F.tmp
2008-10-31 23:21:02 ----A---- C:\WINDOWS\system32\SET45D.tmp
2008-10-31 23:21:02 ----A---- C:\WINDOWS\system32\SET452.tmp
2008-10-31 23:21:02 ----A---- C:\WINDOWS\system32\SET451.tmp
2008-10-31 23:21:02 ----A---- C:\WINDOWS\system32\SET450.tmp
2008-10-31 23:21:02 ----A---- C:\WINDOWS\system32\SET13FE.tmp
2008-10-31 23:20:59 ----A---- C:\WINDOWS\system32\SET436.tmp
2008-10-31 23:20:59 ----A---- C:\WINDOWS\system32\SET434.tmp
2008-10-31 23:20:59 ----A---- C:\WINDOWS\system32\SET433.tmp
2008-10-31 23:20:59 ----A---- C:\WINDOWS\system32\SET42D.tmp
2008-10-31 23:20:59 ----A---- C:\WINDOWS\system32\SET42C.tmp
2008-10-31 23:20:59 ----A---- C:\WINDOWS\system32\SET42B.tmp
2008-10-31 23:20:59 ----A---- C:\WINDOWS\system32\SET42A.tmp
2008-10-31 23:20:59 ----A---- C:\WINDOWS\system32\SET426.tmp
2008-10-31 23:20:59 ----A---- C:\WINDOWS\system32\SET424.tmp
2008-10-31 23:20:59 ----A---- C:\WINDOWS\system32\SET423.tmp
2008-10-31 23:20:59 ----A---- C:\WINDOWS\system32\SET421.tmp
2008-10-31 23:20:59 ----A---- C:\WINDOWS\system32\SET13FA.tmp
2008-10-31 23:20:58 ----A---- C:\WINDOWS\system32\SET40A.tmp
2008-10-31 23:20:58 ----A---- C:\WINDOWS\system32\SET407.tmp
2008-10-31 23:20:58 ----A---- C:\WINDOWS\system32\SET404.tmp
2008-10-31 23:20:58 ----A---- C:\WINDOWS\system32\SET3FB.tmp
2008-10-31 23:20:58 ----A---- C:\WINDOWS\system32\SET3F9.tmp
2008-10-31 23:20:58 ----A---- C:\WINDOWS\system32\SET3F5.tmp
2008-10-31 23:20:58 ----A---- C:\WINDOWS\system32\SET13F5.tmp
2008-10-31 23:20:58 ----A---- C:\WINDOWS\system32\SET13F2.tmp
2008-10-31 23:20:57 ----A---- C:\WINDOWS\system32\SET3F2.tmp
2008-10-31 23:20:57 ----A---- C:\WINDOWS\system32\SET3F1.tmp
2008-10-31 2336 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-31 2336 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-31 2336 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-31 07:46:56 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-24 02:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 17:55:57 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg
2008-10-18 11:04:29 ----N---- C:\WINDOWS\system32\_003275_.tmp.dll
2008-10-18 11:04:29 ----N---- C:\WINDOWS\system32\_003274_.tmp.dll
2008-10-18 11:03:51 ----N---- C:\WINDOWS\system32\_003272_.tmp.dll
2008-10-18 11:03:51 ----N---- C:\WINDOWS\system32\_003267_.tmp.dll
2008-10-18 11:03:51 ----N---- C:\WINDOWS\system32\_003266_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003265_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003264_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003263_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003260_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003259_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003258_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003257_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003255_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003252_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003250_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003249_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003245_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003244_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003243_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003240_.tmp.dll
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003237_.tmp.dll
2008-10-18 11:03:49 ----N---- C:\WINDOWS\system32\_003236_.tmp.dll
2008-10-18 11:03:49 ----N---- C:\WINDOWS\system32\_003235_.tmp.dll
2008-10-18 11:03:49 ----N---- C:\WINDOWS\system32\_003228_.tmp.dll
2008-10-18 11:03:49 ----N---- C:\WINDOWS\system32\_003223_.tmp.dll
2008-10-18 11:03:48 ----N---- C:\WINDOWS\system32\_003218_.tmp.dll
2008-10-18 11:03:48 ----N---- C:\WINDOWS\system32\_003215_.tmp.dll
2008-10-18 11:03:48 ----N---- C:\WINDOWS\system32\_003213_.tmp.dll
2008-10-18 11:03:48 ----N---- C:\WINDOWS\system32\_003209_.tmp.dll
2008-10-18 11:03:48 ----N---- C:\WINDOWS\system32\_003207_.tmp.dll
2008-10-18 11:03:48 ----N---- C:\WINDOWS\system32\_003173_.tmp.dll
2008-10-18 11:03:48 ----N---- C:\WINDOWS\system32\_003172_.tmp.dll
2008-10-18 11:03:48 ----N---- C:\WINDOWS\system32\_003171_.tmp.dll
2008-10-18 11:03:48 ----N---- C:\WINDOWS\system32\_003165_.tmp.dll
2008-10-16 02:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-11-14 09:40:04 ----D---- C:\Program Files\Mozilla Firefox
2008-11-14 04:22:19 ----D---- C:\WINDOWS\system32
2008-11-14 00:00:05 ----A---- C:\WINDOWS\webshots.ini
2008-11-13 13:23:52 ----D---- C:\WINDOWS\Temp
2008-11-13 11:42:14 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-13 10:18:21 ----ASH---- C:\WINDOWS\system32\vomotuzi.dll
2008-11-12 23:02:09 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-12 22:18:04 ----ASH---- C:\WINDOWS\system32\porasusa.dll
2008-11-12 22:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-12 14:19:27 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\Azureus
2008-11-12 14:19:26 ----D---- C:\Program Files\PeerGuardian2
2008-11-12 13:49:33 ----RSD---- C:\WINDOWS\assembly
2008-11-12 13:49:33 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-12 13:37:42 ----SHD---- C:\WINDOWS\Installer
2008-11-12 13:37:35 ----SD---- C:\WINDOWS\Tasks
2008-11-12 13:37:27 ----RD---- C:\Program Files
2008-11-12 13:36:33 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-12 13:35:12 ----D---- C:\WINDOWS\WinSxS
2008-11-12 13:34:56 ----HD---- C:\WINDOWS\inf
2008-11-12 13:34:51 ----D---- C:\Program Files\Internet Explorer
2008-11-12 11:55:17 ----D---- C:\PC Apps 3
2008-11-12 10:17:59 ----ASH---- C:\WINDOWS\system32\yorojopa.dll
2008-11-12 10:17:59 ----ASH---- C:\WINDOWS\system32\mogiwate.dll
2008-11-12 10:11:25 ----D---- C:\WINDOWS
2008-11-12 10:11:22 ----D---- C:\WINDOWS\system32\drivers
2008-11-11 22:17:57 ----N---- C:\WINDOWS\system32\tijamuse.dll
2008-11-11 22:17:57 ----ASH---- C:\WINDOWS\system32\hurikupu.dll
2008-11-11 10:17:53 ----ASH---- C:\WINDOWS\system32\valokiga.dll
2008-11-11 10:17:44 ----N---- C:\WINDOWS\system32\torazusa.dll
2008-11-10 22:17:31 ----N---- C:\WINDOWS\system32\vanozoyo.dll
2008-11-10 22:17:31 ----ASH---- C:\WINDOWS\system32\noginaru.dll
2008-11-10 10:17:16 ----N---- C:\WINDOWS\system32\kajopezi.dll
2008-11-10 10:17:16 ----ASH---- C:\WINDOWS\system32\lutirada.dll
2008-11-09 22:17:06 ----N---- C:\WINDOWS\system32\podezowu.dll
2008-11-09 22:17:06 ----ASH---- C:\WINDOWS\system32\bosetiga.dll
2008-11-09 12:51:01 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-11-09 12:49:32 ----A---- C:\WINDOWS\bdagent.INI
2008-11-09 12:48:48 ----SHD---- C:\System Volume Information
2008-11-09 12:48:48 ----D---- C:\WINDOWS\system32\Restore
2008-11-09 10:16:42 ----N---- C:\WINDOWS\system32\nafugizu.dll
2008-11-09 10:16:42 ----ASH---- C:\WINDOWS\system32\yejimoya.dll
2008-11-08 22:16:16 ----N---- C:\WINDOWS\system32\tuvutiva.dll
2008-11-08 22:16:15 ----ASH---- C:\WINDOWS\system32\riyoyiga.dll
2008-11-08 10:16:03 ----ASH---- C:\WINDOWS\system32\vatutawi.dll
2008-11-07 22:15:43 ----ASH---- C:\WINDOWS\system32\pifotamo.dll
2008-11-07 16:50:12 ----D---- C:\dvd covers
2008-11-01 23:03:06 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-01 23:03:06 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-01 22:53:51 ----D---- C:\WINDOWS\system32\wbem
2008-11-01 22:53:51 ----D---- C:\WINDOWS\system32\Setup
2008-11-01 22:53:51 ----D---- C:\WINDOWS\AppPatch
2008-11-01 22:53:49 ----RSD---- C:\WINDOWS\Fonts
2008-11-01 10:41:22 ----D---- C:\WINDOWS\system32\dllcache
2008-11-01 10:41:19 ----D---- C:\Program Files\Messenger
2008-11-01 10:41:16 ----D---- C:\WINDOWS\system32\usmt
2008-11-01 10:41:14 ----D---- C:\WINDOWS\system32\oobe
2008-11-01 10:41:13 ----D---- C:\WINDOWS\system32\npp
2008-11-01 10:41:06 ----D---- C:\WINDOWS\system32\Com
2008-11-01 10:40:12 ----D---- C:\WINDOWS\system
2008-11-01 10:40:11 ----D---- C:\WINDOWS\srchasst
2008-11-01 10:40:11 ----D---- C:\WINDOWS\PeerNet
2008-11-01 10:40:10 ----D---- C:\WINDOWS\network diagnostic
2008-11-01 10:40:09 ----D---- C:\WINDOWS\msagent
2008-11-01 10:40:05 ----D---- C:\WINDOWS\ime
2008-11-01 10:40:05 ----D---- C:\WINDOWS\Help
2008-11-01 10:40:00 ----D---- C:\Program Files\Windows NT
2008-11-01 10:40:00 ----D---- C:\Program Files\Windows Media Player
2008-11-01 10:40:00 ----D---- C:\Program Files\Outlook Express
2008-11-01 10:39:59 ----D---- C:\Program Files\NetMeeting
2008-11-01 10:39:58 ----D---- C:\Program Files\Movie Maker
2008-11-01 10:39:54 ----D---- C:\Program Files\Common Files\System
2008-11-01 10:39:38 ----D---- C:\WINDOWS\system32\scripting
2008-11-01 10:39:38 ----D---- C:\WINDOWS\system32\en-US
2008-11-01 10:39:38 ----D---- C:\WINDOWS\system32\en
2008-11-01 10:39:36 ----D---- C:\WINDOWS\system32\bits
2008-11-01 10:38:23 ----D---- C:\WINDOWS\l2schemas
2008-11-01 10:08:06 ----D---- C:\WINDOWS\security
2008-11-01 10:01:59 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-01 09:58:48 ----D---- C:\WINDOWS\EHome
2008-11-01 03:02:11 ----A---- C:\WINDOWS\win.ini
2008-11-01 03:01:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-01 03:00:33 ----D---- C:\Program Files\Microsoft Works
2008-10-31 07:33:03 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-30 03:01:05 ----A---- C:\WINDOWS\imsins.BAK
2008-10-27 10:43:49 ----D---- C:\WINDOWS\system32\config
2008-10-27 10:43:29 ----D---- C:\WINDOWS\Registration
2008-10-24 02:00:29 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-17 02:01:01 ----D---- C:\WINDOWS\ie7updates
2008-10-15 16:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-02 86792]
R3 bdfsfltr;bdfsfltr; 730079007300740065006D00330032005C0044005200490056004500520053005C00620064006600730066006C00740072002E007300790073000000 []
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
R3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-08 3958272]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648]
R3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-12 85969]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-09-06 30336]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2004-08-03 95360]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-04 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Basics Service;Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2007-01-30 917504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-07-02 1155072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-08 155715]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-09-11 1261568]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2007-12-26 86016]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-12-26 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-03 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2007-03-05 68096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-11-14 09:42:03

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->C:\Program Files\Common Files\Adobe\Installers\05ba3a63f36684fe0c5dde2ebe6f8f5\Setup.exe
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Setup-->MsiExec.exe /I{56B8B892-317E-4FDE-9E4D-44B189848A27}
Adobe SING CS3-->MsiExec.exe /I{3F9B2FD2-1C83-4401-9967-C3636638E958}
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Anark Client 1.0-->C:\Program Files\Anark\Client\AMInstal.exe -uninstall
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Azureus-->C:\Program Files\Azureus\Uninstall.exe
BitDefender Internet Security 2008-->MsiExec.exe /I{139412E5-09C2-463A-8B1C-26AEB8655BA7}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon PhotoRecord-->MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP4000-->C:\WINDOWS\system32\CNMCP64.exe "-PRINTERNAMECanon PIXMA iP4000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Cucusoft iPod Movie/Video Converter 2.00-->"C:\Program Files\Cucusoft\ipod-converter\unins000.exe"
CuteFTP 8 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Diskeeper 2007 Pro Premier-->MsiExec.exe /X{6EEE934B-F292-4995-95BF-4AE871AC42E8}
Drive Manager-->"C:\Program Files\InstallShield Installation Information\{48B0F38D-1913-44F3-99AA-D4C55A2B038E}\setup.exe" -runfromtemp -l0x0409 -removeonly
Drive Manager-->MsiExec.exe /I{48B0F38D-1913-44F3-99AA-D4C55A2B038E}
Garmin City Navigator Europe NT 2008-->MsiExec.exe /X{EEC8205A-E3DE-4C00-B60C-48E3B9B58B13}
Garmin Communicator Plugin-->MsiExec.exe /X{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\PC Apps 3\Hijackthis\HijackThis.exe" /uninstall
Holiday Snowflakes Screen Saver 1.2-->C:\WINDOWS\unins000.exe
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire PRO 4.17.1-->"C:\Program Files\LimeWire\uninstall.exe"
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia Flashing Cable Driver-->MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999}
Nokia Lifeblog 2.1-->MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia MTP driver-->MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}
Nokia N73 highlights-->MsiExec.exe /I{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}
Nokia Nseries Skin for Microsoft Windows Media Player-->MsiExec.exe /I{73E30715-9EC4-4DAE-BE67-64500AEB8012}
Nokia PC Connectivity Solution-->MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite-->MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Nokia themes for your device-->MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
PeerGuardian v1.99 pr14-->"C:\Program Files\PeerGuardian pr14\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Registry Mechanic 7.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" UNINSTALL
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Vegas Movie Studio Platinum 9.0-->MsiExec.exe /X{97E038E1-41AD-4C93-BCDC-6A2394AEE352}
Webshots!-->C:\WINDOWS\WebshotsUninstall.exe
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Winter Fun Pack Screensavers-->MsiExec.exe /I{27D0C7AB-59F1-4D4D-A0BB-05A31AC919EA}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.147 85.255.112.211
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.147 85.255.112.211
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E8089F5-387F-44AC-8F1E-295443C79793}: NameServer = 85.255.116.147,85.255.112.211
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)

======Security center information======

AV: Bitdefender Antivirus
AV: (disabled) (outdated)
FW: Bitdefender Firewall
FW: (disabled)

-----------------EOF-----------------
KennyLegend is offline  
Old 11-14-2008, 05:40 AM   #13
TSF Team, Emeritus
 
Join Date: Oct 2006
Location: UK
Posts: 5,264
OS: OS



Hello again

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please DO NOT Attach logs to your posts unless you are advised to do so.

==========

P2P

P2P - I see you have P2P software Azureus and LimeWire PRO 4.17.1 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are Here,
Here and Here.


===========

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
[*]Double click on combofix.exe & follow the prompts.
[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Click on Yes, to continue scanning for malware.
[*]Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
[*] When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


========

Quote:
======Security center information======

AV: Bitdefender Antivirus
AV: (disabled) (outdated)
FW: Bitdefender Firewall
FW: (disabled)
Enable and update Bitdefender.

=========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=========
Logs Required
C:\Combofix.txt
Hijackthis Log
TheBruce1 is offline  
Old 11-14-2008, 10:22 AM   #14
Guest
 
Join Date: Nov 2008
Posts: 30
OS:



Howdy.

The problem in having now is that when I click on any of your links to download combofix it doesnt give the option to re-name it before saving it. It just downloads straight to the desktop. I disabled Bitdefender and Then when I double click on combofix.exe it tries to run but nothing happens. this has been happening the last few days with other software ive tried to run as well..ie some programs just wont open.
KennyLegend is offline  
Old 11-14-2008, 10:26 AM   #15
TSF Team, Emeritus
 
Join Date: Oct 2006
Location: UK
Posts: 5,264
OS: OS



Quote:
Then when I double click on combofix.exe it tries to run but nothing happens. this has been happening the last few days with other software ive tried to run as well..ie some programs just wont open.
Right click on combofix and select rename- rename to Kenny, then run combofix.
TheBruce1 is offline  
Old 11-14-2008, 01:24 PM   #16
Guest
 
Join Date: Nov 2008
Posts: 30
OS:



Quote:
Originally Posted by TheBruce1 View Post
Right click on combofix and select rename- rename to Kenny, then run combofix.
Hi mate....maybe its just me....maybe im worse than i thought.

I right-clicked on Combofix, re-named it and it asked me if i was sure i wanted to re-name it as changing an extension file could make it become unstable. I clicked ok and it turned into a read-only file. Aaarrrgghh.
SO i put back in the ".exe" extension and tried to run it but stil nothing.

This is really wrecking my head at this stage. Im real close to wiping the whole PC.
KennyLegend is offline  
Old 11-14-2008, 01:52 PM   #17
TSF Team, Emeritus
 
Join Date: Oct 2006
Location: UK
Posts: 5,264
OS: OS



Quote:
I right-clicked on Combofix, re-named it and it asked me if i was sure i wanted to re-name it as changing an extension file could make it become unstable. I clicked ok and it turned into a read-only file. Aaarrrgghh.
SO i put back in the ".exe" extension and tried to run it but stil nothing.
Never had that happen before, let`s try this:


Go Start >> Run and copy/paste the following single-line command into the Run box and click OK:

"%userprofile%\desktop\kenny.exe"

If you have used capitals when renaming, make sure to include them in the command.

If this does not work, we`ll try something else.
TheBruce1 is offline  
Old 11-14-2008, 01:56 PM   #18
Guest
 
Join Date: Nov 2008
Posts: 30
OS:



Nah...same thing. the small COmbofix box comes up with the scrolling bar then disapperas...then nothing !!
KennyLegend is offline  
Old 11-14-2008, 02:49 PM   #19
TSF Team, Emeritus
 
Join Date: Oct 2006
Location: UK
Posts: 5,264
OS: OS



Hello again

Please download OTMoveIt3 by OldTimer.

Save it to your desktop.
Double-click on OTMoveIt3.exe

Using notepad copy the lines in the codebox below:

Quote:
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\WINDOWS\system32\blank.htm"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33107fe9-e799-49ce-a747-8d04d428adec}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"rizozoribo"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"845f2c22"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CPM876c1fbe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
"STS"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=hex(7):73,63,65,63,6c,69,00,00

:Files
C:\WINDOWS\system32\leborivo.dll
C:\WINDOWS\system32\yekugebe.dll
C:\WINDOWS\system32\mogiwate.dll
c:\windows\system32\vomotuzi.dll
C:\WINDOWS\system32\dagitufa.dll
C:\WINDOWS\system32\jumobiva.exe
C:\WINDOWS\system32\w3a5i5uh.exe.a_a
C:\WINDOWS\system32\esumajit.ini
C:\WINDOWS\system32\asuzarot.ini
C:\WINDOWS\system32\oyozonav.ini
C:\WINDOWS\system32\izepojak.ini
C:\WINDOWS\system32\uwozedop.ini
C:\WINDOWS\system32\uzigufan.ini
C:\WINDOWS\system32\avituvut.ini
C:\WINDOWS\system32\atilideg.ini
C:\WINDOWS\system32\ayofugul.ini
C:\Documents and Settings\Ken & Caroline\Application Data\AdwareAlert
C:\WINDOWS\system32\4iSOK8ua.exe.a_a
C:\WINDOWS\system32\4iSOK8ua.exe
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\system32\SET84F.tmp
C:\WINDOWS\system32\SET84B.tmp
C:\WINDOWS\system32\SET847.tmp
C:\WINDOWS\system32\SET844.tmp
C:\WINDOWS\system32\SET83F.tmp
C:\WINDOWS\system32\SET83D.tmp
C:\WINDOWS\system32\SET83A.tmp
C:\WINDOWS\system32\SET839.tmp
C:\WINDOWS\system32\SET835.tmp
C:\WINDOWS\system32\SET834.tmp
C:\WINDOWS\system32\SET831.tmp
C:\WINDOWS\system32\SET830.tmp
C:\WINDOWS\system32\SET82F.tmp
C:\WINDOWS\system32\SET1479.tmp
C:\WINDOWS\system32\SET1478.tmp
C:\WINDOWS\system32\SET82D.tmp
C:\WINDOWS\system32\SET829.tmp
C:\WINDOWS\system32\SET827.tmp
C:\WINDOWS\system32\SET824.tmp
C:\WINDOWS\system32\SET821.tmp
C:\WINDOWS\system32\SET81C.tmp
C:\WINDOWS\system32\SET815.tmp
C:\WINDOWS\system32\SET80D.tmp
C:\WINDOWS\system32\SET80C.tmp
C:\WINDOWS\system32\SET807.tmp
C:\WINDOWS\system32\SET805.tmp
C:\WINDOWS\system32\SET802.tmp
C:\WINDOWS\system32\SET800.tmp
C:\WINDOWS\system32\SET7FF.tmp
C:\WINDOWS\system32\SET7FD.tmp
C:\WINDOWS\system32\SET7FB.tmp
C:\WINDOWS\system32\SET7FA.tmp
C:\WINDOWS\system32\SET7F9.tmp
C:\WINDOWS\system32\SET7F8.tmp
C:\WINDOWS\system32\SET7F6.tmp
C:\WINDOWS\system32\SET7F5.tmp
C:\WINDOWS\system32\SET7F4.tmp
C:\WINDOWS\system32\SET7ED.tmp
C:\WINDOWS\system32\SET7EB.tmp
C:\WINDOWS\system32\SET7E6.tmp
C:\WINDOWS\system32\SET7E3.tmp
C:\WINDOWS\system32\SET7C1.tmp
C:\WINDOWS\system32\SET7C0.tmp
C:\WINDOWS\system32\SET7AE.tmp
C:\WINDOWS\system32\SET7A8.tmp
C:\WINDOWS\system32\SET7A3.tmp
C:\WINDOWS\system32\SET79F.tmp
C:\WINDOWS\system32\SET797.tmp
C:\WINDOWS\system32\SET796.tmp
C:\WINDOWS\system32\SET795.tmp
C:\WINDOWS\system32\SET792.tmp
C:\WINDOWS\system32\SET1456.tmp
C:\WINDOWS\SET876.tmp
C:\WINDOWS\002721_.tmp
C:\WINDOWS\system32\SET77D.tmp
C:\WINDOWS\system32\SET771.tmp
C:\WINDOWS\system32\SET76F.tmp
C:\WINDOWS\system32\SET76A.tmp
C:\WINDOWS\system32\SET760.tmp
C:\WINDOWS\system32\SET75C.tmp
C:\WINDOWS\system32\SET755.tmp
C:\WINDOWS\system32\SET754.tmp
C:\WINDOWS\system32\SET753.tmp
C:\WINDOWS\system32\SET74F.tmp
C:\WINDOWS\system32\SET144F.tmp
C:\WINDOWS\system32\SET746.tmp
C:\WINDOWS\system32\SET72D.tmp
C:\WINDOWS\system32\SET727.tmp
C:\WINDOWS\system32\SET721.tmp
C:\WINDOWS\system32\SET71F.tmp
C:\WINDOWS\system32\SET71D.tmp
C:\WINDOWS\system32\SET719.tmp
C:\WINDOWS\system32\SET707.tmp
C:\WINDOWS\system32\SET703.tmp
C:\WINDOWS\system32\SET700.tmp
C:\WINDOWS\system32\SET6FD.tmp
C:\WINDOWS\system32\SET6FB.tmp
C:\WINDOWS\system32\SET6F4.tmp
C:\WINDOWS\system32\SET6EA.tmp
C:\WINDOWS\system32\SET6E5.tmp
C:\WINDOWS\system32\SET6E3.tmp
C:\WINDOWS\system32\SET6E0.tmp
C:\WINDOWS\system32\SET6D1.tmp
C:\WINDOWS\system32\SET6CB.tmp
C:\WINDOWS\system32\SET6C9.tmp
C:\WINDOWS\system32\SET6C7.tmp
C:\WINDOWS\system32\SET6C0.tmp
C:\WINDOWS\system32\SET6BD.tmp
C:\WINDOWS\system32\SET6BB.tmp
C:\WINDOWS\system32\SET6BA.tmp
C:\WINDOWS\system32\SET6B9.tmp
C:\WINDOWS\system32\SET6B6.tmp
C:\WINDOWS\system32\SET142C.tmp
C:\WINDOWS\system32\SET6A7.tmp
C:\WINDOWS\system32\SET6A3.tmp
C:\WINDOWS\system32\SET6A1.tmp
C:\WINDOWS\system32\SET69F.tmp
C:\WINDOWS\system32\SET69E.tmp
C:\WINDOWS\system32\SET69D.tmp
C:\WINDOWS\system32\SET69C.tmp
C:\WINDOWS\system32\SET69A.tmp
C:\WINDOWS\system32\SET693.tmp
C:\WINDOWS\system32\SET691.tmp
C:\WINDOWS\system32\SET68F.tmp
C:\WINDOWS\system32\SET68E.tmp
C:\WINDOWS\system32\SET685.tmp
C:\WINDOWS\system32\SET683.tmp
C:\WINDOWS\system32\SET680.tmp
C:\WINDOWS\system32\SET67F.tmp
C:\WINDOWS\system32\SET67D.tmp
C:\WINDOWS\system32\SET679.tmp
C:\WINDOWS\system32\SET676.tmp
C:\WINDOWS\system32\SET674.tmp
C:\WINDOWS\system32\SET66D.tmp
C:\WINDOWS\system32\SET669.tmp
C:\WINDOWS\system32\SET667.tmp
C:\WINDOWS\system32\SET664.tmp
C:\WINDOWS\system32\SET660.tmp
C:\WINDOWS\system32\SET65F.tmp
C:\WINDOWS\system32\SET65C.tmp
C:\WINDOWS\system32\SET65B.tmp
C:\WINDOWS\system32\SET658.tmp
C:\WINDOWS\system32\SET653.tmp
C:\WINDOWS\system32\SET650.tmp
C:\WINDOWS\system32\SET64F.tmp
C:\WINDOWS\system32\SET64E.tmp
C:\WINDOWS\system32\SET649.tmp
C:\WINDOWS\system32\SET648.tmp
C:\WINDOWS\system32\SET647.tmp
C:\WINDOWS\system32\SET641.tmp
C:\WINDOWS\system32\SET63B.tmp
C:\WINDOWS\system32\SET639.tmp
C:\WINDOWS\system32\SET637.tmp
C:\WINDOWS\system32\SET635.tmp
C:\WINDOWS\system32\SET62F.tmp
C:\WINDOWS\system32\SET62E.tmp
C:\WINDOWS\system32\SET62D.tmp
C:\WINDOWS\system32\SET62B.tmp
C:\WINDOWS\system32\SET62A.tmp
C:\WINDOWS\system32\SET629.tmp
C:\WINDOWS\system32\SET628.tmp
C:\WINDOWS\system32\SET627.tmp
C:\WINDOWS\system32\SET622.tmp
C:\WINDOWS\system32\SET620.tmp
C:\WINDOWS\system32\SET612.tmp
C:\WINDOWS\system32\SET60F.tmp
C:\WINDOWS\system32\SET60C.tmp
C:\WINDOWS\system32\SET601.tmp
C:\WINDOWS\system32\SET5FB.tmp
C:\WINDOWS\system32\SET5F9.tmp
C:\WINDOWS\system32\SET5F4.tmp
C:\WINDOWS\system32\SET5EE.tmp
C:\WINDOWS\system32\SET5EA.tmp
C:\WINDOWS\system32\SET5E3.tmp
C:\WINDOWS\system32\SET5E1.tmp
C:\WINDOWS\system32\SET5D8.tmp
C:\WINDOWS\system32\SET5CB.tmp
C:\WINDOWS\system32\SET5B8.tmp
C:\WINDOWS\system32\SET5B3.tmp
C:\WINDOWS\system32\SET5AC.tmp
C:\WINDOWS\system32\SET5A7.tmp
C:\WINDOWS\system32\SET5A5.tmp
C:\WINDOWS\system32\SET586.tmp
C:\WINDOWS\system32\SET57A.tmp
C:\WINDOWS\system32\SET575.tmp
C:\WINDOWS\system32\SET574.tmp
C:\WINDOWS\system32\SET571.tmp
C:\WINDOWS\system32\SET56F.tmp
C:\WINDOWS\system32\SET569.tmp
C:\WINDOWS\system32\SET55C.tmp
C:\WINDOWS\system32\SET55B.tmp
C:\WINDOWS\system32\SET55A.tmp
C:\WINDOWS\system32\SET552.tmp
C:\WINDOWS\system32\SET550.tmp
C:\WINDOWS\system32\SET54C.tmp
C:\WINDOWS\system32\SET54A.tmp
C:\WINDOWS\system32\SET541.tmp
C:\WINDOWS\system32\SET540.tmp
C:\WINDOWS\system32\SET53C.tmp
C:\WINDOWS\system32\SET53B.tmp
C:\WINDOWS\system32\SET53A.tmp
C:\WINDOWS\system32\SET539.tmp
C:\WINDOWS\system32\SET536.tmp
C:\WINDOWS\system32\SET530.tmp
C:\WINDOWS\system32\SET525.tmp
C:\WINDOWS\system32\SET506.tmp
C:\WINDOWS\system32\SET505.tmp
C:\WINDOWS\system32\SET503.tmp
C:\WINDOWS\system32\SET502.tmp
C:\WINDOWS\system32\SET501.tmp
C:\WINDOWS\system32\SET500.tmp
C:\WINDOWS\system32\SET4FB.tmp
C:\WINDOWS\system32\SET4F7.tmp
C:\WINDOWS\system32\SET4F6.tmp
C:\WINDOWS\system32\SET4E1.tmp
C:\WINDOWS\system32\SET4DB.tmp
C:\WINDOWS\system32\SET4D5.tmp
C:\WINDOWS\system32\SET4D1.tmp
C:\WINDOWS\system32\SET1405.tmp
C:\WINDOWS\system32\SET4C8.tmp
C:\WINDOWS\system32\SET4C6.tmp
C:\WINDOWS\system32\SET4BF.tmp
C:\WINDOWS\system32\SET4BB.tmp
C:\WINDOWS\system32\SET4B9.tmp
C:\WINDOWS\system32\SET4AC.tmp
C:\WINDOWS\system32\SET49D.tmp
C:\WINDOWS\system32\SET49C.tmp
C:\WINDOWS\system32\SET49B.tmp
C:\WINDOWS\system32\SET49A.tmp
C:\WINDOWS\system32\SET497.tmp
C:\WINDOWS\system32\SET48A.tmp
C:\WINDOWS\system32\SET487.tmp
C:\WINDOWS\system32\SET485.tmp
C:\WINDOWS\system32\SET481.tmp
C:\WINDOWS\system32\SET47E.tmp
C:\WINDOWS\system32\SET462.tmp
C:\WINDOWS\system32\SET45F.tmp
C:\WINDOWS\system32\SET45D.tmp
C:\WINDOWS\system32\SET452.tmp
C:\WINDOWS\system32\SET451.tmp
C:\WINDOWS\system32\SET450.tmp
C:\WINDOWS\system32\SET13FE.tmp
C:\WINDOWS\system32\SET436.tmp
C:\WINDOWS\system32\SET434.tmp
C:\WINDOWS\system32\SET433.tmp
C:\WINDOWS\system32\SET42D.tmp
C:\WINDOWS\system32\SET42C.tmp
C:\WINDOWS\system32\SET42B.tmp
C:\WINDOWS\system32\SET42A.tmp
C:\WINDOWS\system32\SET426.tmp
C:\WINDOWS\system32\SET424.tmp
C:\WINDOWS\system32\SET423.tmp
C:\WINDOWS\system32\SET421.tmp
C:\WINDOWS\system32\SET13FA.tmp
C:\WINDOWS\system32\SET40A.tmp
C:\WINDOWS\system32\SET407.tmp
C:\WINDOWS\system32\SET404.tmp
C:\WINDOWS\system32\SET3FB.tmp
C:\WINDOWS\system32\SET3F9.tmp
C:\WINDOWS\system32\SET3F5.tmp
C:\WINDOWS\system32\SET13F5.tmp
C:\WINDOWS\system32\SET13F2.tmp
C:\WINDOWS\system32\SET3F2.tmp
C:\WINDOWS\system32\SET3F1.tmp
C:\WINDOWS\system32\_003275_.tmp.dll
C:\WINDOWS\system32\_003274_.tmp.dll
C:\WINDOWS\system32\_003272_.tmp.dll
C:\WINDOWS\system32\_003267_.tmp.dll
C:\WINDOWS\system32\_003266_.tmp.dll
C:\WINDOWS\system32\_003265_.tmp.dll
C:\WINDOWS\system32\_003264_.tmp.dll
C:\WINDOWS\system32\_003263_.tmp.dll
C:\WINDOWS\system32\_003260_.tmp.dll
C:\WINDOWS\system32\_003259_.tmp.dll
C:\WINDOWS\system32\_003258_.tmp.dll
C:\WINDOWS\system32\_003257_.tmp.dll
C:\WINDOWS\system32\_003255_.tmp.dll
C:\WINDOWS\system32\_003252_.tmp.dll
C:\WINDOWS\system32\_003250_.tmp.dll
C:\WINDOWS\system32\_003249_.tmp.dll
C:\WINDOWS\system32\_003245_.tmp.dll
C:\WINDOWS\system32\_003244_.tmp.dll
C:\WINDOWS\system32\_003243_.tmp.dll
2C:\WINDOWS\system32\_003240_.tmp.dll
C:\WINDOWS\system32\_003237_.tmp.dll
C:\WINDOWS\system32\_003236_.tmp.dll
C:\WINDOWS\system32\_003235_.tmp.dll
C:\WINDOWS\system32\_003228_.tmp.dll
C:\WINDOWS\system32\_003223_.tmp.dll
C:\WINDOWS\system32\_003218_.tmp.dll
C:\WINDOWS\system32\_003215_.tmp.dll
C:\WINDOWS\system32\_003213_.tmp.dll
C:\WINDOWS\system32\_003209_.tmp.dll
C:\WINDOWS\system32\_003207_.tmp.dll
C:\WINDOWS\system32\_003173_.tmp.dll
C:\WINDOWS\system32\_003172_.tmp.dll
C:\WINDOWS\system32\_003171_.tmp.dll
C:\WINDOWS\system32\_003165_.tmp.dll

:commands
[emptytemp]
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste into notepad. Save as OTMoveIt3.txt and to your desktop.

Post the contents in your next reply.

Close OTMoveIt3

If OTMoveIt3 asks you to reboot, please do so after saving the OTMoveIt3.txt.

=========

Download Malwarebytes ' Anti-Malware from Here or Here Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved byOTMoveIt3 and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


========

Run RSIT again.

=========
Logs Required
OTMoveIt3.txt
MBAM.txt
log.txt
TheBruce1 is offline  
Old 11-14-2008, 04:35 PM   #20
Guest
 
Join Date: Nov 2008
Posts: 30
OS:



Ok Bruce....a strange thing just hapened.

I ran that moveit program as you said and the results came up on the RHS stating..."....job moved successfully" for everything that was in the log.
however, when i went to copy the results, the program disapperaed off the screen and shut down !!! I ran it again and of course, there was nothing to move now.

I managed to get a log of the second run...even though its probably no good to you here it is.

========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Local Page"|"C:\WINDOWS\system32\blank.htm" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33107fe9-e799-49ce-a747-8d04d428adec}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rizozoribo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\845f2c22 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CPM876c1fbe deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler\\STS not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"notification packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\leborivo.dll not found.
File/Folder C:\WINDOWS\system32\yekugebe.dll not found.
File/Folder C:\WINDOWS\system32\mogiwate.dll not found.
File/Folder c:\windows\system32\vomotuzi.dll not found.
File/Folder C:\WINDOWS\system32\dagitufa.dll not found.
File/Folder C:\WINDOWS\system32\jumobiva.exe not found.
File/Folder C:\WINDOWS\system32\w3a5i5uh.exe.a_a not found.
File/Folder C:\WINDOWS\system32\esumajit.ini not found.
File/Folder C:\WINDOWS\system32\asuzarot.ini not found.
File/Folder C:\WINDOWS\system32\oyozonav.ini not found.
File/Folder C:\WINDOWS\system32\izepojak.ini not found.
File/Folder C:\WINDOWS\system32\uwozedop.ini not found.
File/Folder C:\WINDOWS\system32\uzigufan.ini not found.
File/Folder C:\WINDOWS\system32\avituvut.ini not found.
File/Folder C:\WINDOWS\system32\atilideg.ini not found.
File/Folder C:\WINDOWS\system32\ayofugul.ini not found.
File/Folder C:\Documents and Settings\Ken & Caroline\Application Data\AdwareAlert not found.
File/Folder C:\WINDOWS\system32\4iSOK8ua.exe.a_a not found.
File/Folder C:\WINDOWS\system32\4iSOK8ua.exe not found.
File/Folder C:\WINDOWS\tasks\At1.job not found.
File/Folder C:\WINDOWS\tasks\At10.job not found.
File/Folder C:\WINDOWS\tasks\At11.job not found.
File/Folder C:\WINDOWS\tasks\At12.job not found.
File/Folder C:\WINDOWS\tasks\At13.job not found.
File/Folder C:\WINDOWS\tasks\At14.job not found.
File/Folder C:\WINDOWS\tasks\At15.job not found.
File/Folder C:\WINDOWS\tasks\At16.job not found.
File/Folder C:\WINDOWS\tasks\At17.job not found.
File/Folder C:\WINDOWS\tasks\At18.job not found.
File/Folder C:\WINDOWS\tasks\At19.job not found.
File/Folder C:\WINDOWS\tasks\At2.job not found.
File/Folder C:\WINDOWS\tasks\At20.job not found.
File/Folder C:\WINDOWS\tasks\At21.job not found.
File/Folder C:\WINDOWS\tasks\At22.job not found.
File/Folder C:\WINDOWS\tasks\At23.job not found.
File/Folder C:\WINDOWS\tasks\At24.job not found.
File/Folder C:\WINDOWS\tasks\At25.job not found.
File/Folder C:\WINDOWS\tasks\At26.job not found.
File/Folder C:\WINDOWS\tasks\At27.job not found.
File/Folder C:\WINDOWS\tasks\At28.job not found.
File/Folder C:\WINDOWS\tasks\At29.job not found.
File/Folder C:\WINDOWS\tasks\At3.job not found.
File/Folder C:\WINDOWS\tasks\At30.job not found.
File/Folder C:\WINDOWS\tasks\At31.job not found.
File/Folder C:\WINDOWS\tasks\At32.job not found.
File/Folder C:\WINDOWS\tasks\At33.job not found.
File/Folder C:\WINDOWS\tasks\At34.job not found.
File/Folder C:\WINDOWS\tasks\At35.job not found.
File/Folder C:\WINDOWS\tasks\At36.job not found.
File/Folder C:\WINDOWS\tasks\At37.job not found.
File/Folder C:\WINDOWS\tasks\At38.job not found.
File/Folder C:\WINDOWS\tasks\At39.job not found.
File/Folder C:\WINDOWS\tasks\At4.job not found.
File/Folder C:\WINDOWS\tasks\At40.job not found.
File/Folder C:\WINDOWS\tasks\At41.job not found.
File/Folder C:\WINDOWS\tasks\At42.job not found.
File/Folder C:\WINDOWS\tasks\At43.job not found.
File/Folder C:\WINDOWS\tasks\At44.job not found.
File/Folder C:\WINDOWS\tasks\At45.job not found.
File/Folder C:\WINDOWS\tasks\At46.job not found.
File/Folder C:\WINDOWS\tasks\At47.job not found.
File/Folder C:\WINDOWS\tasks\At48.job not found.
File/Folder C:\WINDOWS\tasks\At5.job not found.
File/Folder C:\WINDOWS\tasks\At6.job not found.
File/Folder C:\WINDOWS\tasks\At7.job not found.
File/Folder C:\WINDOWS\tasks\At8.job not found.
File/Folder C:\WINDOWS\tasks\At9.job not found.
File/Folder C:\WINDOWS\system32\SET84F.tmp not found.
File/Folder C:\WINDOWS\system32\SET84B.tmp not found.
File/Folder C:\WINDOWS\system32\SET847.tmp not found.
File/Folder C:\WINDOWS\system32\SET844.tmp not found.
File/Folder C:\WINDOWS\system32\SET83F.tmp not found.
File/Folder C:\WINDOWS\system32\SET83D.tmp not found.
File/Folder C:\WINDOWS\system32\SET83A.tmp not found.
File/Folder C:\WINDOWS\system32\SET839.tmp not found.
File/Folder C:\WINDOWS\system32\SET835.tmp not found.
File/Folder C:\WINDOWS\system32\SET834.tmp not found.
File/Folder C:\WINDOWS\system32\SET831.tmp not found.
File/Folder C:\WINDOWS\system32\SET830.tmp not found.
File/Folder C:\WINDOWS\system32\SET82F.tmp not found.
File/Folder C:\WINDOWS\system32\SET1479.tmp not found.
File/Folder C:\WINDOWS\system32\SET1478.tmp not found.
File/Folder C:\WINDOWS\system32\SET82D.tmp not found.
File/Folder C:\WINDOWS\system32\SET829.tmp not found.
File/Folder C:\WINDOWS\system32\SET827.tmp not found.
File/Folder C:\WINDOWS\system32\SET824.tmp not found.
File/Folder C:\WINDOWS\system32\SET821.tmp not found.
File/Folder C:\WINDOWS\system32\SET81C.tmp not found.
File/Folder C:\WINDOWS\system32\SET815.tmp not found.
File/Folder C:\WINDOWS\system32\SET80D.tmp not found.
File/Folder C:\WINDOWS\system32\SET80C.tmp not found.
File/Folder C:\WINDOWS\system32\SET807.tmp not found.
File/Folder C:\WINDOWS\system32\SET805.tmp not found.
File/Folder C:\WINDOWS\system32\SET802.tmp not found.
File/Folder C:\WINDOWS\system32\SET800.tmp not found.
File/Folder C:\WINDOWS\system32\SET7FF.tmp not found.
File/Folder C:\WINDOWS\system32\SET7FD.tmp not found.
File/Folder C:\WINDOWS\system32\SET7FB.tmp not found.
File/Folder C:\WINDOWS\system32\SET7FA.tmp not found.
File/Folder C:\WINDOWS\system32\SET7F9.tmp not found.
File/Folder C:\WINDOWS\system32\SET7F8.tmp not found.
File/Folder C:\WINDOWS\system32\SET7F6.tmp not found.
File/Folder C:\WINDOWS\system32\SET7F5.tmp not found.
File/Folder C:\WINDOWS\system32\SET7F4.tmp not found.
File/Folder C:\WINDOWS\system32\SET7ED.tmp not found.
File/Folder C:\WINDOWS\system32\SET7EB.tmp not found.
File/Folder C:\WINDOWS\system32\SET7E6.tmp not found.
File/Folder C:\WINDOWS\system32\SET7E3.tmp not found.
File/Folder C:\WINDOWS\system32\SET7C1.tmp not found.
File/Folder C:\WINDOWS\system32\SET7C0.tmp not found.
File/Folder C:\WINDOWS\system32\SET7AE.tmp not found.
File/Folder C:\WINDOWS\system32\SET7A8.tmp not found.
File/Folder C:\WINDOWS\system32\SET7A3.tmp not found.
File/Folder C:\WINDOWS\system32\SET79F.tmp not found.
File/Folder C:\WINDOWS\system32\SET797.tmp not found.
File/Folder C:\WINDOWS\system32\SET796.tmp not found.
File/Folder C:\WINDOWS\system32\SET795.tmp not found.
File/Folder C:\WINDOWS\system32\SET792.tmp not found.
File/Folder C:\WINDOWS\system32\SET1456.tmp not found.
File/Folder C:\WINDOWS\SET876.tmp not found.
File/Folder C:\WINDOWS\002721_.tmp not found.
File/Folder C:\WINDOWS\system32\SET77D.tmp not found.
File/Folder C:\WINDOWS\system32\SET771.tmp not found.
File/Folder C:\WINDOWS\system32\SET76F.tmp not found.
File/Folder C:\WINDOWS\system32\SET76A.tmp not found.
File/Folder C:\WINDOWS\system32\SET760.tmp not found.
File/Folder C:\WINDOWS\system32\SET75C.tmp not found.
File/Folder C:\WINDOWS\system32\SET755.tmp not found.
File/Folder C:\WINDOWS\system32\SET754.tmp not found.
File/Folder C:\WINDOWS\system32\SET753.tmp not found.
File/Folder C:\WINDOWS\system32\SET74F.tmp not found.
File/Folder C:\WINDOWS\system32\SET144F.tmp not found.
File/Folder C:\WINDOWS\system32\SET746.tmp not found.
File/Folder C:\WINDOWS\system32\SET72D.tmp not found.
File/Folder C:\WINDOWS\system32\SET727.tmp not found.
File/Folder C:\WINDOWS\system32\SET721.tmp not found.
File/Folder C:\WINDOWS\system32\SET71F.tmp not found.
File/Folder C:\WINDOWS\system32\SET71D.tmp not found.
File/Folder C:\WINDOWS\system32\SET719.tmp not found.
File/Folder C:\WINDOWS\system32\SET707.tmp not found.
File/Folder C:\WINDOWS\system32\SET703.tmp not found.
File/Folder C:\WINDOWS\system32\SET700.tmp not found.
File/Folder C:\WINDOWS\system32\SET6FD.tmp not found.
File/Folder C:\WINDOWS\system32\SET6FB.tmp not found.
File/Folder C:\WINDOWS\system32\SET6F4.tmp not found.
File/Folder C:\WINDOWS\system32\SET6EA.tmp not found.
File/Folder C:\WINDOWS\system32\SET6E5.tmp not found.
File/Folder C:\WINDOWS\system32\SET6E3.tmp not found.
File/Folder C:\WINDOWS\system32\SET6E0.tmp not found.
File/Folder C:\WINDOWS\system32\SET6D1.tmp not found.
File/Folder C:\WINDOWS\system32\SET6CB.tmp not found.
File/Folder C:\WINDOWS\system32\SET6C9.tmp not found.
File/Folder C:\WINDOWS\system32\SET6C7.tmp not found.
File/Folder C:\WINDOWS\system32\SET6C0.tmp not found.
File/Folder C:\WINDOWS\system32\SET6BD.tmp not found.
File/Folder C:\WINDOWS\system32\SET6BB.tmp not found.
File/Folder C:\WINDOWS\system32\SET6BA.tmp not found.
File/Folder C:\WINDOWS\system32\SET6B9.tmp not found.
File/Folder C:\WINDOWS\system32\SET6B6.tmp not found.
File/Folder C:\WINDOWS\system32\SET142C.tmp not found.
File/Folder C:\WINDOWS\system32\SET6A7.tmp not found.
File/Folder C:\WINDOWS\system32\SET6A3.tmp not found.
File/Folder C:\WINDOWS\system32\SET6A1.tmp not found.
File/Folder C:\WINDOWS\system32\SET69F.tmp not found.
File/Folder C:\WINDOWS\system32\SET69E.tmp not found.
File/Folder C:\WINDOWS\system32\SET69D.tmp not found.
File/Folder C:\WINDOWS\system32\SET69C.tmp not found.
File/Folder C:\WINDOWS\system32\SET69A.tmp not found.
File/Folder C:\WINDOWS\system32\SET693.tmp not found.
File/Folder C:\WINDOWS\system32\SET691.tmp not found.
File/Folder C:\WINDOWS\system32\SET68F.tmp not found.
File/Folder C:\WINDOWS\system32\SET68E.tmp not found.
File/Folder C:\WINDOWS\system32\SET685.tmp not found.
File/Folder C:\WINDOWS\system32\SET683.tmp not found.
File/Folder C:\WINDOWS\system32\SET680.tmp not found.
File/Folder C:\WINDOWS\system32\SET67F.tmp not found.
File/Folder C:\WINDOWS\system32\SET67D.tmp not found.
File/Folder C:\WINDOWS\system32\SET679.tmp not found.
File/Folder C:\WINDOWS\system32\SET676.tmp not found.
File/Folder C:\WINDOWS\system32\SET674.tmp not found.
File/Folder C:\WINDOWS\system32\SET66D.tmp not found.
File/Folder C:\WINDOWS\system32\SET669.tmp not found.
File/Folder C:\WINDOWS\system32\SET667.tmp not found.
File/Folder C:\WINDOWS\system32\SET664.tmp not found.
File/Folder C:\WINDOWS\system32\SET660.tmp not found.
File/Folder C:\WINDOWS\system32\SET65F.tmp not found.
File/Folder C:\WINDOWS\system32\SET65C.tmp not found.
File/Folder C:\WINDOWS\system32\SET65B.tmp not found.
File/Folder C:\WINDOWS\system32\SET658.tmp not found.
File/Folder C:\WINDOWS\system32\SET653.tmp not found.
File/Folder C:\WINDOWS\system32\SET650.tmp not found.
File/Folder C:\WINDOWS\system32\SET64F.tmp not found.
File/Folder C:\WINDOWS\system32\SET64E.tmp not found.
File/Folder C:\WINDOWS\system32\SET649.tmp not found.
File/Folder C:\WINDOWS\system32\SET648.tmp not found.
File/Folder C:\WINDOWS\system32\SET647.tmp not found.
File/Folder C:\WINDOWS\system32\SET641.tmp not found.
File/Folder C:\WINDOWS\system32\SET63B.tmp not found.
File/Folder C:\WINDOWS\system32\SET639.tmp not found.
File/Folder C:\WINDOWS\system32\SET637.tmp not found.
File/Folder C:\WINDOWS\system32\SET635.tmp not found.
File/Folder C:\WINDOWS\system32\SET62F.tmp not found.
File/Folder C:\WINDOWS\system32\SET62E.tmp not found.
File/Folder C:\WINDOWS\system32\SET62D.tmp not found.
File/Folder C:\WINDOWS\system32\SET62B.tmp not found.
File/Folder C:\WINDOWS\system32\SET62A.tmp not found.
File/Folder C:\WINDOWS\system32\SET629.tmp not found.
File/Folder C:\WINDOWS\system32\SET628.tmp not found.
File/Folder C:\WINDOWS\system32\SET627.tmp not found.
File/Folder C:\WINDOWS\system32\SET622.tmp not found.
File/Folder C:\WINDOWS\system32\SET620.tmp not found.
File/Folder C:\WINDOWS\system32\SET612.tmp not found.
File/Folder C:\WINDOWS\system32\SET60F.tmp not found.
File/Folder C:\WINDOWS\system32\SET60C.tmp not found.
File/Folder C:\WINDOWS\system32\SET601.tmp not found.
File/Folder C:\WINDOWS\system32\SET5FB.tmp not found.
File/Folder C:\WINDOWS\system32\SET5F9.tmp not found.
File/Folder C:\WINDOWS\system32\SET5F4.tmp not found.
File/Folder C:\WINDOWS\system32\SET5EE.tmp not found.
File/Folder C:\WINDOWS\system32\SET5EA.tmp not found.
File/Folder C:\WINDOWS\system32\SET5E3.tmp not found.
File/Folder C:\WINDOWS\system32\SET5E1.tmp not found.
File/Folder C:\WINDOWS\system32\SET5D8.tmp not found.
File/Folder C:\WINDOWS\system32\SET5CB.tmp not found.
File/Folder C:\WINDOWS\system32\SET5B8.tmp not found.
File/Folder C:\WINDOWS\system32\SET5B3.tmp not found.
File/Folder C:\WINDOWS\system32\SET5AC.tmp not found.
File/Folder C:\WINDOWS\system32\SET5A7.tmp not found.
File/Folder C:\WINDOWS\system32\SET5A5.tmp not found.
File/Folder C:\WINDOWS\system32\SET586.tmp not found.
File/Folder C:\WINDOWS\system32\SET57A.tmp not found.
File/Folder C:\WINDOWS\system32\SET575.tmp not found.
File/Folder C:\WINDOWS\system32\SET574.tmp not found.
File/Folder C:\WINDOWS\system32\SET571.tmp not found.
File/Folder C:\WINDOWS\system32\SET56F.tmp not found.
File/Folder C:\WINDOWS\system32\SET569.tmp not found.
File/Folder C:\WINDOWS\system32\SET55C.tmp not found.
File/Folder C:\WINDOWS\system32\SET55B.tmp not found.
File/Folder C:\WINDOWS\system32\SET55A.tmp not found.
File/Folder C:\WINDOWS\system32\SET552.tmp not found.
File/Folder C:\WINDOWS\system32\SET550.tmp not found.
File/Folder C:\WINDOWS\system32\SET54C.tmp not found.
File/Folder C:\WINDOWS\system32\SET54A.tmp not found.
File/Folder C:\WINDOWS\system32\SET541.tmp not found.
File/Folder C:\WINDOWS\system32\SET540.tmp not found.
File/Folder C:\WINDOWS\system32\SET53C.tmp not found.
File/Folder C:\WINDOWS\system32\SET53B.tmp not found.
File/Folder C:\WINDOWS\system32\SET53A.tmp not found.
File/Folder C:\WINDOWS\system32\SET539.tmp not found.
File/Folder C:\WINDOWS\system32\SET536.tmp not found.
File/Folder C:\WINDOWS\system32\SET530.tmp not found.
File/Folder C:\WINDOWS\system32\SET525.tmp not found.
File/Folder C:\WINDOWS\system32\SET506.tmp not found.
File/Folder C:\WINDOWS\system32\SET505.tmp not found.
File/Folder C:\WINDOWS\system32\SET503.tmp not found.
File/Folder C:\WINDOWS\system32\SET502.tmp not found.
File/Folder C:\WINDOWS\system32\SET501.tmp not found.
File/Folder C:\WINDOWS\system32\SET500.tmp not found.
File/Folder C:\WINDOWS\system32\SET4FB.tmp not found.
File/Folder C:\WINDOWS\system32\SET4F7.tmp not found.
File/Folder C:\WINDOWS\system32\SET4F6.tmp not found.
File/Folder C:\WINDOWS\system32\SET4E1.tmp not found.
File/Folder C:\WINDOWS\system32\SET4DB.tmp not found.
File/Folder C:\WINDOWS\system32\SET4D5.tmp not found.
File/Folder C:\WINDOWS\system32\SET4D1.tmp not found.
File/Folder C:\WINDOWS\system32\SET1405.tmp not found.
File/Folder C:\WINDOWS\system32\SET4C8.tmp not found.
File/Folder C:\WINDOWS\system32\SET4C6.tmp not found.
File/Folder C:\WINDOWS\system32\SET4BF.tmp not found.
File/Folder C:\WINDOWS\system32\SET4BB.tmp not found.
File/Folder C:\WINDOWS\system32\SET4B9.tmp not found.
File/Folder C:\WINDOWS\system32\SET4AC.tmp not found.
File/Folder C:\WINDOWS\system32\SET49D.tmp not found.
File/Folder C:\WINDOWS\system32\SET49C.tmp not found.
File/Folder C:\WINDOWS\system32\SET49B.tmp not found.
File/Folder C:\WINDOWS\system32\SET49A.tmp not found.
File/Folder C:\WINDOWS\system32\SET497.tmp not found.
File/Folder C:\WINDOWS\system32\SET48A.tmp not found.
File/Folder C:\WINDOWS\system32\SET487.tmp not found.
File/Folder C:\WINDOWS\system32\SET485.tmp not found.
File/Folder C:\WINDOWS\system32\SET481.tmp not found.
File/Folder C:\WINDOWS\system32\SET47E.tmp not found.
File/Folder C:\WINDOWS\system32\SET462.tmp not found.
File/Folder C:\WINDOWS\system32\SET45F.tmp not found.
File/Folder C:\WINDOWS\system32\SET45D.tmp not found.
File/Folder C:\WINDOWS\system32\SET452.tmp not found.
File/Folder C:\WINDOWS\system32\SET451.tmp not found.
File/Folder C:\WINDOWS\system32\SET450.tmp not found.
File/Folder C:\WINDOWS\system32\SET13FE.tmp not found.
File/Folder C:\WINDOWS\system32\SET436.tmp not found.
File/Folder C:\WINDOWS\system32\SET434.tmp not found.
File/Folder C:\WINDOWS\system32\SET433.tmp not found.
File/Folder C:\WINDOWS\system32\SET42D.tmp not found.
File/Folder C:\WINDOWS\system32\SET42C.tmp not found.
File/Folder C:\WINDOWS\system32\SET42B.tmp not found.
File/Folder C:\WINDOWS\system32\SET42A.tmp not found.
File/Folder C:\WINDOWS\system32\SET426.tmp not found.
File/Folder C:\WINDOWS\system32\SET424.tmp not found.
File/Folder C:\WINDOWS\system32\SET423.tmp not found.
File/Folder C:\WINDOWS\system32\SET421.tmp not found.
File/Folder C:\WINDOWS\system32\SET13FA.tmp not found.
File/Folder C:\WINDOWS\system32\SET40A.tmp not found.
File/Folder C:\WINDOWS\system32\SET407.tmp not found.
File/Folder C:\WINDOWS\system32\SET404.tmp not found.
File/Folder C:\WINDOWS\system32\SET3FB.tmp not found.
File/Folder C:\WINDOWS\system32\SET3F9.tmp not found.
File/Folder C:\WINDOWS\system32\SET3F5.tmp not found.
File/Folder C:\WINDOWS\system32\SET13F5.tmp not found.
File/Folder C:\WINDOWS\system32\SET13F2.tmp not found.
File/Folder C:\WINDOWS\system32\SET3F2.tmp not found.
File/Folder C:\WINDOWS\system32\SET3F1.tmp not found.
File/Folder C:\WINDOWS\system32\_003275_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003274_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003272_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003267_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003266_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003265_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003264_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003263_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003260_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003259_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003258_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003257_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003255_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003252_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003250_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003249_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003245_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003244_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003243_.tmp.dll not found.
File/Folder 2C:\WINDOWS\system32\_003240_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003237_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003236_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003235_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003228_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003223_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003218_.tmp.dll not found.
File/Folder C:\WINDOWS\system32\_003215_.tmp.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_003213_.tmp.dll
C:\WINDOWS\system32\_003213_.tmp.dll NOT unregistered.
C:\WINDOWS\system32\_003213_.tmp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_003209_.tmp.dll
C:\WINDOWS\system32\_003209_.tmp.dll NOT unregistered.
C:\WINDOWS\system32\_003209_.tmp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_003207_.tmp.dll
C:\WINDOWS\system32\_003207_.tmp.dll NOT unregistered.
C:\WINDOWS\system32\_003207_.tmp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_003173_.tmp.dll
C:\WINDOWS\system32\_003173_.tmp.dll NOT unregistered.
C:\WINDOWS\system32\_003173_.tmp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_003172_.tmp.dll
C:\WINDOWS\system32\_003172_.tmp.dll NOT unregistered.
C:\WINDOWS\system32\_003172_.tmp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_003171_.tmp.dll
C:\WINDOWS\system32\_003171_.tmp.dll NOT unregistered.
C:\WINDOWS\system32\_003171_.tmp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_003165_.tmp.dll
C:\WINDOWS\system32\_003165_.tmp.dll NOT unregistered.
C:\WINDOWS\system32\_003165_.tmp.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\KEN&CA~1\LOCALS~1\Temp\etilqs_8BNFXfc4ggrRBaVIivoo scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7dc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Ken & Caroline\Local Settings\Application Data\Mozilla\Firefox\Profiles\rxzako8c.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ken & Caroline\Local Settings\Application Data\Mozilla\Firefox\Profiles\rxzako8c.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ken & Caroline\Local Settings\Application Data\Mozilla\Firefox\Profiles\rxzako8c.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ken & Caroline\Local Settings\Application Data\Mozilla\Firefox\Profiles\rxzako8c.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ken & Caroline\Local Settings\Application Data\Mozilla\Firefox\Profiles\rxzako8c.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ken & Caroline\Local Settings\Application Data\Mozilla\Firefox\Profiles\rxzako8c.default\urlclassifier3.sqlite-journal scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ken & Caroline\Local Settings\Application Data\Mozilla\Firefox\Profiles\rxzako8c.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11152008_003016
KennyLegend is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 04:51 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts